Product Security and Telecommunications Infrastructure Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Lord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
Product Security and Telecommunications Infrastructure Bill
Lord Fox ExcerptsMonday 6th June 2022
(1 year, 10 months ago)
Lords ChamberRead Full debate Product Security and Telecommunications Infrastructure Act 2022 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Consideration of Bill Amendments as at 25 May 2022 - (25 May 2022)
Lord Fox (LD)
My Lords, the Product Security and Telecommunications Infrastructure Bill is another snappy portmanteau Bill from this department—or perhaps I should say, in sporting parlance and in deference to the department, it is legislation in two halves. As we heard from the Minister, it is the second half that has attracted most attention in the Commons and, frankly, from the various lobbying organisations—and it is easy to understand why. Bringing connectivity to a reasonable level across everywhere in the United Kingdom is an aim I am sure all noble Lords share in this House, as do all the MPs at the other end. However, as the Minister alluded to, there are balances that need to be brought into play when we bring this objective forward.
I shall start with the first part of the Bill, the security bit. As the Minister outlined, it is designed to enable us to face up not just to the present but to the internet of things or the network of everything, safe in the knowledge that our appliances are safe from hacking. It is not a future problem, as the Minister outlined: it is with us here and now. The consumer organisation Which? very clearly brought this to bear. It tested a range of devices, from baby monitors to smart speakers, with its ethical hackers and found 37 vulnerabilities with those test devices, including at least a dozen rated as “very high risk” and one as “critical”.
At the heart of this problem is that some of these products may have had inadequate security against threats in the first place, or that they have not been effectively upgraded by the manufacturer during the life of the product, which is why they are at risk of being hacked, as the Minister well knows. The Bill is supposed to make provision to enable the Government, via regulations, to require manufacturers, importers and distributors to make sure that their consumer-connectible products meet some minimum standard of cyber requirement before they are placed on the market. This is the problem that I face with the Bill: the majority of this part of it will come through secondary legislation, so it is hard to see at this point the Government’s objective for consumer rights.
I have looked through the Bill—I have tried very hard—and neither the Long Title nor the text of the Bill sets out what a consumer might reasonably expect from consumer-connectible products in their house. What might they be able to expect through the life of that product in terms of security and hacking? Assuming that there is no such thing as absolute security, following the implementation of the Bill and all its, as yet, unseen statutory instruments, what level of security should the UK consumer reasonably expect for their household, and what is their recourse in the event that that is not met?
The Government’s response appears to be a sort of micromanaging process—for example, as the Minister set out, mandating password protocols. The Government are, in essence, pitching the ingenuity of the department and the support that the department gets against the ingenuity of the criminals and hackers and, to a large extent, micromanaging how those device manufacturers respond to that threat. In a sense, that absolves them of being the innovators; it absolves the manufacturers of responsibility for delivering a security rather than meeting a requirement set out in a statutory instrument. In short, they will need only to follow the letter of the process that the department comes up with through its statutory instrument rather than deliver a level of security. In the view of this Bench, there ought to be a minimum standard of security that consumers can expect. From our perspective, we are looking at the wrong end of the telescope with this legislation. At the very least, there should be an up-front clause that sets out what that minimum expectation should be. Then, rather than micromanaging it, it would be up to the supply chain to deliver security, which would be a legal expectation.
That takes us to the subject of policing. Assuming that the Bill stays as it is, I am interested in Chapter 3, on enforcement. Once again, the meat of this provision awaits secondary legislation. The Secretary of State is responsible for enforcement, but it is not clear to me how she will do it. Perhaps the unit will do this and perhaps a new unit will be set up in the department. Could the Minister explain how enforcement will be managed in light of the 20% reduction in departmental head count being enforced on all departments by the Chancellor of the Exchequer? There will be 20% fewer people to do, yet again, a bigger job. Unless the Minister can set out a plan for enforcement, it is safe to assume that consumers in fact will not be safer when the Act comes into play.
Turning to the infrastructure part, as the Minister said, the Government’s commitment is for there to be a minimum of 85% gigabit-capable broadband by 2025. The Levelling Up White Paper of course talks about maximum coverage later on. The Minister talked about there being 100% coverage as soon as possible. What does that mean in reality—or does it mean nothing? The Minister also spoke about a majority of the country having 5G by, I think, 2027. Does that mean 51% or a larger number? There are lots of parts of the country still chasing 4G, never mind 5G. Can the Minister use this Second Reading to update us further about—and perhaps set out in writing—where the country is in implementing both gigabit and 5G across the whole country, rather than use a percentage? To give a percentage of users is slightly misleading because there are less well-populated areas where users remain very much underserviced. I also ask the Minister to update your Lordships’ House on progress in eliminating Huawei hardware from the 5G network. We are interested to know where that is going and when it might be achieved.
As I expected, the Minister portrayed this legislation as a vital piece in meeting the installation target but, before we get to that, can he tell us how the other pieces are going? As I have said, my recent travels to Devon, Cornwall and my home county of Herefordshire indicate that network coverage remains poor at best and is sometimes not there at all. Given that these are some of the more rural parts of the United Kingdom, I take that to be the standard that most rural communities are surviving through. What extra is being done to get better coverage in these places, rather than focusing on the big numbers—the big conurbations, cities and towns? To date, the evidence suggests that this is not successful. It seems to me that the issues in the Bill are not the issues preventing this happening.
The Bill is about access—I think the Minister was a Whip at the time of the last pass on this. Somewhere in the dog days between two of the Covid lockdowns, my noble friend Lord Clement-Jones and I were climbing through the niceties of multiple-occupancy access and wayleaves in the then Telecommunications Infrastructure (Leasehold Property) Bill—another of the Minister’s snappy Bills. Perhaps this should be the starting point. The Minister mentioned it today but, taking that previous Bill as a template, when it comes to access, what worked and what did not work? I get a sense that access is piece of string that the telecoms operators will keep on pulling for ever, so what has sparked this new Bill, and what did not work under the previous ones? Their briefings seek to raise this as a key issue, but is that really the case? Is the lack of access that I described earlier the overwhelming impediment to the rate of installation, or is it something else? Is it perhaps the rate of investment, the skills available or the capacity to do so many projects overall? I suggest that all three are key elements in the rate at which the installation we need is happening. Can the Minister balance those issues with the issue of access, which is the only issue being addressed in the Bill?
Changing access regulations is also an opportunity to drive down costs. If they are being passed on to consumers, that is no bad thing—but are they? Speed Up Britain, a cross-industry organisation, is campaigning for the Government to close the loopholes—very much in the way that they are—and points to benefits. Other campaigners highlight a potentially catastrophic drop in income faced by local community organisations and local authorities in the rent-to-host infrastructure, such as mast licences, which was caused by the last Bill and will be further enshrined by this Bill; those campaigners estimate up to a 90% drop in income. In a meeting, the department puts the fall at around 60% to 65%. Either way, this is a big fall in income for, say, a local football club.
So who is benefitting from the drop in operational costs? Many of the mobile towers are now owned and operated by towercos which sit between the landowners and the telcos. I suspect that changes in the use of shared apparatus, as heralded by this Bill, will drive more of that intermediate role for towercos or similar. Are these towercos passing the savings through? To date, I think it is very hard to see that consumers have seen any benefit from that fall in cost.
The other delicate balance that has to be weighed carefully is the role of BT Openreach and the need to foster genuine competitivity across the sector, rather than having a collection of niche operators and a 500-pound gorilla. Can the Minister please tell your Lordships’ House how the market for full-fibre and gigabit-capable broadband is currently split, and what analysis his department has of how that will be affected or otherwise by this Bill? There is a possibility that the nature of the changes proposed in the Bill will disproportionately benefit the dominant player in the market, so that analysis will be very important.
As we have said, there are two parts to the Bill: there is a serious danger that the second half activates a series of unintended consequences, while I fear that the principal danger in the first half is that it has very little consequence at all. We look forward to working with the Minister on improving the Bill in Committee.
Lord Parkinson of Whitley Bay (Con)
The noble Lord is eager to hear answers to questions to which I may yet turn; on some of them I will write. Work has been done to identify the regulator, but it would not be right to refer to that person at this stage and ahead of Royal Assent. I will write to the noble Lord on the other points he mentioned. I talked just now about our approach, through secondary legislation, to future-proofing and the reasons for not setting out the first three principles in the Bill. We have set out what those standards will be up front.
My noble friend Lord Holmes of Richmond spoke about the important issue of digital inclusion and skills. We run programmes to give young people the opportunity to learn digital skills and to improve their cybersecurity. More than 100,000 young people have participated in these programmes. We have expanded that with a new online training platform, Cyber Explorers, which aims to engage 30,000 young people, and DCMS funded the creation of the UK Cyber Security Council to create professional standards and pathways for cybersecurity.
The noble Lord, Lord Fox, asked about Huawei equipment in our infrastructure. The Government have undertaken a consultation with the industry on the designation of Huawei as a high-risk vendor and proposed directions relating to Huawei goods and services. The responses we receive will inform any final post-consultation decision on whether to issue the designation notice and direction. The Government have also undertaken a public consultation on a set of draft electronic communications security measures regulations and a draft code of practice, the outcome of which will be published in due course.
Lord Fox (LD)
It was the “in due course” bit that I was interested in. In other words, what is “in due course” in this case—months, weeks, days, years?
Lord Parkinson of Whitley Bay (Con)
I am afraid I am not able to elaborate further than “in due course” at this point, but if I am able to before Committee I will come back with more particulars. The final regulations and code of practice will be laid in Parliament later this year using the negative procedure, as required by the Telecommunications (Security) Act.
The noble Baroness, Lady Merron, asked about the knock-on effect of telecoms operators’ reduced rental payments on the funding of community organisations. It is important to note that the funding for such organisations should not be reliant on telecommunications. There are many funding streams, not least from the Government, to support them and their important work. The National Lottery Community Fund is the largest non-government funder of community activity in the UK and one of the largest arm’s-length bodies that DCMS sponsors. Officials at the department work closely with the National Lottery Community Fund to ensure that it continues to support the evolving needs of civil society organisations. Over the last five years, the fund has distributed £3.4 billion.
The noble Baroness talked particularly about sports clubs. The Government very much agree that sports and physical activity are critical for our mental and physical health, which is why we provided an unprecedented £1 billion of financial support to sport and leisure organisations during the pandemic. We will ensure that community groups continue to get the support they need.
I shall write to the noble Lord, Lord Clement-Jones, on the points that he highlighted that I have not addressed today. I would, of course, be very happy to speak to any noble Lords who would like to talk about any of the issues in the Bill in further detail. I am very grateful to my noble friend Lord Hunt of Wirral and to the noble Baroness, Lady Merron, and the noble Lord, Lord Bassam of Brighton, as well as the noble Lords, Lord Fox and Lord Clement-Jones, for the engagement that we have had in detail already. I would be more than happy to hold further discussions and talk in greater detail between now and Committee.
My noble friend Lady McIntosh of Pickering offered to furnish me with the details of some of the unused masts in North Yorkshire, and I would be very glad to receive them and take them forward to discuss with officials.
Product Security and Telecommunications Infrastructure Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Lord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
Product Security and Telecommunications Infrastructure Bill
Lord Fox ExcerptsTuesday 21st June 2022
(1 year, 10 months ago)
Lords ChamberRead Full debate Product Security and Telecommunications Infrastructure Act 2022 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 16-I(a) Amendment for Committee (Supplementary to the Marshalled List) - (20 Jun 2022)
“General principles relating to product security
(1) The provisions in Part 1 of this Act should be read alongside the general principles relating to product security as outlined in subsection (2).(2) The principles are—(a) in regard to the security of internet-connectable products and products capable of connecting to such products, manufacturers, importers and distributors have a duty of care towards their customers to secure their privacy and safety;(b) customers are entitled to have a reasonable expectation that manufacturers, importers, and distributors make sure their consumer connectable products meet minimum cyber security requirements before they are placed on the UK market;(c) manufacturers, importers, and distributors should be able to demonstrate an understanding of emerging security threats and a proactive, ongoing support programme to mitigate these risks and ensure that their products are safe by design.(3) In making regulations under Part 1 of this Act the Secretary of State must have regard to the principles outlined in subsection (2).”Member’s explanatory statement
This amendment would introduce a set of principles relating to product security into the bill.
Lord Fox (LD)
My Lords, I rise to move Amendment 1 in my name and that of my noble friend Lord Clement-Jones, who is sadly unable to be here today. Should your Lordships feel at times that I am going on a bit long, just think of the alternative: it could have been both of us.
I should first say in the spirit of co-operation that the aim of this amendment is wholly positive; it is designed to firmly support the intentions of the first half of this Bill—support which we heard right across your Lordships’ House at Second Reading. While introducing this part of the Bill, the Minister set out a clear need for improved security. He told us:
“The average UK household now has nine internet-connected devices, and over 50% of all UK households purchased an additional consumer connectable product during the pandemic.”
The danger to individuals is getting worse. As the Minister also said:
“In the first half of last year alone, we saw 1.5 billion attacks on connectable products—double the figure of the year before.”
With this rise in connectable devices, the Minister said:
“Thousands of people in the UK have been victims of cyberattacks.”—[Official Report, 6/6/22; col. 1033.]
I suggest that this is understating the situation—it must be tens if not hundreds of thousands—but frankly, we just do not know.
This is an international business, which preys on poor security and badly configured devices. Further, our household devices can be co-opted by sophisticated criminal or political hackers to present significant threats to our national infrastructure. That is why this part of the Bill is important; I think we all agree on that. For a connectable device to be secure, it needs to be set up right but then supported throughout its active life to meet the changing environment of security threats. We are all used to updating our laptop security regularly, but how many times have we updated other household-connectable devices? A baby alarm, for example, is never updated.
At Second Reading, I described my fruitless search within the Bill for a definition of the security support that a consumer might reasonably expect for consumer-connectable products in the house. This Bill takes the secondary-legislative route. Rather than set out what consumers should legally expect in terms of through-life product security support, we were promised some SIs, and we heard what the focus would be.
In a letter sent last week, the Minister gave the Government’s reasons for choosing those three areas; I will come back to them briefly. He wrote:
“we are starting with a focus on the three security requirements that will make the most substantial change to consumer device security at a proportionate cost to business”.
But why just these three? The Bill is heavily based on the Code of Practice for Consumer IoT Security, in which 13 security issues were highlighted. To be clear, the first two—“No default passwords” and
“Implement a vulnerability disclosure policy”—
match those of the Minister. Interestingly, on the third one, there is a big difference in language between the Bill—which mentions providing transparency on how long, at a minimum, the product will receive security updates—and the code, which says, “Keep software updated”.
But there are 10 other major areas. I will not list them, but the fourth is:
“Securely store credentials and security-sensitive data”.
The eighth is
“Ensure that personal data is protected”.
Why are those two not as important as the other three? I cannot fathom why those have been left out and the previous three selected. So, given the choice of 13—the Minister can look them up—what was the logic in choosing just those three and dropping the fourth and eighth in particular?
There is also the issue of changing technology. Without a set of principles, the Government’s aim is to chase technological development with a string of statutory instruments, simultaneously keeping up with the world’s most innovative companies and pitting their ingenuity against the world’s top criminals. Life is moving fast—for example, a recent issue of Wired announced the beginning of the end for passwords:
“At Apple’s Worldwide Developer Conference yesterday, the company announced it will launch passwordless logins across Macs, iPhones, iPads, and Apple TVs around September of this year. Instead of using passwords, you will be able to log in to websites and apps using ‘Passkeys’ with iOS 16 and macOS Ventura. It’s the first major real-world shift to password elimination.”
On that basis, this legislation will be partially obsolete before it is enacted.
I have one further technical problem for the Minister to explain. Once again, different bits of government are moving in parallel. A seemingly entirely different exercise—a consultation on app security and privacy interventions—was published in May this year. The suggested interventions include
“a voluntary Code of Practice for App Store Operators and Developers that is intended as a first step.”
Other possible future options set out in the document include
“certification for app store operators and regulating aspects of the Code to help protect users.”
The document then says:
“These proposals link into the National Cyber Strategy through requiring providers of digital services to meet appropriate standards of cyber security and developing frameworks to secure future technologies.”
No mention of this legislation is made.
So where does a connected device end and an app start? Where does the Bill stop and this new code of practice start? If I install my temperature control system, it will involve connected hardware and an app; which of these two pieces of government activity will cover my system, and how are they connected? The Government have not joined this up, and, once again, two things are going on with no connection to each other.
So, I borrowed some of the Code of Practice for Consumer IoT Security for this amendment, which sets out some of the principles. Proposed subsection 2(a) sets a simple obligation for “manufacturers, importers and distributors” to demonstrate a “duty of care”. Proposed subsection 2(b) sets out that
“customers are entitled to have a reasonable expectation that manufacturers, importers, and distributors make sure their consumer connectable products meet minimum cyber security requirements before they are placed on the UK market”.
Proposed subsection 2(c) calls for
“manufacturers, importers, and distributors … to demonstrate an understanding of emerging security threats and a proactive, ongoing support programme to mitigate these risks and ensure that their products are safe by design.”
The Minister would be hard-pressed to argue against these—and his planned SI on accessibility vulnerability is close to proposed subsection 2(c) anyway.
I would like to hear that the Government recognise the benefits that having clear principles in the Bill can deliver. I am sure that the Minister can see these benefits. Secondly, I am not proprietorial over the exact wording. We can use the time between Committee and Report to fine-tune and wordsmith those principles, but I hope that this is a constructive and helpful start.
Baroness Merron (Lab)
My Lords, I restate these Benches’ support for Part 1, which introduces a range of important powers and processes relating to the security of consumer-connectable products, including smart TVs, smartphones, connected baby monitors and connected alarm systems, all of which we use in our day-to-day lives. For me, the legislation that we seek to improve today is much needed and needs to move with the times and the way we live. For example, in 2006 there were just 13 million of these devices but in 2024, there is likely to be more than 150 million in the UK alone—a huge projected rise.
I am grateful to the noble Lord, Lord Fox, for introducing this sensible amendment, and to the noble Lord, Lord Clement-Jones, whose name is also on it. It seeks to introduce or suggest some guiding principles relating to product security. For me, the key principles are that manufactures, importers and distributors have a responsibility and a duty of care to meet minimum cybersecurity requirements and look forward to emerging security threats. It seems wise and sensible to include these, so I hope the Minister will take them into account. As the noble Lord, Lord Fox, said, the exact wording of the amendment does not have to be used; it is about the principles. Indeed, it is about not just principles but practice: the message given to consumers as well as to manufacturers, importers and distributors.
I know that in other legislation the Government are often nervous about using the phrase “duty of care”, but, as the Minister knows, there are very real concerns about data collection and privacy. I suggest that this is the very least that consumers should be able to expect. While it may be said that the other principles are not necessary to include, there have been several cases of manufacturers knowing about, yet failing to act on, significant security flaws. I feel this is something we need to guard against.
The Parliamentary Under-Secretary of State, Department for Digital, Culture, Media and Sport (Lord Parkinson of Whitley Bay) (Con)
I am grateful to the noble Lord, Lord Fox, and, in his absence, the noble Lord, Lord Clement-Jones, for their Amendment 1 and for the wholly positive intention with which it has been tabled. I was grateful to have had the opportunity to talk to them about it before Second Reading as well. As the noble Lord set out today, he has argued that customers deserve some high-level principles setting out the security protections they should expect when purchasing consumer-connectable technology. In fact, Amendment 1 goes further, as noble Lords have noted, and would require manufacturers to owe their customers a “duty of care” to protect them. We are not as keen as the noble Earl, Lord Erroll, on that.
The first problem we have with a duty of care is that it could give consumers a false sense of security. If consumers buy well-designed technology products which meet the best standards, it considerably lowers risk, but with cybersecurity there is no such thing as zero risk: the most aggressive and well-resourced hacker will find a way. Somebody may have a quality product, but have they secured their wi-fi router? Do they have some legacy technology on their network? Manufacturers of a single device do not control the whole range of apparatus which constitutes the attack surface so cannot always provide an absolute security warranty, and they cannot always predict the next attack vector.
The second problem we have is that we have learned that the security of devices is best served by standards rather than principles. If one sets standards, one can send a device to a laboratory and assure oneself that those standards have been met. If one sets principles, that does not apply. That is why the Bill is designed to give force to standards. Those standards, developed here in the UK and now adopted by Governments and jurisdictions across the globe as well as by international standards bodies, are widely recognised significantly to lower risk for consumers.
Of course, we believe that the responsibility for the security of connectable products most effectively lies with the manufacturer. We expect manufacturers to take security seriously, to implement measures to develop and maintain an awareness of the security of their products, and to be up front with customers about the security support they can expect. We have tried voluntary compliance, with our code of practice which was published in 2018. We now need mandatory requirements, and that needs specific security requirements that can be independently assessed. The legislation must enable the Government to keep pace with market dynamics and the changing technological landscape—as the noble Baroness, Lady Merron, said, it is important that we move with the times. The flexibility to be able to set different security requirements for manufacturers, for importers and for distributors is key to this.
Amendment 1 in the form drafted would place an equal weight on the duties of each of these three groups to secure products. Compelling the Secretary of State to have regard to this general duty could constrain the Government’s ability to set specific security requirements in the future. Crucially, these principles could restrict the use of powers in this part of the Bill, working against the Government’s ability to bring this regime into force and impeding our ability to keep that regime future-proof. I should also say to noble Lords that industry and consumer groups have not raised the need for general principles such as this. Our efforts to engage and communicate our intentions have been clear, and the requirements we have set out for the relevant persons have been widely understood and are in line with international standards.
The noble Lord, Lord Fox, asked why the Government have chosen these three specific security requirements rather than others. During the consultation in 2019, we explored a number of options including mandating that all consumer-connectable products meet all 13 guide- lines in the code of practice. They are all important, but the majority of respondents supported the option that the top three security requirements represented the most appropriate baseline, by balancing the important requirements that are testable, being applicable across a range of devices and creating the right incentives to improve security in these products. That is why the Government are initially mandating the implementation of security requirements that will make the most fundamental impact on the risks posed by insecure consumer-connectable products for consumers, businesses and the wider economy.
The noble Lord also asked about where products end and apps begin. The powers in Part 1 allow Ministers to set out requirements that include products and software. The proposals in the consultation he mentioned relate to those who operate app stores. So, while I acknowledge the good intentions behind it, I hope I have been able to set out why the Government feel that this amendment—
Lord Fox (LD)
I thank the Minister for giving way. That does not answer the question of where an app starts. If I am downloading Nest for my heating system, I am getting it from an app store, so where is the regulation coming? Is it the app that is coming from the app store, or is it the connectable device law that is coming through here? In which case, I think some explicit connectivity between the apps that run the connected devices needs to be written into the Bill.
Lord Parkinson of Whitley Bay (Con)
Perhaps, if the noble Lord is happy, we can explore this. The example he gives, as he knows, includes software and technology. Perhaps we can have a detailed discussion where we can work through some of those examples. I would be very happy to talk to him about them because on the question he poses the line is drawn in a different place depending on the product and its nature.
Lord Parkinson of Whitley Bay (Con)
Some of the standards in this area have been set in the UK and have already been adopted by other jurisdictions, so I hope that we can give the noble Earl some reassurances. While I acknowledge his point about the time it takes for these to be adopted internationally, in some areas the UK is setting the way, and these are being picked up across the globe.
As I said, while I note the good intentions behind Amendment 1, these are the reasons why the Government are unable to support it. However, I am very happy to pick up the questions about apps and products with the noble Lord and others who wish to join that conversation. I hope that, for now, the noble Lord will be content to withdraw his amendment.
Lord Fox (LD)
My Lords, while that was a relatively disappointing response, I am pleased that we can have the discussion about apps. I thank noble Baroness, Lady Merron, and the noble Earl, Lord Erroll. I think he put his finger on it. If we are to keep pace with the speed of change only through a standards regime without making the companies delivering these products in some way responsible—whether through a code of practice or a duty of care, I am not quibbling—there is no way that a standards regime can keep pace with the innovative speed that international crime is running at on cybercrime.
The idea that we can chase this down the road is wholly wrong. I ask the Minister to sit down with the department and perhaps we can come up with a different way of doing it. I am totally agnostic about how we go about it, but some sense that we are not just chasing this needs to be in this Bill, otherwise it is going to be after the fact. That said, I am happy to beg leave to withdraw Amendment 1.
Lord Fox (LD)
My Lords, I will speak to Amendments 3 and 5 and in support of the other two amendments in this group. All these amendments refer to Clause 1 and seek to add some specificity to its general nature. The first amendment in my name and that of my noble friend Lord Clement-Jones is Amendment 3. This inserts a new paragraph (c) into Clause 1(1), adding the text
“children where they are not primary users of products but are subjects of product use”.
Why is this necessary? Here I am indebted to a report on cybersecurity, the UK Code of Practice for Consumer IoT Security produced by the PETRAS National Centre of Excellence for IoT Systems Cybersecurity. Noble Lords may be aware of this group; it has a very strong record in this area. It is a consortium of leading UK universities dedicated to understanding the critical issues of the privacy, ethics, trust, reliability, acceptability and security of IoT. I commend this organisation to the small number of noble Lords in this Chamber interested in this area.
This report highlighted, among other things, the importance of children’s connected toys receiving the necessary scrutiny, due to the implications of embedded cameras and microphones, with the aim of ensuring the child’s and the parents’ protection and right to privacy. Such devices include a wide range of everyday artefacts with internet connectivity intended for use by children or in caring for them, such as interactive toys, learning development devices and baby or child monitors.
These connected toys and tools have the potential for misuse and unauthorised contact with vulnerable minors. The British Toy & Hobby Association has responded by offering a range of guidance notes and by interpreting the code of practice, but with SMEs manufacturing most of these devices, there is much more to be done to ensure that those organisations are sufficiently informed and equipped to produce and market toys that are secure.
Security is not straightforward, as the Minister has already pointed out. While these devices offer a range of advantages through their connectivity, they also potentially expose children and their families to risks that have not yet been fully articulated to many of the consumers who are buying these toys.
A real-life example is that the toy giant Mattel launched Hello Barbie. The Minister may be familiar with it—I do not know. This was as far back as 2015. It was a very innovative toy which it launched with a start-up business called ToyTalk. The principle of this toy was that it could converse using internet connectivity with speech recognition, so as well as talking it could listen. Hello Barbie also allowed parents to log in later and eavesdrop on their children’s conversations with their toys. I will leave your Lordships to decide the ethics of that.
But this connectivity raised some concerns, primarily around who could listen in and record these devices and store conversations and behavioural and location data, and for what purpose this data could be used. Toys like these are now prevalent and they raise significant questions about the appropriate support and guidance for the toy manufacturers, which understand an awful lot about conventional safety—they know how to make physically safe toys—but do not have a track record on developing informationally and data-safe toys because they have never been asked to do that before. This is a new venture for them, and it requires a totally new set of skills and standards, as the Minister might say.
As technology evolves hacking is increasing in sophistication, so it is necessary to keep moving forward. The challenge for cybersecurity in remaining ahead of the risks is inevitably a technological one, and the Minister may remember that the Hello Barbie toy, having been launched and lauded for its security, was ultimately found at some point to have serious security issues. Even that toy, from a very large manufacturer, fell foul of the progress of information crime.
Nevertheless, it is clear that today some toy manufacturers are releasing connected toys without adequate safety and security features. This is a competitive and dynamic marketplace—a lot of it is to do with price—and first movers are rewarded. In addition, the skillset and knowledge base, as I have just said, for conventional toy safety is mismatched with these new toys and we need to find a way of addressing that divergence. This is going to require investment and new learning and will not happen unless the toy manufacturers are required to do it.
Secure software development and cybersecurity are novel demands on this sector. However, the fact remains that these toy manufacturers are potentially placing consumer safety and privacy at risk. It does not matter whether this occurs due to the immaturity of the sector, market pressures or the lack of sectoral attention to the problem.
In the view of the Petras report,
“there are no indications that this will be addressed through market forces. Instead, the certainty of legislation to maintain standards would level the playing field and make clear for SMEs where they need to invest to make their toys market ready.”
Thus, more than the technological challenge of staying ahead of hackers, what is salient here are the challenges to the implementation of basic security features in manufacturing such as basic authentication and encryption, without which children’s safety and security is at risk.
This amendment explicitly places child security front and centre in this Bill. In other legislation involving the internet and digital issues, such as the Online Safety Bill, the Government have imposed more onerous duties on those delivering services to children than to adults. This amendment would be entirely consistent with that approach—very much in the spirit of understanding that our children and young people are more vulnerable and therefore need more protection from harms.
I turn next to Amendment 5. The eagle-eyed among your Lordships will spot that it is very similar to Amendment 4, proposed by the noble Baroness, Lady Merron, and set out very elegantly by the noble Lord, Lord Bassam. In fact, I would suggest that, largely, its construction is better than ours because they managed to do the same thing in fewer words. I will speak to Amendment 5 but my comments apply to Amendment 4 as well.
Amendment 5 seeks to ensure that:
“Regulations under this section must include provision that all security requirements specified in accordance with this Act are included as essential requirements in statutory conformity assessments and marking procedures under the Radio Equipment Regulations 2017 … and in any other such assessments and procedures applicable to relevant connectable products.”
I am speaking to the spirit of both these amendments. Amendment 5—similar to that of the noble Lord, Lord Bassam—follows on from the advice and help of Which? I thank that organisation, which has really been at the forefront of the consumer issues involved. In essence, the amendment picks up on three of the issues that the Minister tells us will be dealt with in SIs as soon as the Bill becomes an Act, but it takes the rather stronger approach of placing them in the Bill.
Paragraph (a) of proposed new subsection (2A) goes further than the general principle in specifying that passwords are not to be weak. As Which? explains, many smart products push the user to create a password themselves, rather than use a default password. However, they then allow weak and easily guessable passwords to be created, meaning that the risk of compromise stays high.
One of the outcomes of this amendment would be the introduction of a requirement for responsible password policy guidance to be adopted by the industry to ensure that security liability is not simply passed from the device manufacturer to the consumer. The Bill and associated guidance should be amended to clarify that every individual device must have a unique or user-set password that meets effective complexity requirements.
Paragraph (b) of proposed new subsection (2A) seeks to avoid the risk of disclosures going into a black hole or taking many years to fix. The Bill and associated guidance should be amended to make clear what is required of manufacturers, importers and distributors on provision of disclosure policy information, particularly around vulnerabilities. The appointed regulator should also clearly define and distribute a risk assessment framework for vulnerabilities that removes any sense of subjectivity and ensures that the response is effectively mandated.
Paragraphs (c) and (d) of our proposed new subsection concern the length of time a product is supported. The Government should introduce mandatory minimum support periods for smart products and consider whether these periods should reflect how long consumers, on average, continue to use such products. There is a precedent here. New ecodesign and energy labelling requirements came into force in England, Scotland and Wales in 2021. They include a requirement for electronic display items, including televisions, to be provided with firmware and security update support for a minimum of eight years after the last unit of a model has been placed on the market. A consistent approach to support periods for a range of products therefore needs to be considered, and it has already been considered in this other legislation.
Customers need absolute clarity on the support period manufacturers will offer, so that they are able to make more informed purchasing decisions. There must be a clear definition of what the “point of sale” means and how this relates to the definitions of “supply” in Clause 55. Without clearer specifications on what form the transparency requirements will take, there is a risk that this information could be hidden, obfuscated or even mislead. This amendment is designed to probe the Government’s thinking on these very important issues.
Finally, and very briefly, as a signatory to Amendment 2, I give it my full support.
Lord Parkinson of Whitley Bay (Con)
I am very grateful to noble Lords for setting out the cases for Amendments 2, 4 and 5. Since January 2020 the Government have been clear on introducing security requirements based on the three guidelines to which I referred in the previous group.
The commitment to set requirements has been made in response to consultations, published strategies and indeed to the Explanatory Notes to this Bill. Our notification to the World Trade Organization also contained reference to some of these documents. We have put manufacturers, trade bodies and industry representatives on notice. Supply chains are long and surprises unwelcome, so the Government have been very clear on whither we are heading.
Amendment 2 would remove any discretion the Secretary of State has to make regulations. I appreciate that the intention behind tabling it is to explore this issue, and I hope I can assure noble Lords that it is not needed. The regulations will be made, and swiftly. Indeed, we have already consulted on them, in 2020, which I hope gives noble Lords some reassurance that we intend to move swiftly in this area.
Amendments 4 and 5 would insert specific security requirements into the Bill. As several noble Lords mentioned at Second Reading, it is important that technology regulation enables the Government to respond to changes in threat and technology, and to the regulatory landscape. That is precisely why the Bill does not contain details of the requirements that the Government have assured industry they will set out.
Lord Fox (LD)
Perhaps the Minister should consult whoever drew up the legislation that managed to mandate that televisions should be updated for firmware and software for up to eight years after they have stopped being manufactured. Clearly, those people managed to find consensus among the industry—or decided to ignore consensus—and deliver something. If it can be done for electrical display devices, such as televisions, I do not see why it cannot be done here if there is a will to do it. However, I think the Minister is telling us that there is no will to do it.
Lord Parkinson of Whitley Bay (Con)
The noble Lord referred to mandatory minimum support periods for electronic display items and the Ecodesign for Energy-Related Products and Energy Information Regulations 2021. It is not quite correct to say that those requirements are applicable. They ensure that the last available security update continues to be available for at least eight years after the last unit of a product has been placed on the market but the requirement does not ensure that manufacturers continue to provide new security updates over that period to ensure that the product remains secure in response to changing threats.
Lord Fox (LD)
I did not say that those requirements are applicable; I implied that they are analogous. Frankly, the fact that there is some mandating of security support after the product has stopped being manufactured is a heck of a lot better than the situation for all the connectable devices we are currently talking about, where there is no requirement at the moment.
Lord Parkinson of Whitley Bay (Con)
I do not think that they are quite analogous. As I say, it is about the requirement to keep the last available updates available to consumers for eight years rather than evolving them. We do not yet consider that there is sufficient evidence to justify minimum security update periods for connectable products, including display equipment—certainly not before the impact of the initial security requirements is known.
It is important to stress that, as consumers learn more, they will expect more. This will drive industry to respond to market pressure. If the market does not respond to this effectively, the Government have been clear that they will consider the case for further action at that point, but we think that consumer expectation will drive the action we want to see in this area.
Amendment 3, tabled by the noble Lords, Lord Clement-Jones and Lord Fox, refers to children. All noble Lords will agree, I am sure, that protecting children from the risks associated with connectable products is vital. I assure noble Lords that the security requirements we will introduce are designed with consideration for the security of all users, including children, alongside businesses and infrastructure. The Bill already gives the Government the flexibility to introduce further measures to protect children, whether they are the users of the products or subject to other people’s use of a product. We therefore do not think that this amendment is necessary as this issue is already covered in the Bill.
The Bill, and forthcoming secondary legislation, will cover products specifically designed to be used by or around children, such as baby monitors and connectable toys; they include Hello Barbie, which I was not familiar with but on which I will certainly brief myself further. However, we recognise that the cyber risks to children are not limited to the connectable products in the scope of this Bill; indeed, a lot of the issues referred to by the noble Lord, Lord Fox, were about the data captured by some of the technology, rather than the security of the products themselves. That is precisely why the Government have implemented a broader strategy to offer more comprehensive protection to children—including through the Online Safety Bill, to which the noble Lord, Lord Bassam, referred.
I hope noble Lords will agree that Amendment 3 is not needed to make a difference to the Bill’s ability to protect children from the risks associated with insecure connectable products—this is already provided for—and will be willing either to withdraw their amendments or not move them.
Member’s explanatory statement
This amendment would mean regulations with the power to deem compliance with security requirements were subject to the affirmative resolution procedure, as recommended by the DPRRC.
Lord Fox (LD)
My Lords, in his response to the Minister, the noble Lord, Lord Bassam, talked about transparency. The Minister said that he hoped we were reassured by the presence, and indeed the draft, of particular regulations. More specifically on the point made by the noble Lord, Lord Bassam, we would be reassured if the Minister were prepared to share those drafts with Her Majesty’s loyal Opposition and those of us on this Bench, but the Minister has set his face against pre-publishing draft regulations so that we can have a chance. That trust will come if we are trusted in this process, but it does not come for nothing.
I rise to speak to these—whatever the collective noun for amendments is; perhaps a raft or a shedload—amendments, all of which are around delegated powers and secondary legislation, and to move Amendment 6. As we have discussed, in Part 1,
“The core provision is clause 1, which allows the Secretary of State to make regulations specifying the requirements that are to apply for the purpose of protecting or enhancing the security of internet-connectable products made available to consumers in the UK. The security requirements can be applied to … relevant persons.
Clause 3 allows the Secretary of State to make regulations providing that a relevant person is to be treated as complying with the security standard if specified conditions are met. No limits are imposed on the circumstances in which this power would be capable of being used. Subsection (2) provides that the specified conditions may include, “among other things”, compliance with specified standards. But this does not limit the circumstances in which this power may be exercised.
The explanation for the power is given in paragraphs 20 to 22 of the memorandum. The point is made that improving the security of connectable products is a critical global issue”—
which we have discussed,
“and therefore it is likely that many other countries and international standards bodies will introduce standards similar to or aligned with the security requirements imposed under this Bill. The purpose of the power is to allow products which meet these alternative standards to be excepted from the regime under this Bill, provided that those standards achieve equivalent security outcomes and do not weaken the regime established by the Bill.”
Are noble Lords still with me? The Bill’s
“powers will also facilitate mutual recognition agreements and therefore help the UK to avoid placing an undue burden on industry by restricting the free flow of international trade.”
I think we all can see this. I agree with the Delegated Powers and Regulatory Reform Committee,
“that this provides a reasonable explanation for the power contained in Clause 3, it does not explain why it is considered necessary or appropriate for the power to be at large and not limited so that it can only be used where a product is subject to an alternative security regime imposed outside the UK”
and that the Minister needs
“to explain whether the failure to limit the powers in this way is inadvertent; and, if not, why (whether by reference to technological change or otherwise) it is considered necessary to draw the powers more widely than indicated in the memorandum.
Regulations under Clause 3 are subject to the negative resolution procedure. That is based in part on the fact that the regulations will not reduce the effect of the legal framework. But that assumes that other international standards will apply instead.”
This amendment puts forward the DPRRC’s recommendation that
“the affirmative resolution procedure is more appropriate if the width of the regulation-making power is to be retained.”
The alternative is for the Government to narrow that regulation power.
Amendment 9 focuses on regulations under Clause 9(7), which are subject to the negative resolution procedure. This amendment implements the DPRRC recommendation that
“the affirmative resolution procedure is more appropriate if there are to be no limits on the circumstances in which the duty under clause 9 to provide a statement of compliance may be waived.”
Then we have tabled an amendment that removes Clause 9 altogether. Clause 9 is designed to take power to except manufacturers from the duty to provide a statement of compliance. The clause
“requires manufacturers to provide a statement of compliance when a product that is subject to security requirements is made available to the UK. Subsection (7) of clause 9 confers a power by regulations to provide that a manufacturer is to be treated as complying with this requirement if specified conditions are met.
The explanation in the memorandum links this power to the power in Clause 3 to treat a relevant person as complying with a security requirement.
‘Where the government has recognised another standard as being equivalent to compliance with a security requirement using the provisions of clause 3(1), it may be appropriate under certain conditions, for instance where the government has entered into a mutual recognition arrangement with another regime, for the duty to ensure that a product is accompanied by a statement of compliance to be waived for relevant persons in relation to products that meet that standard.’
However, this limitation on the circumstances in which the power will be used is not reflected in clause 9(7) itself, which simply confers a power to treat the manufacturer as complying with the duty to provide the statement of compliance ‘if specified conditions are met’, without any indication of or limit on what those conditions might be.”
As such, the purpose of giving notice of our intention to oppose the question that Clause 9 stand part of the Bill amendment is designed to get to the bottom of the issue and to get the Minister to explain whether the failure to limit the power, as described in the memorandum, is inadvertent; and, if not, why it is necessary to draw the power more widely than indicated in the memorandum.
Lord Parkinson of Whitley Bay (Con)
The feast of amendments in this group aim to implement the recommendations of your Lordships’ Delegated Powers and Regulatory Reform Committee. We welcome the committee’s report and are considering its recommendations, as we always do. It will infuriate the noble Lords who have asked detailed questions when I say that, ahead of setting out our response to the committee, I will not be able to cover all the issues they have pressed the Government on today. I am happy to say that we will set out our response in writing ahead of Report. Perhaps once we have done that, and noble Lords have seen the Government’s full thinking in their response to the committee, it might be helpful for us to speak in detail.
The legislation has been designed to protect people, networks and infrastructure from the harms of insecure consumer connectable products, while minimising the unnecessary regulatory burden on businesses. It does so in the context of rapid technological and regulatory change, evolving cybercriminal activities and a growing impact on people in businesses, all of which require us to ensure that the legislation can evolve quickly and effectively. The UK, as I have noted, is leading the world with its approach to regulating connectable products. As other jurisdictions increasingly turn their attention to this important issue, we will use this flexibility to achieve alignment with equivalent regulatory regimes, avoiding unnecessary duplication. These powers, and the others conferred by the Bill to make delegated legislation, are crucial for it to remain effective. We have carefully considered the number, scope and necessity of these powers, and believe we have struck the right balance between the need for that flexibility and the importance of Parliamentary scrutiny, which noble Lords rightly stressed again today.
We welcome the report of your Lordships’ committee and are considering its recommendations. I am afraid I cannot, at this stage, pre-empt our response, which has to be made while considering the recommendations’ impact on the broader framework. We will return to these matters on Report, and I am very happy to have a detailed conversation with the noble Lords about our response after we have responded to the DPRRC.
The noble Lord, Lord Fox, focused on Clauses 9 and 11. I am happy to confirm that nothing about how the powers are drawn in Clause 9 is inadvertent; this was our intent. Clause 9 contains four delegated powers; they will be used predominantly to provide administrative detail deemed too technical for primary legislation. For example, they will explain what must be included as a minimum in a statement of compliance, what steps must be taken to determine compliance, where appropriate, and for how long a manufacturer should keep a statement of compliance. They will also provide flexibility to respond swiftly to changes in the market. In addition, the delegated powers in this clause may be used in the future to provide that the statement of compliance is equivalent to certain product markings, or external conformity assessments, such that a manufacturer may be deemed to have provided a statement of compliance where such markings or assessments have been made or completed. This is dependent on regulatory changes to product markings and on the development of the assurance sector for product security.
At this stage, and awaiting our response to your Lordships’ committee, I hope noble Lords will agree that it goes without saying that the Government feel these clauses should stand part of the Bill.
Lord Fox (LD)
I sort of thank the Minister for his response, which is really no response at all. He did say that it would infuriate me and he is fairly accurate about that.
As correctly noted, I am merely a cipher for the DPRRC, a very serious committee that does not produce these reports lightly. The point it is making, particularly on Clause 27, is front and centre to this Bill. Who is going to enforce it? Who decides who will enforce the Bill, and how will Parliament know if the Secretary of State decides not to tell it, under the current regulations? These are very serious matters and not ones that your Lordships’ House should step back from. I am sure that the Minister will, on reflection, understand that the DPRRC has a very important point to make. The others are important points, particularly around Clause 3, but the Clause 27 piece is absolutely central to the future of this Bill. That said, I beg leave to withdraw Amendment 6.
Lord Bassam of Brighton (Lab)
My Lords, Amendment 7 is also in the name of my noble friend Lady Merron. This amendment, as the notes to the Bill’s amendments set out, brings online marketplaces which allow relevant products to be listed for sale within the scope of the security requirements outlined in the Bill. We wish to express again our gratitude to Which? and others for their work in relation to online marketplaces, including, but not limited to, Amazon and eBay, which facilitate the sale of many of these products.
Research suggests that a significant number of products listed on online marketplaces could have security and privacy risks. This is prior to the introduction of the new rules for producers, importers and distributors, but it does highlight the importance of ensuring that marketplaces are subject to at least some of the new measures. Following Second Reading, the Minister kindly wrote to noble Lords, as he promised he would, and suggested that in many cases these websites will fall under “at least one” of the categories and, even if they do not, earlier parts of the supply chain will be subject to the new duties. On that basis, the Government say they will not explicitly bring marketplaces within scope of these measures but will keep the matter under review. It is disappointing that the Minister decided to rule out this change without even having this Committee debate. I hope the Minister’s response will go into more detail than the letter, and he will outline exactly what this review process will look like. Importantly, if it becomes apparent that obligations need to be imposed on these businesses, can he outline the process for achieving this? Can it be done under existing powers, or would it require an additional, albeit simple, piece of primary legislation?
This may not be a gaping hole in the Bill, but it does feel like a gap that needs to be addressed. We hope the Government will be persuaded of that in the run-up to Report stage. It is important because we do not often get legislation on this subject and we do not often get the opportunity to deal with issues such as this. I say to the Minister that we need considerable reassurance on this point because of that very fact. The Minister may say that it is all going to be down to regulations. That is not really a complete answer but we look forward to hearing his response.
Lord Fox (LD)
My Lords, I rise to speak to Amendment 8 in my name and that of my noble friend Lord Clement-Jones. These are two ways of doing the same thing so I support the spirit of Amendment 7, about which we have just heard from the noble Lord, Lord Bassam.
This amendment adds the following wording to Clause 7:
“Any person who is a provider of an internet service that allows or facilitates the making by consumers of distance contracts with traders or other consumers for the sale or supply of a relevant connectable product is to be regarded as a distributor for the purposes of this Act, if not a manufacturer or an importer of the product.”
This amends the language that defines a distributor in the scope of the Bill. Online marketplaces are a mainstream form of today’s retail. Which? research in 2019 found that more than 90% of the UK population had shopped through an online marketplace within the month it was polling. That has increased during the pandemic. However, its research also consistently highlighted how online marketplaces are flooded with insecure products. It has previously demonstrated issues with the lack of legal responsibility of online marketplaces for the security and safety of products sold through their platforms.
The Government have recognised the problem, in their response to the call for evidence on product safety, that current safety rules were designed to fit supply chains as they operated before the world of internet shopping. In the realm of product safety, the Government have acknowledged that this can result in the peculiar situation where no actor is responsible for ensuring product safety. This has resulted in organisations such as Electrical Safety First repeatedly finding unsafe and non-compliant products listed on online marketplaces. Therefore, the traditional conception of actors in the supply chain is now outdated.
The Bill defines “distributor” as
“any person who … makes the product available in the United Kingdom, and … is not a manufacturer or an importer of the product.”
At present, it seems unlikely that certain online marketplaces, including eBay, Amazon Marketplace and Wish.com, will be included within the scope of that definition of distributors in the Bill. This will leave, without overstating it, a sizeable gap in the regulatory scope of this market.
Given the amount of insecure tech readily available on online marketplaces, it is paramount that these platforms are given obligations in the Bill to ensure the safety and security of the products sold on their sites, regardless of whether the seller is a third party. However, the Clause 7(5) definition of “distributor” in terms of making products available on the market is in line with existing product safety law, so we know that certain marketplaces are not classed as distributors and hence not obligated to take action. Amazon Marketplace, Wish.com and eBay are marketplaces where other people are selling; this is the issue.
This amendment seeks to expand the definition of distributors in Clause 7 to include appropriate online retailers, such as listings platforms and auction sites, including eBay, Amazon Marketplace and AliExpress. I feel sure that the Minister did not intend for the legislation to miss these marketplaces out; rather than risk this loophole going any further, we will work with the Minister and Her Majesty’s loyal Opposition to come up with some wording that absolutely iron-clads the Bill to ensure that these sorts of marketplaces are also included.
Lord Parkinson of Whitley Bay (Con)
I am grateful to noble Lords for speaking to their amendments in this group, both of which seek to make online marketplaces a “distributor”. It is vital that all products offered to consumers are secure, including those listed through online marketplaces, and we want to ensure that this is achieved in the most efficient way.
The explanatory statement for Amendment 7 suggests that products listed on online marketplaces might not be protected by the security requirements set out in the Bill. I reassure noble Lords, particularly those who tabled Amendment 7, that the security requirements will need to be met for all new connectable products offered to consumers in the UK, including those offered through online marketplaces. These marketplaces often act as a manufacturer, importer or distributor and, in those cases, they are subject to the same duties and security requirements as those three types of economic actor. If, however, the online marketplace does not fall into one of these three categories, the manufacturers, importers and distributors of those products are all still fully responsible for complying with security requirements.
Lord Fox (LD)
This has piqued my interest; how does this exercise relate to the Bill? This process of dealing with the online acquisition of unsafe products would seem to be what the Bill is doing front and centre, so what is that process? How do the two connect?
Lord Parkinson of Whitley Bay (Con)
They are complementary; the new product security framework sits alongside existing legislation on product safety, which is why we want to conduct a review of the safety framework and publish the consultation. I am certainly happy to write and endeavour to explain.
The noble Lord asked whether products sold through online marketplaces fall into a gap in the Bill. The Bill requires in-scope products offered for sale through online marketplaces to customers in the UK to be as secure as in-scope products sold, for example, in physical stores. We are mindful of the variety of services offered by different online marketplaces. Some act only as advertising platforms, while others facilitate transactions and store and ship products on behalf of the seller. As noble Lords have noted, this changes all the time. This must be carefully considered to ensure that businesses can comply with their legal obligations and that any regulation is necessary, appropriate and proportionate to provide the best protection to consumers.
Lord Fox (LD)
I am sorry to keep popping up; being a practical person, I will try to give the Minister a scenario and, if he cannot answer straightaway, he can write. I have bought a product through an online auction that turns out to be unsafe; I go back to the auction site, which tells me, “Not my problem. You have to return to the international manufacturer which made this product”, which turns out to be a brick wall and nothing comes back. First, is that online auction site correct in handing me over to the international manufacturer, which turns out to be a dead end? Secondly, if that site is correct, to whom do I go? Do I go to my local council trading officer or to the person who, under Clause 27, has been mysteriously made the enforcer for the Bill? I may or may not know who they are. How do I seek redress, and from whom?
Lord Parkinson of Whitley Bay (Con)
I will try answer the noble Lord’s question, and I am happy to write with further detail. Products sold on online marketplaces are covered by the Bill. All products sold to customers in the UK will have to comply with the security requirements set out under this framework. Where a product is sold on a third-party online marketplace, the seller will be responsible for ensuring that it is compliant. Third-party sellers who sell new products directly to customers on those platforms will also be covered under the “distributor” definition. I will happily write to the noble Lord with further detail ahead of Report but I hope that, for now, that goes some way towards addressing his question.
Product Security and Telecommunications Infrastructure Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Lord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
Product Security and Telecommunications Infrastructure Bill
Lord Fox ExcerptsTuesday 21st June 2022
(1 year, 10 months ago)
Lords ChamberRead Full debate Product Security and Telecommunications Infrastructure Act 2022 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 16-I(a) Amendment for Committee (Supplementary to the Marshalled List) - (20 Jun 2022)
“Amendments to consumer protection legislation
(1) In section 9(3) of the Consumer Rights Act 2015 (goods to be of satisfactory quality), after paragraph (e) insert—“(f) compliance with security requirements.”(2) In Schedule 2 to the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (S.I. 2013/3134), after paragraph (x) insert—“(y) where applicable, confirmation of compliance with all security requirements as set out in regulations made under section 1 of the Product Security and Telecommunications Infrastructure Act 2022.”(3) In section 2(2) of the Consumer Protection Act 1987 (liability for defective products), after paragraph (c) insert—“(d) in relation to a relevant connectable product within the meaning of Part 1 of the Product Security and Telecommunications Infrastructure Act 2022, any person who is a distributor of the product within the meaning of that Act.””Member’s explanatory statement
This amendment would clarify the relationship between proposed provisions in this Bill and those already in law under the Consumer Rights Act 2015 and other consumer legislation. This would include defining a security issue as a fault for the purposes of consumer law and ensuring the liability for a defective connectable product is properly defined.
Lord Fox (LD)
My Lords, this group contains two amendments that have been tabled by my noble friend Lord Clement-Jones, and I rise to move Amendment 14 and to speak to Amendment 14A on his behalf and my own. These are probing amendments to understand consumer law with this and other legislation.
It seems that the Government’s intention is that consumers will be entitled to redress under the Consumer Rights Act 2015 for breaches of the product security requirements in Part 1 of this Bill and the requirements of related future secondary legislation where breaches amount to a product not being of satisfactory quality as described or fit for purpose. However, for clarity, this will require the specific inclusion in this Bill of amendments to the CRA and other related consumer legislation. So I ask the Minister to clarify how redress will work in practice. As Which? has strongly urged in relation to the current consultation on reform of consumer law generally, collective redress should also be available for groups of consumers that have suffered breaches of the CRA relating to product security.
To help your Lordships, let us look at a typical scenario where the consumer reads a report about a security issue with a product that they own and considers it insecure and hence faulty. They try to take the product back to the retailer as redress, as per CRA 2015 rights, but under the CRA, after the first six months of ownership, the burden falls on them to prove that the fault was not of their making. It is unclear what burden of proof would be required at this stage for the consumer to get redress for security faults as described in this Bill.
The CRA places the primary obligation on retailers—as “traders” concluding contracts with consumers—not manufacturers, to remedy products found to be in breach. Due to the unique nature of security faults, it is currently unclear whether a retailer would have the ability to verify reports of faults to facilitate effective redress. Experience has shown that it has been hard when reporting security issues to retailers, and that can often result in pushback. There is a risk that the consumer will find it very hard to enact their CRA rights in practice to get redress on insecure products. In that regard, proper legal guidance for what classifies a security fault is absolutely vital for redress to work effectively.
At present, it is unclear how security updates—and hence a commitment to fix security faults that occur with smart products—interact with the CRA 2015. For example, a manufacturer could claim that it will provide four years of updates on a product at the point of sale but then renege on that; perhaps because it has gone out of business or some such reason. The product then develops a security fault that the manufacturer will not fix. It is unclear what the consumer rights would be in this scenario.
Moreover, it is unclear if the Bill effectively waters down consumer rights under the CRA. If the manufacturer claims that it will give four years of support in which it will fix security faults, how does this impact on a claim that a consumer may have under the CRA to have faults addressed—which they may be able to bring for up to six years from when they purchased the goods? If the Government are not willing to mandate minimum support periods for at least six years, this could become a commonplace problem to consumers seeking redress. The Bill must make it clear how it interacts with the CRA 2015 and associated consumer legislation in a way that gives maximum protection to consumers and does not water it down.
Finally, under the CRA 2015, after the first six months of ownership, the burden falls on the consumer to prove that a fault was not of their making. Consideration should be given to extending this period and making it easier for consumers to obtain redress for insecure products. The 2019 EU sale of goods directive has extended the burden of proof in EU member states to one year—extendable to two years by member states—from delivery of the goods. For goods with digital elements supplied on a continuous basis, the burden of proof for conformity is on the seller in relation to any non-conformity that becomes apparent during a minimum of two years, or the period of supply where longer than two years, effectively providing a minimum of two years of security support. The directive also has specific provisions requiring sellers to keep consumers informed about and supplied with updates, including security updates. Similar protections should be introduced for UK consumers.
So there is a whole heap of issues here, and these two amendments try to get some clarity. Amendment 14 seeks to clarify the relationship between the provisions proposed in the Bill and those already in law under the Consumer Rights Act 2015 and other consumer legislation. This would include defining a security issue as a fault for the purposes of consumer law and ensuring that the liability for a defective connectable product is properly defined. Amendment 14A would ensure that the provisions of the Bill will not conflict with any existing legal rights regarding the enforcement of consumer law, ensuring that redress for defective connectable products can be sought by individual consumers, as opposed to solely leaving the redress procedure to the designated enforcement body to ensure compliance.
We await detailed exposition on all this, either now or in a letter from the Minister. I beg to move.
Lord Parkinson of Whitley Bay (Con)
At the risk of a philosophical debate on the nature of security versus safety, I accept some of the points that the noble Earl makes. There are distinct differences between our approach to product security and existing product safety as set out in consumer legislation, but I will address myself to that philosophical point in the letter, if I may. For now, I ask the noble Lord to withdraw Amendment 14.
Lord Fox (LD)
I hope that the Minister will take some time to read my speech in Hansard and address the issues that I have raised, because there are some specific points that have not been touched.
A lot of this has come from Which? whom I thank for its help. Which? is an extraordinarily experienced organisation, with some of the country’s most experienced consumer lawyers dealing with the sharp end of customer consumer problems. The fact that it has gone to the trouble of raising these issues should raise a red flag. It is not doing it out of mischief or political intrigue, but because it cares about the future of consumers. For that reason, the department needs to take this seriously.
If the Minister requires a meeting with Which? I am sure that I, the noble Lord, Lord Bassam, or the noble Baroness, Lady Merron, will be very happy to broker one. We could then go through some of these consumer issues. This is an organisation dedicated to protecting the needs of consumers. It has gone to the trouble of flagging up this and several other issues. For that reason, for the future of this Bill, it would be very sensible to take Which? seriously.
That said, I beg leave to withdraw Amendment 14.
The Earl of Erroll (CB)
My Lords, very quickly, I remember well during the passage of the Computer Misuse Act and the Police and Justice Act 2006 trying to tidy up language about hacking tools and so on. It became very complicated and no one could quite work out how to do it, because the same thing could be used by baddies to do one thing and by good people to help maintain systems, et cetera. In the end, I think it went into the Act and they just said, “Well, we won’t prosecute the good guys”. Everyone felt that was a little inadequate. I do not know quite what we are going to do about it but it needs to be looked at. Therefore, this is a good start and I would welcome some discussion around it, because we need something in law to protect the good people as well as to catch the criminals.
Lord Fox (LD)
My Lords, this amendment is countersigned by my noble friend Lord Clement-Jones. I know he will be very disappointed not to be able to speak to this, because it is an issue he feels particularly strongly about, as do I. Also in their absence are the auras of the noble Lords, Lord Vaizey and Lord Holmes, who spoke at Second Reading on this issue—it is a shame they are not here, but I think they have been ably replaced by the noble Baroness, Lady Neville-Jones, and the noble Earl, in their speeches. I will try not to duplicate the points that have been made by the three speakers before me. At the heart of this, as the noble Baroness confirmed, is the need to address the UK’s outdated Computer Misuse Act to create fit-for-purpose cybercrime legislation to protect national security. Clearly, that is not easy, as she pointed out, but that does not mean we should not do it at some point.
The Computer Misuse Act, as we know, was created to criminalise unauthorised access to computer systems or illegal hacking. It entered into force in 1990, before the cybersecurity industry as we know it today had really developed in the UK. Now, 32 years later, many modern cybersecurity practices involve actions for which explicit authorisation is difficult, if not impossible, to obtain. As a result, the Computer Misuse Act now criminalises at least some of the cybervulnerability and threat intelligence research and investigation that UK-based cybersecurity professionals in the private and academic sectors are capable of carrying out. This creates a perverse situation where the cybersecurity professionals, acting in the public interest to prevent and detect crime, are held back by the legislation that seeks to protect the computer systems: it is an anomaly.
As noble Lords will know, under the guidance that will be introduced following the passage of the Bill, manufacturers of consumer-connectable products will be required to provide a public point of contact to report vulnerabilities. This could be an important step forward in ensuring that vulnerability disclosures by cybersecurity researchers are encouraged, leading to improved cyber resilience across these technologies, systems and devices.
“Rights in occupation
(1) The electronic communications code is amended as follows.(2) In paragraph 21 (test to be applied by the court), in sub-paragraph (4), at the end insert “the terms of any existing agreement, and any other method of statutory renewal available.””Member’s explanatory statement
This amendment seeks to ensure that any new agreements which are made with reference to Clause 57 of the Bill and using paragraph 20 of the Electronic Communications Code must have regard to the terms of the existing agreement to ensure continuity and fairness.
Lord Fox (LD)
My Lords, once again I am a substitute for the noble Lord, Lord Clement-Jones—
Lord Fox (LD)
I know. I rise to move Amendment 17 in his name. I am grateful for the tuition that I have also had from the noble Earl, Lord Lytton—more about him shortly. Unfortunately, we are missing his huge expertise, but do not worry, I will be here to channel some of his thoughts.
This amendment seeks to ensure that any new agreements made with reference to Clause 57 and using paragraph 20 of the Electronic Communications Code must have regard to the terms of the existing agreement to ensure continuity and fairness. It aims to address outstanding concerns with the way rights are assigned when there are operators in occupation at a site. This is a complex issue and I am aware that the Minister and his colleagues at DCMS have been grappling with it as the Bill has been developed, but it is vital that the Government get this right.
The issue that the Government are trying to address was brought about by a confusion in the 2017 code. There have been some issues where operators have been prevented from getting the code rights they need to support their networks because they are already in occupation of the land and they cannot grant themselves rights.
The Government’s original consultation response and the first draft of the Bill tried to address this by changing the definition of “occupier” in the Bill. This was at Clause 57 in the original Bill. The stated policy intent made it clear that the change is intended only to address the issue that we have outlined and to ensure that when operators are in occupation of land they are able to obtain new code rights.
However, it was made clear to the Minister and his colleagues at DCMS that the original draft would in fact have much greater implications and would potentially allow operators to misuse Clause 57 as it was originally set out to modify or cancel agreements mid-term. This would be in the operators’ interest, since they could break a contract that had been agreed in good faith and move the new contract on to a new valuation basis under the 2017 “no scheme” provisions for consideration.
The Government tried to address this by removing the original draft of Clause 57 and replacing it with the new Clause 57 that we have before us today. Instead of changing the definition of “occupier” in the Electronic Communications Code, it creates a more specific code right to deal with the underlying problem.
Lord Fox (LD)
I say to the noble Lord, Lord Bassam, we are coming to the Landlord and Tenant Act 1954.
The residential security of rent control caused a seizing up of the private rented sector for the next 25 years. This is something that the Landlord and Tenant Act 1954 avoided doing in the business sector by providing security of tenure, but on market rental terms. The word of warning here from the noble Earl is that Government should be careful what they wish for and how they go about any significant transition in dealing with human sentiment against actuarial robotics, and be aware of whose voices they lend their ears to.
There are apparently three routes to lease renewal: the 1954 Act, which the noble Earl believes is effectively overwritten in some instances by the 2017 code revision; the immediate pre-2017 code for non-LTA leases; and the situation that pertains for agreements following the 2017 changes. This seems a recipe for confusion, and if the noble Earl is confused, where does that leave the rest of us?
There is a lot of detail in quite a short amendment, but this is an issue. I understand, and I think my noble friend Lord Clement-Jones and the noble Earl, Lord Lytton, understand, that there needs to be some clarity over which measures apply where, and whether the Government really want to sanction wholesale renegotiations of the nature that the noble Earl, Lord Lytton, has set out. I think that is a law of unintended consequence, and it will slow down the implementation of what we want to be implemented rather than allow it to happen more quickly.
The Earl of Erroll (CB)
My Lords, I would add that I completely trust my noble friend Lord Lytton on these affairs and issues. I have talked to him, particularly when discussing burying fibre and things like that, and he knows a lot about it.
Lord Parkinson of Whitley Bay (Con)
As the noble Baroness says, this begins to anticipate some issues to which I know we will return on the second day of Committee, but it is useful to begin them tonight.
Amendment 17 seeks to insert a new clause after Clause 57 of the Bill. Its purpose is to add an extra element to the test at paragraph 21 of the code, where an operator enters into a new agreement because of the provisions in Clause 57. This is likely to be in circumstances where an operator in occupation of the land on which its apparatus is installed has an existing agreement but wishes to seek an additional code right. The code currently provides that operators in exclusive occupation of land are unable to obtain additional code rights until their existing agreement is about to end or has ended. This is because the code currently provides that only an occupier can grant code rights, and the operator clearly cannot enter into an agreement with itself.
Clause 57 remedies this position and allows an operator to obtain code rights where it is in exclusive occupation of the land. The test at paragraph 21 of the code is often referred to as the public interest test and sets out what a court must consider when deciding whether to impose a code right on a landowner. Paragraph 23 then sets out how the court should determine the remaining terms of the code agreement. Clause 57 simply gives an operator the ability to obtain a new code right or rights that they do not already have. The clause does not allow an operator to force changes to its existing code agreement or to compel the other party to modify any of its terms—for instance, to attempt to reduce the amount of rental payments. Furthermore, the clause does not enable an operator to bring an existing agreement to a premature end in order to take advantage of more favourable terms. Any existing code agreement that the operator has will be expected to continue and operate alongside the agreement relating to the new code right.
Amendment 17 seeks to expand the test at paragraph 21 so that the court also has to consider the terms of any existing agreement and any other method of statutory renewal available. We are, however, of the view that the court can already take such matters into consideration when deciding whether to make an order under paragraph 20 of the code, and again when applying the test at paragraph 23 to determine what terms the code agreement should contain.
This is a topical issue. Clause 57 rectifies an issue in the code that currently prevents operators who are in exclusive occupation of the land being able to obtain new code rights. As I said, three cases have touched on this issue, all of which were heard in the Supreme Court earlier this year, and the Supreme Court is due to hand down its judgment tomorrow.
At present we believe that Clause 57, as drafted, achieves its intended objective, but we recognise that this is a complex and technical area, on which the noble Lord, Lord Fox, valiantly conveyed the expert view of the noble Earl, Lord Lytton, and it is imperative that any unintended consequences are avoided. We will of course look closely at the Supreme Court’s judgment and carefully consider whether further amendments are needed, engaging with interested parties as required to ensure that the aim of the clause is fully realised.
I too am very conscious that the noble Earl, Lord Lytton, with whom we have already had some discussions on this and broader aspects of the Bill, will want to join those discussions, so I am sure he will be following the official record. But I am very happy to meet the noble Lords who have spoken, as well as the noble Earl, to discuss this issue in further detail, particularly once we have seen the judgment. For now, I urge the noble Lord to withdraw the amendment.
Lord Fox (LD)
I thank the Minister for his response, during which he said that the department is of a view. When I was speaking for my part, rather than for the noble Earl, I made it clear that there were quite strong opinions that that view might not be correct. Three cases are to be judged tomorrow, before this Bill is enacted, so although it may have some relevance, it will potentially —and in the views of the people we have spoken to, almost certainly will—end up back in the courts.
We share the objective of the noble Baroness, Lady Merron, that the rollout be accelerated, not inhibited. We also share the view, as expressed in the not very veiled threat in the part of my speech on behalf of the noble Earl, Lord Lytton, about what the 1963 rent Act did, which was clog up the system. We do not want to do that—we cannot afford to clog up the rollout. There are strong suspicions that, without giving the legal certainty we need to avoid getting tangled up in the courts, we will be back there again, notwithstanding the judgments of tomorrow. That said, I beg leave to withdraw Amendment 17.
Product Security and Telecommunications Infrastructure Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Lord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
Product Security and Telecommunications Infrastructure Bill
Lord Fox ExcerptsWednesday 29th June 2022
(1 year, 9 months ago)
Lords ChamberRead Full debate Product Security and Telecommunications Infrastructure Act 2022 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 16-II Second Marshalled list for Committee - (27 Jun 2022)
Baroness Harding of Winscombe (Con)
My Lords, I apologise. I rise to speak to Amendment 18 in my name, and I thank my noble friend Lord Vaizey, the noble Baroness, Lady Merron, and the noble Lord, Lord Fox, for putting their names to it. I apologise—I am slightly breathless, as the noble Lord, Lord Fox, gave us a little bit of disinformation about today’s Order Paper.
Lord Fox (LD)
I beg your Lordships’ pardon—the moving of the Statement on the Metropolitan Police was not communicated to several of us.
Baroness Harding of Winscombe (Con)
Many apologies. I also thank my noble friend Lady Stowell, who I was not expecting to see, but who has been extremely helpful already this afternoon. I promise I will be brief. The aim of this amendment is to address an issue that other noble Lords and I raised on Second Reading: ensuring that the Bill enables the sharing of pre-2017 poles on private land without requiring an additional wayleave, just as it does for ducts on private land. This may sound very detailed—it is—but will substantially speed up the rollout of full-fibre broadband, on which we are all agreed.
There are an estimated 1 million-plus telegraph poles on private land. Access to them is particularly important in accelerating fibre rollout in rural England and urban Scotland. As with ducts, these poles are regulated under Ofcom’s PIA mechanism. That means that any operator is able to access those poles, so extending the provision to pre-2017 poles on private land would allow all operators to speed up their rollout equally. Without this, operators will have to dig up streets or put up new poles, which will slow down the rollout in the very parts of the country that suffer some of the slowest broadband speeds, based on copper.
There is clear consensus across the industry that the Bill needs to make this possible. I understand that the Digital Infrastructure Minister recently received a letter from all the major operators and trade bodies, asking that this issue be resolved and clearly stating the public benefit that doing so would bring. There is cross-party support for the amendment, and at Second Reading my noble friend the Minister was clear that he was keen to look into the matter very closely. However, as drafted, the Bill does not actually solve the problem. There is no explicit right in the Bill to access the pole or install equipment on it. My amendment is relatively simple and seeks to set that straight. It is limited in scope.
By extending the rights granted under the existing paragraph 74 of the code, these powers would be a code right and therefore apply equally to all operators. That is a really important principle in maintaining the Government’s pro-competition policy. By explicitly including the right to carry out
“works to install, maintain and keep such lines and other reasonably associated apparatus”,
this amendment ensures that there is a right for limited works only and apparatus that is associated only with flying lines between poles. It will not allow large, unsightly or unassociated apparatus to be put on the poles, so there would be very limited visual impact. In fact, it is important to remember that technology is getting smaller all the time; a number of these telegraph poles already have equipment on them, so this would most probably reduce the visual impact rather than increase it.
This amendment also protects the rights of landowners. It grants limited additional rights for operators on how they use the poles. It does not give operators additional rights to get to the pole in people’s back gardens. Landowners would still need to give their consent—that could be a simple verbal agreement—to allow an engineer to enter the property. This amendment does not intend to change that.
With over 1 million poles on private land today, this small and straightforward amendment would significantly increase the rollout of full fibre, on which we all agree. I ask my noble friend to tell us that he agrees that the Bill must be amended to do this. I am not precious about the specific wording or the exact amendment. I understand that DCMS lawyers have some concerns about whether the wording achieves our aim of going up the pole and putting the necessary equipment on it, but I have not seen any alternative proposals. I hope my noble friend will take this amendment in the constructive way in which it is intended. If he has concerns about the specific wording, I hope we will be able to work together between Committee and Report to bring back an amendment that delivers the outcome that I believe we all agree on.
Lord Fox (LD)
I want to again apologise to the noble Lord, Lord Vaizey, for causing him not to be here—and I will of course pick up the cost of his cup of tea.
He brought up the changed landscape of altnets, and we need to remind ourselves as we talk through the amendments that the old picture, as we looked at the telecoms market as it was—the copper world of a huge company and nothing much else—has passed. The fibre sector is a different sort of market. The fixed and full-fibre network infrastructure supplied by the independents, the altnets, reaches about 11.5 million premises with, at the end of 2022, an estimated 1.5 million live connections. That is separate to Openreach and Virgin, so there really is a big change in that market supply, to which I think the noble Lord was alluding. Had the noble Lord finished, by the way, or did he give way to me?
Lord Vaizey of Didcot (Con)
I was giving way to an excellent intervention to save me from the poor quality of my speech.
Lord Vaizey of Didcot (Con)
The whole Committee stage debate has already become surreal, and we are only about 20 minutes into it.
If I can take noble Lords back to the tea room, where I was this morning, we were discussing the lack of intervention in debates in the House of Lords, which is apparently seen as a Commons trait and discouraged in your Lordship’s House. In fact, I was told by a very senior chair of a committee—who is in the Chamber—that on no account was one to take an intervention at Committee stage. But I felt that as the noble Lord, Lord Fox, had already transgressed so badly in detaining two eminent Conservative Peers in the tea room, I would simply allow him to continue to flout convention and break the rules. I also felt that my speech was going so badly that, just as I used to do in the other place, giving way at an opportune moment to gather one’s thoughts was sensible.
The Earl of Lytton (CB)
My Lords, I cannot follow the amusement factor of the noble Lord, Lord Vaizey. As this is my first contribution on the Bill, due to force of circumstances, not least because on our first day in Committee I could not attend due to disruption on the rail system, I declare my interest as a chartered surveyor—still practising, just—with about 47 years’ experience in the public and private sectors. I hope that I can bring some of that to the debate.
As I understood it, in addition to being able to attach things to existing telephone poles, Amendment 18 would provide a right to create new overhead facilities of one sort or another. As a person who, from time to time, has occupied heritage property, I have a particular aversion to overheard telephone lines and to generations of cables being stuck to the outside of buildings—new ones are added but nobody ever removes the old ones. That is the first point that I would question.
The second point goes beyond this amendment but begins to address some of the points mentioned by the noble Lord, Lord Vaizey, on the use of existing facilities. These might be underground ducts. There is a bit of a problem when you get to blocks of flats, because there is a cut-off point at which the rights of, for instance, BT or Openreach end, at which point the wayleave or easement does not pertain. When you get into blocks of flats, there are other criteria. There are many instances of cables being run up, willy-nilly, through communal service risers, with firestopping material being removed and not put back correctly, and so on. No building manager in a block of flats will willingly allow someone from Openreach, who comes with a quite different set of instructions for what they are doing, to just get in there, willy-nilly, as of right. There must be safeguards somewhere along the line.
Further explanation is needed on other things. On numerous occasions I have come across situations where overhead cables have been put underground, perhaps because they were in the way or because it was convenient for visual or other reasons. But you then find that there is no easement or wayleave in relation to the underground bit—the easement or wayleave stops at the last pole, where it goes into the ground. That has certain disadvantages because every time somebody from Openreach wants to do some reconnection or give somebody a better service, they have no drawings of the underground system. I am told that this is an issue where new developments take place and the roads and common areas do not get adopted; they are retained not by the developer but are passed on to some management entity. We have all heard of the fleecehold, where the maintenance of that common realm is then jacked up and recharged through a rent charge.
I absolutely take the point that is being made, but if I am correct a raft of other issues needs to be resolved, including powers to take possession and use of things that are not currently within the existing wayleave horizon. I just flag up the difficulties associated with that.
Lord Fox (LD)
My Lords, I remind the noble Earl that Amendment 44 deals explicitly with the safety issues. He might want to reconfigure those points when we get there.
Taking the point from the noble Baroness, Lady Stowell, that we are focusing on Amendment 18, I will not seek to embellish the comprehensive and excellent speech from the noble Baroness, Lady Harding, but we should remind ourselves that the Bill allows for the sharing of historic wayleaves to share BT infrastructure under private land. It does not currently explicitly allow operators to use telegraph pole infrastructure on private land above ground. For places such as Herefordshire, where I come from, pole access is absolutely central to the rollout of fibre and a huge proportion of those poles sit on private land, so this matters quite a lot. I think 50% of premises in Scotland are connected by poles on private land.
As we have heard, the Bill as drafted would allow operators to use existing ducts to reach the base of such a pole, while existing provisions in the code allow for the flying of lines between poles, but no explicit right exists to access the pole itself or place apparatus such as small boxes—in practice, smaller than what is already there—on it. This amendment seeks to remove any ambiguity and make sure that what we believe to be the Government’s objective is fully written into the Bill, and that is why I am a co-signatory.
Viscount Stansgate (Lab)
My Lords, I will take advantage of the flexibility of debate outlined by the former Leader of the House to say that, although we are debating the amendment moved by the noble Baroness, Lady Harding, I for one would be interested to know whether the amendments that were to be debated, but for this very unfortunate cup of tea, will be moved on Report. It would help my fuller understanding of how debate on the Bill might progress.
Lord Vaizey of Didcot (Con)
I do not want to be sidetracked into a debate on the classification of wind or solar farms, but I would describe mobile phones as an essential utility. The noble Earl himself pointed out what pleasure he got from having an emergency services Airwave mast on his land and how important that is. Rural connectivity is becoming absolutely essential, which is why the Government have put £5 billion into supporting the shared rural network.
My noble friend Lord Northbrook spoke about his row about the mast on the M3. What he should also have pointed out about the reduction in rents perhaps reducing the opportunities for farmers to diversify is that it is a complete red herring. The opportunities for farmers to diversify are provided by giving better mobile connectivity. Anyone who knows Jeremy Clarkson and has watched his incredible programme “Clarkson’s Farm”—maybe he is one of the 50 rumoured Peers who will be coming into this House shortly and will give us the benefit of his views personally—will know that what is really holding back diversification are small, conservative, small-minded district councils that will not give planning permission for much needed restaurants, car parks and farm shops.
Lord Fox (LD)
My Lords, I shall not enter the zero-sum game debate we appear to be having. However, the really salient point I ask your Lordships, particularly the Minister, to focus on is the one made by the noble Earl, Lord Devon: if there is no financial incentive to landowners to take masts, there will not be masts and we need those masts. Whatever happens, the formula has to deliver an incentive to the landowners. The evidence is clear; that incentive is vanishing to the point where it ceases to be viable. That is the point your Lordships should focus on in this debate, and the one I hope the Minister brings to bear in his response.
Lord Bassam of Brighton (Lab)
My Lords, I shall be very brief. In general, I support the arguments of the noble Lord, Lord Clement-Jones. The arguments on retrospectivity, which the noble Earl, Lord Lytton, addressed, are sound; it surely cannot be right that we have a change that will penalise landlords in the way this does. A reform could lead to a sudden and significant sum of money being owed to telecoms operators by site providers. Some of those who provide sites could even end up in a form of bankruptcy, particularly if courts make a decision that goes back to a point at which the notice was served. Large sums of money will be involved.
Amendment 34, which we have signed, would ensure that interim rent payments could not be backdated to that point, prior to a court order being obtained. That would mitigate the risks of backdated payments causing site providers severe or significant financial difficulties. That is a reasonable and fair principle which should find its way into this legislation. We support the other amendments from the noble Lord, Lord Clement-Jones, in generality as well.
Lord Fox (LD)
My Lords, even more briefly, the Minister said in responding to the last group that the Government are clear that the cost of rent is too high and the purpose is to drive it down. In different comments, he stated that he felt these costs will eventually find their way to the consumer—I doubt that, but time will tell. What is the purpose of the retrospectivity and who will benefit? When will I receive my refund on my mobile phone bill for the retrospective repayment of this money? The answer is that I will not, so who will benefit from this and why are the Government causing it to happen?
Lord Sharpe of Epsom (Con)
I thank all noble Lords who have spoken to this group, which concerns both compensation and backdated payment. I shall start with the former. One of the main aims of the Bill is to ensure that where an agreement to which the code applies is renewed, there is a consistent approach in calculating the financial aspects and terms of that agreement.
Before I get on to the details, I will answer my noble friend Lady McIntosh, who strayed back into the general valuation principles. I note that my noble friend Lord Parkinson has committed to see what else can be distributed in terms of the evidence that she seeks. I reassure her that we have had extensive engagement with the NFU, but I will write to her with details of that.
The last group dealt with how Clause 61 does what I have just described in England and Wales, through changes to the 1954 Act that replicate the code valuation regime. This means that, when agreements are renewed under the 1954 Act, the new rent will be calculated in the same way as agreements renewed under the code. However, the 1954 Act deals solely with the rent that a landowner should receive from an operator. Under the code, this is not the only sum landowners can receive. The code also allows landowners to receive compensation from an operator. This compensation stands separately to the “rent” or consideration payable, and should cover any loss or damage resulting from the code operator exercising the rights that have been agreed or imposed.
There is no equivalent right to recover compensation within the 1954 Act. Clause 63 therefore inserts provisions into the 1954 Act that reflect the code provisions on compensation. This clause ensures that the amounts that landowners receive in compensation will be calculated in the same way, regardless of which statutory renewal mechanism is used and where in the UK that agreement was entered. Although the compensation provisions we are introducing will directly apply only if a renewal agreement is imposed by the court, it is inevitable that consensual negotiations can—and should—be influenced by the terms that might be imposed in those circumstances. This will influence consensual negotiations for agreements regulated under the 1954 Act, through which the parties can make adequate provision for compensation.
It was always the policy intention that the compensation provisions in the code should inform consensual negotiations for compensation in this way, and the same principle should apply to compensation provisions for the 1954 Act. We therefore want Clause 63 to stand part of the Bill.
Before I get on to the various amendments, I should say that the noble Earl, Lord Devon, referred to case law, on which I will expand a little. The courts have dealt with various points in connection with the Electronic Communications Code and the Landlord and Tenant Act 1954 and the matters we are discussing, and I do not think it would be necessarily helpful to discuss them in detail. We are happy to write to noble Lords or arrange a meeting if there are particular matters relating to case law that they would find useful to discuss, including in respect of the key judgment that was recently handed down by the Supreme Court, which is being considered carefully by department officials and legal advisers at the moment.
Lord Sharpe of Epsom (Con)
I am afraid that the answer to both of those questions is that I do not know. It would be remiss of me to anticipate the sorts of concerns we are listening to and the subjects they may raise. I will have to write to the noble Lord on that.
Lord Fox (LD)
Sorry to labour the point, but the Minister just introduced the concept of transitional provisions. Where are these transitional provisions made clear? How will we know what they are going to be? Where will they be planned? Are they coming through by statutory instrument, or are they just going to be sprung on us by the department?
Lord Sharpe of Epsom (Con)
I read my brief very carefully, and I said “any transitional provisions in respect of the Bill”—I did not say that there will be transitional provisions—after listening to the various concerns I just outlined.
I now turn to Amendment 34 tabled by the noble Lords, Lord Clement-Jones and Lord Fox, the noble Earl, Lord Lytton, and the noble Baroness, Lady Merron. This is an amendment to the 1954 Act which seeks to prevent interim rent being backdated where an agreement is renewed under that statute. As we have discussed when talking about Clauses 61 and 62, it is the Government’s intention that the various statutory mechanisms for the renewal of agreements to which the code applies is as consistent as possible, and this amendment would increase inconsistency.
First, the amendment would create inconsistency within the 1954 Act itself. The ability to seek backdated payments of interim rent would be prevented only where the site provider had given notice to the operator under Section 25 of the Act. Where an operator had served notice under Section 26 of the Act, the ability to seek backdated rental payments would remain. Secondly, it would create inconsistency between the 1954 Act and the code. Clause 67 will allow payment of a modified rate of consideration to be backdated to the date of the application, whereas I understand that the noble Lords’ intention is to prevent rent from being payable at the backdated interim rent rate. It is difficult to justify such inconsistency.
Finally, the ability to seek an interim rent which is backdated is not a new concept. The parties would have been aware of this when entering into those agreements to which the 1954 Act applies. There is always a risk that the market will have adversely changed between the date on which the agreement was entered into and the time when the agreement is ready for renewal, and that the interim rent will be less than the amount currently paid. I appreciate that this may be exacerbated by the imposition of the code valuation framework on these agreements, but the Government will look at this impact when drafting any transitional provisions.
Absolutely finally, the point made by the noble Lord, Lord Clement-Jones, about picking and choosing, was covered by my noble friend Lord Parkinson on the first day of Committee in relation to Amendment 17, but if there are any outstanding questions on that, we would be very happy to discuss them separately. In answer to the question from the noble Earl, Lord Devon, about general valuations, my noble friend will deal with that in the next group. Under the circumstances, I hope that noble Lords will not press their amendments.
Lord Northbrook (Con)
My Lords, briefly, I support the amendments in the name of the noble Lord, Lord Clement-Jones, the noble Baroness, Lady McIntosh, and the noble Earl, Lord Devon, which would make ADR mandatory, noting the lack of confidence in the current situation and the overt distrust, as mentioned by the noble Earl, Lord Lytton. I hope this process might also speed up the whole 5G rollout.
Lord Fox (LD)
My Lords, while we were debating the previous group, the Government seemed to be getting ready to embrace an influx of court cases by going from two judges to 100. The intention of the large number of amendments here is to avoid that eventuality. If the Government Front Bench is not happy with the words, it should be happy with the spirit of driving the alternative dispute resolution process. It would be good to have some acknowledgement from the Government, when we get to their response, that this ADR process will be central to avoiding the sort of things we were talking about in the previous group.
Amendment 39 is intended to force operators to give greater weight to Ofcom’s code of practice, which it is currently obliged to prepare under paragraph 103(1) of the ECC. Amendments 40, 41 and 42 aim to address non-compliance with Ofcom’s code of practice, and Amendment 44 deals with building safety. That could have been separated out into another group. I will speak specifically just to Amendments 42 and 44, because they are in my name.
Amendment 42 requires that Ofcom include in its code of practice guidelines on when operators must pay compensation to those affected by the operator’s failure to adhere to the code of practice. This compensation is limited to 100% of the total value of the contract to which the dispute relates. We do not expect that this would be the standard award and we have intentionally left it to Ofcom to draft guidelines on this issue. In fact, as my noble friend Lord Clement-Jones set out, Amendments 40, 41 and 42 work together with the aim of promoting consensus-based agreements, and to have a market that works effectively and is not stuffed up with disputes—which comes back to my first point.
In a gear change, Amendment 44 focuses on building safety, raised by the noble Earl opposite in the context of a previous group. The amendment would place a duty on network providers to ensure that any work done on communications infrastructure does not compromise building safety. Specifically, we are concerned about the interaction of digital infrastructure installation with the findings of the Hackitt report into building regulations and fire safety, which followed the dreadful Grenfell Tower tragedy.
As the Minister will be aware, in her report on the Grenfell disaster Dame Judith Hackitt recommends that the
“creation, maintenance and handover of relevant information”
should be
“an integral part of the legal responsibilities on Clients, Principal Designers and Principal Contractors undertaking … work on”
high-rise residential blocks. This matters because when a telecoms operator runs internal cabling in blocks, each hole is potentially a breach of a firewall. It seems to us that installation of gigabit-capable cabling is one of the most likely modifications a multi-residence high-rise block could face, and operators need to be obligated to meet safety requirements. If the Bill remains in its current form, digital contractors will have access rights that exceed those of the blue-light services, so where do they sit regarding their obligations to the Building Safety Act and in fulfilling the aims of the Hackitt report?
The purpose of Amendment 44 is to probe where telecoms and broadband contractors sit in the new environment of the Building Safety Act. I understand that, as a consequence of that Act, statutory instruments would be brought forward to compel certain actions from utilities contractors. My understanding is that the Government do not regard digital infrastructure as a pure-play utility function. Therefore, will there be a statutory instrument specifically to target digital infrastructure? In responding to this, the Minister may want to explain what statutory instruments are expected, with reference to which bits of which Act.
Baroness Stowell of Beeston (Con)
My Lords, my noble friend the Minister will remember from my remarks at Second Reading that my main concern is about the sense of unfairness that exists between the site owners and the mobile network operators. Because of that, I hope the Government will agree to look at making some changes to the legislation. We will come to the economic impact assessment later this evening. I have some sympathy with the suggestion of a mandatory alternative dispute resolution in the way it is described in Amendment 35. As I say, this is just a general gentle expression of warmth towards that as a way of signalling to people who at the moment feel a sense of some unwillingness on the part of the Government to recognise that there needs to be some change. I look forward to hearing what my noble friend has to say.
Lord Fox (LD)
As I explained earlier, it is a probing amendment designed not to go into legislation but to get an answer, and the answer was not forthcoming.
First, the code is designed to comply with building safety that has come before it. The Building Safety Act is subsequent to the code so in this respect, that is not a helpful answer. Secondly, there are specific statutory instruments, as a result of the Building Safety Act, which deal with utilities. I asked a very clear question: will the Government be considering this function of digital infrastructure to be a utility? Also, will there be statutory instruments as a result of that Act which cover this issue, or does it need to be covered in another way? It is not covered in the answer the Minister has just given, so this must be specifically opted into the process that the Building Safety Act has ushered in as a result of the Hackitt review.
Lord Parkinson of Whitley Bay (Con)
The Building Safety Act received Royal Assent on 28 April, as the noble Lord knows. It will strengthen oversight and protections for residents in high-rise buildings, it will give a greater say to residents of tall buildings and it will toughen sanctions against those who threaten their safety. Its focus will help owners to manage their buildings in a better way while giving the housebuilding industry the clear and proportionate framework it needs to deliver more and better-quality homes.
Building regulations to be made under the new powers inserted by that Act will provide for more stringent requirements, separate from the Electronic Communications Code, regarding building work on high-rise buildings. People undertaking such work as employees or contractors of companies, including network operators, will have duties to ensure that their work complies with all the relevant building regulations. That will include the provision of information as part of the golden thread which will be handed over to accountable persons on completion of the building work.
I note also that the building regulations already include requirements to install infrastructure to support high-speed electronic communications networks in new buildings. DCMS has consulted on plans further to amend the building regulations to mandate gigabit-ready infrastructure and gigabit-capable connections to new homes. When such work is carried out it is required to meet all relevant requirements of the building regulations, include those for fire safety, so we do think that this is provided for already. I understand that it is a probing amendment; none the less—
Lord Fox (LD)
Without labouring the point tonight, the Minister can perhaps pander to my curiosity and come back with the specific statutory instruments that are expected to implement this. As I understand it, statutory instruments were laid and then withdrawn, and I do not think that they included digital infrastructure in the initial wording. I have a specific concern that there is a slight falling between the cracks. Perhaps the Minister can reassure me with some specifics in a letter.
Lord Parkinson of Whitley Bay (Con)
I am very happy to consult my colleagues at the Department for Levelling Up, Housing and Communities and to provide the letter the noble Lord requires. I invite him now to withdraw his probing amendment, and other noble Lords not to move theirs.
Product Security and Telecommunications Infrastructure Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Lord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
Product Security and Telecommunications Infrastructure Bill
Lord Fox ExcerptsWednesday 29th June 2022
(1 year, 9 months ago)
Lords ChamberRead Full debate Product Security and Telecommunications Infrastructure Act 2022 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 16-II Second Marshalled list for Committee - (27 Jun 2022)
Lord Fox (LD)
Incredibly briefly, I will speak to Amendment 46, which I have signed. The Government’s aim, Her Majesty’s loyal Opposition’s aim, and our aim is to speed up the rollout of infrastructure. This amendment as crafted by the noble Baroness, Lady Merron, and the noble Lord, Lord Bassam, which I was pleased to sign, is a very simple measure to help in that objective. If the Government have not already thought of it, they should embrace it. Whether it requires primary legislation or otherwise, an undertaking from the Dispatch Box that this will be done would be a very good way of speeding up infrastructure implementation.
Lord Sharpe of Epsom (Con)
My Lords, this was a brief debate. I turn first to Amendment 43. I thank the noble Lord, Lord Bassam, and the noble Baroness, Lady Merron, for raising this important subject.
The Government are committed to delivering policy which helps rollout for everyone, and support the entire telecommunications sector in delivering connectivity. Ensuring that local authorities are ready to facilitate rollout as quickly as possible is a key part of this. It will benefit people across the UK in receiving the best possible service and ensure that all operators are able to compete to provide that service.
Local authorities should have autonomy to serve their communities in the way that they see fit. The difficulties faced by urban communities are likely to be very different from those faced in the highlands, for example. The Government believe that local authorities are best placed to decide how to lead and foster digital rollout in their local area.
Mandating local authorities to designate a particular officer responsible for digital connectivity would be too prescriptive. However, we recognise the considerable benefits of having a dedicated lead on digital infrastructure in local and regional authorities, which is why we strongly recommend this approach in our digital connectivity portal, DCMS’s official guidance for local authorities concerning connectivity. The portal provides a huge amount of practical information for local authorities—for instance, on debunking myths around 5G, making assets available for hosting equipment, and the application of the Electronic Communications Code and planning regulations. The digital connectivity portal is a vital enabler for local authorities to facilitate digital infrastructure deployment.
In May last year, the then Minister for Digital Infrastructure also wrote to all chief executives of local authorities to encourage them to appoint a digital champion and to engage with DCMS. I understand that as many as 80 authorities have responded and officials have been able to offer support to them. We have also provided £4 million of funding for the Digital Connectivity Infrastructure Accelerator programme, designed to foster increased collaboration between local authorities and the telecommunications industry. Local authorities can take advantage of these tools and funds to take the steps most appropriate in their area to encourage and facilitate rollout. I hope that gives reassurance on how seriously the Government take local authority engagement, and that the amendments will not be pressed.
If I might anticipate a possible comeback, it sounds like we very much agree with the noble Lord, so to be consistent about my inconsistency, we are not going further and mandating this because the Government seek to balance the national objective of accelerating digital infrastructure rollout with the need to allow local authorities to make the best choices for their communities. Each local authority will have a different approach to its specific local challenges. We feel that further imposition of rules from central government in these spaces risks disrupting environments that are already encouraging investment in infrastructure rollout.
Amendment 46 asks whether the Government intend to introduce a streamlined subsidy scheme for telecommunications infrastructure to reduce administrative burdens on public authorities. To provide some context, the new Subsidy Control Act, which has not yet fully come into force, gives the Government the ability to create streamlined subsidy schemes for all public authorities to use. The streamlined schemes are intended to provide a way of granting subsidies quickly, with little administrative burden, while also providing legal certainty to both the public authority awarding the subsidy and the beneficiary of the subsidy. The Government intend that these should facilitate the award of low-risk and uncontentious subsidies in areas of policy that are strategically important to the United Kingdom. Streamlined subsidy schemes will be considered for categories of subsidy where they will add clarity for public authorities and make the assessment of compliance simpler.
Although the Government currently have no plans to create a streamlined subsidy scheme for the installation of telecommunications infrastructure, we remain committed to delivering and supporting the rollout of such infrastructure as soon as possible. BDUK’s Project Gigabit is delivering gigabit-capable broadband across the UK, working closely with public authorities, including the devolved Administrations and local authorities, to help refine procurement boundaries, validate the market’s local investment plans and stimulate demand for gigabit vouchers.
The work we have undertaken so far has shown that the model is effective at responding to changing market conditions by refining or combining procurement boundaries to reach efficient scale and secure value for money for public subsidy. DCMS will continue to engage and consider how to support public authorities as best as possible to reduce administrative burdens, including on any considerations on subsidy control or future streamlined subsidy schemes.
I hope that explains why the Government consider that a streamlined subsidy scheme for telecoms infrastructure is not needed at this time. However, this will be kept under review. I ask noble Lords not to press their amendments.
Lord Northbrook (Con)
My Lords, I support this group. I was initially rather astonished by the Minister’s lame response at Second Reading that the Government will not make public their investigation into the effect of the Digital Economy Act 2017. Investigating the subject further, I read the respected Centre for Economics and Business Research document on the matter. It says that the Government’s electronic communications changes have not delivered a faster 5G rollout, and that it is slower than the pre-2017 status quo. But for the 2017 reforms, it says, 8.2 million more people would have 5G coverage by now than can currently access it. The CEBR says that the proposed changes to the ECC will cost UK GDP £3.5 billion by 2022. Adoption of an alternative code based on Law Society proposals would reverse the losses imposed by the 2017 reforms—so the Government might not want to do this review after all. Could the Minister comment on the CEBR findings?
Amendment 45 particularly appeals, because the review would have to be done quicker than that under Amendment 49, and it is more detailed in subsection (2). Subsections (2)(a), (b) and (c) mention
“the extent to which the 2017 revisions have secured progress towards Her Majesty’s Government’s targets relating to telecommunications infrastructure … the impact of the 2017 revisions on rents under tenancies conferring code rights, and … the case for re-evaluating the value of rents under tenancies conferring code rights.”
I also give my support to Amendment 50.
Lord Fox (LD)
My Lords, if there is an abiding theme in this group, it is transparent reporting and then using the data within those reports to make sensible decisions.
Notwithstanding the Minister’s special day tomorrow, I am guessing that he is quite a lot younger than me, so he might be able to remember his childhood. I can remember a game that we used to play, of running down hills with our eyes closed. This was tremendous fun, until it stopped—and it usually stopped when you fell over or hit something. The argument advanced by the Government is, “We mustn’t do a review. We can’t have data because it’ll upset the market”—in other words, we cannot open our eyes because it will stop us running down the hill fast enough. That is the nature of what we are doing. In order to make sure that we do not fall over and that we are running in the right direction, we need to have our eyes open. In their different ways, these amendments seek to open our eyes to the effect that the Bill and all of this public and private investment will have on the objective that we all share: putting fibre in every home in this country. Without information, and without transparency in that information, we will not know how fast we are going and in which direction.
I care little about whether the Government accept the words in these amendments, but I do care about a Government who have enough sense to get the information, publish it and then act on it.
The Parliamentary Under-Secretary of State, Department for Digital, Culture, Media and Sport (Lord Parkinson of Whitley Bay) (Con)
My Lords, I am particularly grateful to my noble friend Lady Stowell for her early birthday wishes. Finishing Committee a day ahead of schedule is a delightful early present. There are still to hours to go before tomorrow, and I hope that we will rise before noble Lords have to sing “Happy Birthday”.
Amendments 45, 47 and 49 seek to impose duties on the Government to assess and report on various impacts of the 2017 code reforms and, indeed, of this Bill once brought into force. I certainly appreciate the spirit of these amendments, which are designed to ensure that the Government are held to account; the noble Baroness, Lady Merron, referred to the conversations we had right at the beginning of our discussions on the Bill. Noble Lords will know that there are already ways in which some or all of the effects of these amendments can be achieved. For instance, Ofcom publishes its annual Connected Nations report, which it updates a further two times a year; this provides a clear assessment of the progress in both fixed and mobile connectivity. I hope that noble Lords will agree that the independent regulator is well placed to provide information on the progress of gigabit-capable broadband. Moreover, the Government continue to answer questions and provide clarity on all aspects of their work in this area, both in your Lordships’ House and in another place.
Amendment 45, tabled by the noble Baroness, Lady Merron, and the noble Lords, Lord Bassam of Brighton and Lord Blunkett, seeks an assessment of the legislation passed in 2017 to update the code, and particularly the impact of changes to the valuation regime. When the 2017 reforms were introduced, we recognised that the market would need time to adapt and settle. We have engaged with interested parties since the reforms came into force to identify any emerging issues. In our view, there is not yet enough evidence for a properly robust and comprehensive analysis to be made of the impacts that the 2017 reforms have had, of which the valuation framework was only one aspect. That is particularly the case given the impact of the Covid-19 pandemic, which has caused major shifts both in the demands on telecommunications operators and on their ways of working. However, in light of the feedback we have received through our engagement and our public consultation, the Government believe that the changes we are making in the Bill are needed to ensure that the 2017 reforms have their intended effect. That is not to say that we think the 2017 reforms failed—much progress has been made; we simply think that more can and must be done to maximise their impact. Making these changes now through the Bill will help to meet the Government’s 2025 connectivity target for at least 85% of homes and businesses to have access to gigabit broadband.
The noble Baroness, Lady Merron, asked how often our engagement has taken place. The access to land workshops is one part of it; there are in fact three separate groups which have been going for over a year. They met this month and will meet again in July, so we are undertaking that engagement on a regular basis.
Amendment 47, tabled by the noble Lords, Lord Fox and Lord Clement-Jones, asks the Government to review and report on the impact of Part 2 of the Bill against our gigabit delivery targets. Again, I appreciate that noble Lords will be keen to ensure, as they should, that the Government are on track with their commitments. DCMS currently carries out monitoring, and regular updates are published on a quarterly basis by Building Digital UK. That monitoring and reporting will naturally capture and reflect any accelerations that occur after this Bill comes into force.
The most recent Project Gigabit quarterly update highlighted the progress we are making. This includes reaching a milestone of over 100,000 broadband vouchers issued, worth more than £185 million, with 65,000 claimed to date to support households and businesses with the additional costs of securing gigabit-capable connections; launching two new regional procurements in Norfolk and Suffolk and two local supplier procurements in Cornwall, bringing our total live procurements to 10 and extending gigabit-capable connectivity to up to around 380,000 premises; completing over 20 market engagement exercises across the UK further to inform our future procurement pipeline; and launching as an executive agency of DCMS and publishing our first corporate plan setting out our key strategic objectives for 2022-23 and how Building Digital UK will drive the expansion of gigabit connectivity to all parts of the country.
Lord Fox (LD)
Briefly, if it is going so well, why are the Government changing everything? The Minister has just told us how well it is going, and now they are changing everything.
Lord Parkinson of Whitley Bay (Con)
From our engagement, to which I have referred, we believe it is going well and progress has been made, but our engagement with stakeholders suggests that the reforms that we are putting forward through this Bill are needed. We are extending that progress following consultation.
Lord Parkinson of Whitley Bay (Con)
With such an accelerating market, thanks to the pro-investment environment that the Government are creating, it is quite challenging to quantify the extent to which progress is attributable to any single piece of legislation in a market that reflects so many factors. That is one reason why we think it would be of limited value.
My noble friend Lord Northbrook asked me to comment on the Centre for Economics and Business Research report on the 2017 reforms. We believe that the CEBR report does not provide a sufficiently rounded picture in its assessment of how the 2017 reforms have affected the pace of telecommunications delivery. The Government, as I have said, acknowledged in 2017 that reductions in payments could make landowners less keen to enter into agreements to host apparatus on their land. We expected an initial slowdown following the implementation of the 2017 reforms while the market adapted to them, but our understanding, informed by our conversations and consultation, is that both new and renewal agreements are now being successfully concluded. For instance, we were informed in January this year that, since 2017, 900 agreements had been renewed and that 83.5% of those agreements were concluded consensually, to give noble Lords some data.
Lord Fox (LD)
By extension, is the Minister expecting a slowdown again as the market gets used to these changes? Clearly, the Government expected a slowdown when they made the last set of changes; are they anticipating a similar slowdown this time?
Lord Parkinson of Whitley Bay (Con)
These changes build on the changes of 2017, so we do not expect there to be such an impact, because there is not such a change for the market.
We think it is too simplistic to attribute the changes in the market since 2017 solely to the valuation framework. The reforms in 2017 also made it easier for operators to share equipment, which will have reduced the demand for new mast sites to be built. Of course, we all hope that there will not be disruptive effects of a pandemic, as we have seen in the years since 2017.
Amendment 49, tabled by the noble Lords, Lord Clement-Jones and Lord Fox, and the noble Earl, Lord Lytton, asks the Government to conduct an implementation review of the Act after it is brought into force. However, we believe including such a requirement in the legislation is not necessary. The Government will of course monitor the effect of this legislation to understand how it is working in practice. Requiring an assessment at a specific time and which is focused on such specific elements would fetter the Government’s ability to judge when a meaningful review of progress can most sensibly be completed and what information it should include. I am happy to reassure my noble friend Lady Stowell that of course we want to monitor the effect of this legislation and to see and understand how it is working in practice.
Amendment 50, tabled by the noble Lords, Lord Clement-Jones and Lord Fox, the noble Earl, Lord Lytton, and the noble Baroness, Lady Merron, seeks to impose duties on telecommunications operators to provide a variety of annual data to Ofcom. It must be remembered that imposing reporting obligations on the industry necessarily diverts resources away from delivering the very targets that the Government have challenged them to deliver and on which noble Lords are rightly pressing us for progress. Any such obligations must therefore be proportionate.
The Communications Act 2003 already gives Ofcom substantial powers to collect and publish data. Procedures are therefore in place to monitor the progress that is being made and to ensure that details of this progress are published. For example, licence obligations for the shared rural network require mobile network operators to report on coverage and the number of new sites built through the programme. Operators also provide Ofcom with information on the geographic availability of coverage to enable consumers to make informed decisions. This is all data that is, or will be, published in Ofcom’s Connected Nations report.
Product Security and Telecommunications Infrastructure Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Lord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
Product Security and Telecommunications Infrastructure Bill
Lord Fox ExcerptsWednesday 12th October 2022
(1 year, 6 months ago)
Lords ChamberRead Full debate Product Security and Telecommunications Infrastructure Act 2022 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 16-R-I Marshalled list for Report - (10 Oct 2022)
Lord Clement-Jones (LD)
My Lords, in moving Amendment 1, I shall speak also to Amendment 13. My noble friend Lord Fox will speak to Amendment 3 in the same group. First, I warmly welcome the noble Lord, Lord Kamall, to his new role in DCMS and join others in that welcome. I am sure he has already found the company of those who speak on DCMS matters very congenial, but he will also note that there are a number of all-purpose vehicles here, so he has probably met quite a number of us already.
In Committee, we called for the three security requirements to be set out expressly in Part 1 of the Bill. At the moment they are promised in secondary legislation without any draft being available, as is, I am afraid, the Government’s consistently bad habit. Customers need absolute clarity on the support period that manufacturers will offer so that they are able to make more informed purchasing decisions. I cannot understand why the Minister’s predecessor insisted in Committee that the minimum security requirements should be stated in secondary, not primary, legislation. He said it was important that technology regulation enables the Government to respond to changes in threat and technology and to the regulatory landscape; surely, these are security principles which should endure.
As for mandating minimum security updates for periods for connectable products, the Minister said that there is no consensus among industry experts on how long security updates ought to last. This is foggy thinking—how can the Government not have taken a view? Contrast the approach of the European Union, which has recently published its own equivalent Cyber Resilience Act. Crucially, the EU has imposed a five-year mandatory minimum period in which products must receive security updates. A rigid five-year period is not necessarily desirable, but the commitment to set out in legislation a mandated period in which products receive security support is very welcome. Before Third Reading the Government really should undertake to look closely at the EU proposals and tighten up the Bill. Why should EU consumers get a better deal than UK ones?
As regards Amendment 13, on computer misuse, the noble Lord, Lord Arbuthnot, introduced this amendment in Committee and this one is exactly the same. Under regulations that will be introduced following the passage of the Bill, manufacturers will be required to provide a public point of contact to report vulnerabilities. However, without a statutory defence in the Computer Misuse Act, it is clear that cybersecurity researchers can still face spurious legal action for reporting a vulnerability to a company which can decide on a whim to ignore its vulnerability disclosure policy—a practice known as “liability dumping”. Amendment 13 seeks to ensure that cybersecurity professionals who act in the public interest in relation to testing relevant connectable products can defend themselves from prosecution by the state and from unjust civil litigation.
In Committee, the noble Lord, Lord Parkinson, seemed to say conflicting things. He said that the key thing is to set professional standards to measure the competence and capability of security testers, and that that is why the Government set up the UK Cyber Security Council last year. On the one hand, he said:
“We should be encouraging this rather than creating a route to allow people to sidestep these important issues.”
On the other, he said that the Government are listening to the concerns expressed by the CyberUp campaign and that the Home Secretary had announced a review of the Computer Misuse Act. The Minister said:
“The evidence which is being submitted to the review is being assessed and considered carefully by the Home Office.”—[Official Report, 21/6/22; col. 212.]
Are the Government positive or negative on this? What approach are they taking? We are past the summer now, in any event. Is there any prospect of change to the Act? I beg to move.
Lord Fox (LD)
My Lords, I too welcome the Minister to his new role. I think DCMS will be at least as busy as his previous engagements, so we look forward to seeing him on his feet at the Dispatch Box quite a lot.
The unifying feature of these three amendments, which in policy terms are different, is that we are seeking some clarity. So, I support my noble friend in Amendments 1 and 13, and I rise to speak to Amendment 3 in my name. Given that online marketplaces represent the single most popular point of sale for connected products, these platforms should have responsibilities for the security of the products they are selling. That is what we are seeking clarity on today. If online marketplaces are not held responsible under the Bill, these insecure products will continue to be sold and, in all likelihood, their sale would become more prolific.
One of the last things the noble Lord, Lord Parkinson, did as Minister was to dispatch a letter to me in response to queries such as this raised in Committee about the status of online marketplaces—the fear being that channels such as listings platforms and auction sites such as eBay, Amazon Marketplace and AliExpress might present a loophole. The problem is the lack of clear definition for the various players that are part of the internet value chain and the fact that these players have different degrees of insight or control over what is happening online.
As the Minister will see from his predecessor’s letter, dated 21 September 2022, the department’s stated position for online marketplaces is that,
“businesses need to comply with the security requirements of the product security regime in relation to all new consumer connectable products offered to customers in the UK, including those sold through online marketplaces”.
I would appreciate it if the Minister could confirm this from the Dispatch Box. It is paramount that online marketplaces are given this obligation in the Bill to ensure this security, regardless of whether the seller is a third party. It would help very much if the Minister set out what the Government’s definition of an online marketplace is.
How does the Minister’s department plan to deal with the retailers, which are far away, possibly with their real identity obscured on the online marketplaces? Will the department go to the online marketplace first and how will that process be marshalled? In other words, when a customer has a problem, who do they contact?
Lord Bassam of Brighton (Lab)
My Lords, before I make any comments on this group, I join noble Lords in welcoming the noble Lord to his new position on the Front Bench. I think this Bill is a gentle introduction, and this afternoon will probably give voice to that sentiment. I do welcome him. We have been delighted by the general response we have had from the department on the Bill and the open way in which the noble Lord’s predecessor approached things. I am sure the noble Lord will continue very much in that vein.
This amendment was resisted when we were discussing these matters in Committee, on the basis that minimum requirements will swiftly be set out in regulations. Regulations are not always swift in coming, so perhaps it would be useful for the Minister to remind us how quick that will be. Is he in a position today to commit to a timescale for the full details to be brought forward? This is, after all, an important piece of protective legislation, as noble Lords around the House today have made clear, and, given that it is about protecting customers and consumers, it is important that we have some assurance on that point.
The questions that our noble friends on the Lib Dem Benches have asked are very important ones and they require to be answered. Although the Minister will no doubt resist these amendments, it would help us if we had some further reassurance, perhaps before we get to Third Reading. However, we are grateful for the written assurances that the Minister’s predecessor offered in relation to online marketplaces, and we hope that the current provisions will prove effective. I ask the Minister to outline how the Government would amend those provisions should that need arise in future. The noble Lord, Lord Parkinson, was always willing to provide us with some written responses, and that would probably suffice for us for today’s debate and deliberations. I look forward to hearing what the Minister has to say on this.
The Parliamentary Under-Secretary of State, Department for Digital, Culture, Media and Sport (Lord Kamall) (Con)
My Lords, I thank those noble Lords who gave me a warm welcome—and indeed those who did not. Many noble Lords will know me from my work in the previous department. In the case of the noble Baroness, Lady Merron, who was one of the first to welcome me, it is just a continuation; we seem to be inextricably linked in some way.
I pay tribute to my predecessor, my noble friend Lord Parkinson, for his work as the DCMS Minister. He was widely praised and I think people appreciated his engagement. Those who have engaged with me on previous legislation know that I tend to have a very open policy as well. I am happy to have as many meetings as we need and to facilitate meetings with officials, so please have no fear about asking for those meetings; I will be happy to do that as much as possible.
I turn to Amendment 1, from the noble Lords, Lord Clement-Jones and Lord Fox. I thank them for retabling this amendment, which first appeared in Committee. I also thank them and other noble Lords for meeting me before today.
We think that the threat landscape is ever-changing. Security requirements that are appropriate today could change and differ in the future. Setting that out in primary legislation would limit our ability to respond to threats in the future, impose barriers to innovation and leave unnecessary regulation still on the statute book or unnecessarily complicate the regulatory framework. The vast complexity of the connectable technology landscape means that the definitions used in our security requirements need to be carefully nuanced and readily updatable to avoid imposing unnecessary or inappropriate burdens on industry as those technologies develop. For example, we set out in our 2020 call for reviews that we do not currently consider it appropriate for our intended passport requirements to apply to API queues. Connectable products may be able to access a large number of API interfaces, many of which do not have a material impact on the security of the product. Compelling the Government to extend this password requirement to all APIs key to the product, as this amendment would entail, is exactly the sort of unnecessary industry burden that we are trying to avoid while making sure that we stick to setting out the requirements in regulations.
The Government are unwavering in our commitment to bringing forward security requirements that ban universal default and easily-guessable passwords, mandate the publication of a vulnerability disclosure policy and mandate transparency concerning security update provision. My officials have been working diligently to develop regulations that realise that commitment, and we hope to engage on the regulations in draft by the end of the year. Something that I often to say to my officials, whichever department I have been in, is that there are two phrases that I do not like to see: “in due course” and “at pace”. I like to give an indicative timeframe, so I hope the timeframe of “by the end of the year” gives some assurance.
That is why we do not believe the amendment is necessary, and I hope the noble Lords will consider withdrawing it. On top of that, I am willing to have meetings in future to clarify anything that noble Lords feel has not been clarified.
I turn to Amendment 3, tabled by the same double act of the noble Lords, Lord Fox and Lord Clement-Jones; I think this is going to be a recurring theme in my time as the Minister here. The proposed amendment aims to define online marketplaces as “distributors” for the purposes of the Bill. I assure noble Lords that the Government are on the side of the consumer. That is why the Bill requires all—I repeat, all—UK consumer connectable products to be secure, including those sold via online marketplaces. The Bill will ensure that where online marketplaces manufacture, import or sell products, they bear responsibility for the security of those products. Where this does not happen, I assure noble Lords that they should make no mistake: the regulator will act promptly to address serious risk from insecure products, and work closely with online marketplaces to ensure effective remedy.
We recognise that as well as bringing benefits to consumers e-commerce brings challenges—the double-edged sword of technology. This is one of the reasons why the Government are reviewing the product safety framework. We will publish a consultation later this year—once again, not “in due course” but later this year —with detailed proposals on tackling the availability of unsafe and non-compliant products sold online. Consumers need clarity and better protection, and this will be a priority for our work in this space.
I hope that the ambition of this Bill, its enforcement plan and the outline of further policy engagement will provide some confidence for noble Lords not to press Amendment 3.
Lord Fox (LD)
In reference to the consultation, does the Minister include product safety and product security in the term “unsafe”?
Lord Kamall
We understand that they are two different things, but I am happy to clarify and come back to the noble Lord—I hope to do so before we come to future amendments.
Amendment 3 aims to define what a “distributor” is for the purposes of the PSTI Bill. The Bill requires all UK consumer connectable products to be secure. Where it does not happen, the regulator will act promptly. For e-commerce, given the double-edged sword of technology, reviewing that framework is important. I hope the ambition of the Bill encourages noble Lords to consider not pressing the amendment, but once again I am happy to engage further for clarification and to address any outstanding concerns.
Let me turn to Amendment 13. The Government are listening to and considering concerns that the Computer Misuse Act is constraining activity that would enhance the UK’s cybersecurity. We understand that if you want to test cybersecurity you have to be able to test its breaking point. We are trying to strike the right balance between providing suitable reassurances for well-meaning individuals who want to identify vulnerabilities and not allowing malicious actors to access devices without consent. There are risks here. It is very nuanced, and the Government do not want to rush into legislative change without clear evidence to justify any such change to existing law. As the noble Lord, Lord Clement-Jones, said, the Home Office has been conducting a review of the Act since 2021, and the proposals for statutory defences have been an integral part of this review. I can confirm that a response that sets out how the Government plan to proceed should be published in the coming weeks, and an update will be provided to this House.
I hope that this will provide sufficient assurances on these three amendments, and the noble Lords will consider withdrawing and not pressing their amendments. I repeat the offer of continued engagement and meetings for clarification and to reassure noble Lords.
Lord Fox (LD)
My Lords, Amendments 2, 4 to 12 and 14 very much reflect amendments that I tabled in Committee, and in that regard, I am very pleased to see them reappearing with the Minister’s name on them.
The Minister was mercifully spared one of my longer speeches in Committee where the full set of concerns raised by the Delegated Powers and Regulatory Reform Committee was discussed. For that, he may be truly grateful. We are pleased that these amendments have come back, but I am disappointed that the Minister feels that the Government still need the breadth of powers claimed in Clauses 11, 18, 19, 24 and 25. These are justified, as usual, by the need for flexibility. However, if our working during the Covid crisis showed nothing else, it demonstrated that Parliament could move swiftly and that we were not an impediment to flexible action. I am sure that in his former role the Minister saw us demonstrate that across the Floor many times in dealing with statutory instruments quickly and clearly. It seems that departments have grown very accustomed to using primary legislation to create generously for themselves the ability to act in wide-ranging ways without further or significant recourse to Parliament, and we have to spend an awful lot of time reining that back.
Without sounding too churlish given that the Minister has conceded on a number of things, I think this is a generally avoidable process. I feel sure that the people drafting legislation and the Ministers know what the DPRRC will say about this almost continuous stream of legislation that seems to take power from Parliament, yet each time we do the same dance between the department, the draft, the DPRRC and your Lordships. This is an avoidable process. That said, I thank the Minister for retabling the amendments.
The removal of Clause 57 via Amendment 15 is of course very sensible given the judgment of the Supreme Court, and we support that.
I am pleased that the Minister has clarified which body will be dealing with this in terms of empowerment. On the OPSS, the Minister talked about capacity. This is a big new job for that body, and it needs not just the capacity that it has but future resources. Can the Minister assure your Lordships’ House that that body will have the resources to be able to do what is a really big job? If you look at what is going out on the internet-enabled markets, this is a huge job. Can that body be assured that it will get the resources it needs to ensure that consumers’ security is not jeopardised?
Lord Bassam of Brighton (Lab)
My Lords, I am reflecting on the points that the noble Lord, Lord Fox, made about statutory instruments. I guess that I have heard those arguments over much of the 25 years that I have been here, and I have a lot of sympathy with them. I had less sympathy when we were in government, but I have more sympathy now.
I too am pleased to see these amendments, which in part reflect the debate we had in Committee and the amendments that were moved by our colleagues on the Liberal Democrat Benches. They in turn were of course a reflection of the comments made by the Delegated Powers and Regulatory Reform Committee, and for that reason we welcome their tabling. It ill behoves any Government to ignore the wise words of the DPRRC. Not all the amendments are in response to its report—Amendments 15 to 17 are not—but they are a sensible response and reaction. We would expect the Government to do no less.
As our colleagues on the Lib Dem Benches have said, the removal of Clause 57 comes as the result of the recent Supreme Court ruling on the same topic. We are aware that operators have very much welcomed the clarity offered by that ruling. We welcome the DCMS withdrawing the clause. If it had not, we would have been left in a very confused position.
We welcome these amendments. We are pleased to see the Government being responsive. We are grateful that they have reflected on our earlier debates. With that, we offer our support for these amendments.
The Earl of Devon (CB)
My Lords, I will speak briefly. It is wise for the Government to make this amendment, given the dangers that have been identified to national security infrastructure of unfettered telecoms operator access.
This necessary amendment highlights two key issues. First, it highlights the broad powers conferred by the ECC on mast operators to access to public and private property and undertake works on it. It is not just the national security infrastructure that is threatened by the code provisions but private and public interests of many types. Secondly, the fact that the Government have become aware of this important concern only now, in the final stages of the Bill’s passage, is a compelling illustration of how totally inadequate the consultation process has been and how essential it is to conduct a proper review, an issue that we will come back to.
Lord Fox (LD)
My Lords, the noble Lord, Lord Kamall, has demonstrated a prodigious ability to outsource the responsibility for presenting the government amendments. We welcome the noble Lord, Lord Sharpe, to this Bill.
As the noble Earl, Lord Devon, pointed out, this is late to the party. It is also the first time we have heard the explanation for this Bill, though others may have been lucky in having it. We had a meeting with the noble Lord, Lord Kamall. No one from the Home Office was there to give us the information we have just received, so I am absorbing it for the first time—a relatively unsatisfactory process. That said, this is an important area. I am surprised that the code has somehow been allowed to continue for as long as it has without this issue cropping up. Have there been specific issues which have caused this to happen, or is it still a hypothetical matter that the Government are seeking to deal with?
Everybody can appreciate the problems of sticking a 5G tower on top of GCHQ. No one wants to see it, but I can imagine that the reality is a more subtle set of problems. We on these Benches seek a better sense of the real-life cases which the new clause seeks to stop. The Minister singled out technical risks in particular. Those exist beyond the site itself, on the environs. I am interested to hear from the Minister how the clause deals with a 5G site put adjacent to a security site. What thresholds are the Government going to expect its security services to run when it comes to implementing the clause? It will not just be on the site itself.
I understand that quite a lot of this will be enshrined in a digital toolkit. It would help us all if the process of developing that digital toolkit was one with a collaborative approach. The noble Earl, Lord Devon, also highlighted that this problem of overriding access from the operators extends beyond the security environs. This is not just a security issue; it spreads into other places. Like many other Peers, I received a letter from the fire and rescue service. While this is not a security issue, it falls within the purview of the noble Lord, Lord Sharpe, and the Government should consider it, because it raises the problems of putting network equipment on fire and rescue service land and the fact that it would impede the training and preparation of that service.
This is even later than the Government’s amendment, and I recognise that it is not even part of this amendment, but it is a specific concern, and the Minister would do well to undertake to your Lordships’ House to talk to the fire and rescue service, to understand their problem and, if necessary, I am sure that we would all tolerate a late insertion at Third Reading. I say this without having spoken to the Opposition, but if it was an issue, I think that we would discuss it.
We understand that national security issues must be taken into consideration. We do not understand how this will work, what the thresholds will be, and what sort of cases it is seeking to avoid. More explanation is required.
Lord Bassam of Brighton (Lab)
My Lords, I welcome the noble Lord, Lord Sharpe, to the Dispatch Box on this Bill. We have had to deal with an increasingly large cast of Ministers, but he is a very astute and wise owl and I am sure that he will bring his insights to bear on this. I thank him for the meeting that we were facilitated to have on this issue and thank the officials for their close attention.
We on the Labour Benches entirely understand the need to protect national security and other key sites across the UK. We take the point that we should not allow equipment to be installed in places where it may interfere or enable the interception of sensitive data. However—and it is a big however—it is not desirable to introduce a power such as this at the last substantive stage of a Bill, when the elected House and our own scrutiny committees have already considered the legislation. It is not best practice. I have a bit of sympathy because I too have been a Home Office Minister. In my time I did something like 19 Bills in a two-year period. Home Office officials have a nasty habit of dreaming up late amendments which are absolutely essential for the safety and security of people at the last minute. However, it is not good practice and should not go unremarked on. We hope that the DCMS and the Home Office will acknowledge that and reflect on how this has been brought forward.
We are grateful to Ministers and officials for answering questions over recent days. That has, to a large extent, assured us that this power is not only necessary but is appropriate and will not be widely used. The Minister said “rarely” and “in extremis”, two very important guiding phrases to be used. Under this draft, the power is not subject to any formal checks. We hope that the Minister can make commitments again from the Dispatch Box. There are the possible reporting approaches to Parliament, perhaps to an appropriate Select Committee and maybe to the Intelligence and Security Committee, even if these reports are confidential. We would be grateful if the Minister could repeat, for the record, the various other steps to be exhausted before the Secretary of State would resort to this blunt instrument.
The Lib Dems made an interesting suggestion at the end of their contribution on this. I would be very interested to hear if this power will impact on adjacent sites, and whether those adjacent sites might in themselves be a security risk. It is right to draw attention to the needs of fire and rescue services, and the police service, where their services might be interfered with by adjacent-site issues.
It is not desirable, not good practice, and really not right to introduce something like this in your Lordships’ House, but we understand why and are happy to support this amendment because of its security implications.
Baroness Stowell of Beeston (Con)
My Lords, just because it is my first opportunity to do so, I congratulate my noble friend on his new role and welcome the noble Lord, Lord Harlech, to his place on the Front Bench.
I do not contribute to this debate with any enthusiasm because, having made my points at all previous stages of this Bill through your Lordships’ House, it disappoints me that we are here where we are. I will repeat some of my points briefly. Like everybody else, I think it is important to emphasise that I, too, wholly endorse fast and full rollout of high-quality broadband to all parts of the UK.
As has been said already by others, my concern is really on behalf of the site owners. It is important for us to keep in mind, particularly if we have not been following this Bill closely, that when we talk about site owners this is not just about wealthy landowners but a whole range of different smallholdings and community property and that sort of thing. A whole manner of different people are involved. They were told that the reduction in rental income would be reinvested by the mobile network operators in delivering the rollout. It seems that there remains a lack of confidence on their part, because there is insufficient evidence to demonstrate how the new code is working. They are expected to engage in negotiations with commercial entities on trust while fearing their loss is at someone else’s gain. We have heard the extent of this in other groups earlier this evening.
As I have said before, the benefit of rollout relies on the willingness of site holders to participate; when we rely on people to succeed, they deserve to be heard and listened to. When their concerns are about fairness, they cannot be ignored. I am concerned about not causing any delay to rollout, but the arguments and evidence we have heard today is that ignoring the concerns of site owners is doing just that.
In Committee, I said I would support an amendment—it was Amendment 50 in Committee—that simply required the mobile network operators to report annually and transparently to Ofcom on a range of performance measures, including their overall investment into mobile networks alongside a range of other things. This amendment, ably moved by the noble Baroness, Lady Merron, goes much further and includes a review, as we have heard, and the potential for the type of reporting requirement I have just described to be an outcome of it.
In my view, the Government have to move from their current position if they are to bring all site owners on side—and we need them on side to get the rollout. In the absence of any willingness on the Government’s part while the Bill is in Parliament, the case for Parliament imposing this independent review is compelling. That said, I hope my noble friend will have given the points made in this debate full consideration, and I will listen carefully to what he has to say.
Lord Fox (LD)
My Lords, I congratulate the noble Baroness, Lady Merron, on her presentation of this amendment. It is an elegant composite of the discussions we had in Committee, and that is why I was very happy to put my name to it. We have heard some compelling speeches and I suggest to the Minister that they have come from 360 degrees in this Chamber, which generally indicates a klaxon for any government Minister. This really is an issue.
Lord Kamall (Con)
I thank noble Lords from all 360 degrees of the House for their contributions to this debate. Before I answer the specific points, I will address some of the points about relationships being broken, as it were, between landowners and operators.
A number of non-legislative steps are taking place to make sure this code works well in practice. For example, the department’s—wait for the name—Barrier Busting Task Force holds monthly workshops with a broad range of stakeholder groups with an interest in the code. These workshops are attended by network operators and landowner representative groups such as the NFU, the Central Association of Agricultural Valuers and the Country Land and Business Association, as well as local authority representatives, legal professionals and surveyors. The workshops aim to encourage greater co-operation and collaboration in relation to the code negotiations and agreements through identifying and implementing better ways of working. The workshops touch on key issues, many of which have been raised by noble Lords. For example, stakeholders are currently working to agree on a standard template wording for common clauses within code agreements and have agreed a pilot communications framework that sets out how both operators and landowners could approach negotiations.
Perhaps one of the most significant developments to come from these workshops—my officials call it exciting—is that a number of stakeholders, including representatives from the CLA, the CAAV and the NFU, alongside operators and infrastructure providers, have come together to form the national connectivity alliance. This alliance will bring together stakeholders from across the industry to discuss issues of mutual interest, improve co-operation and collaboration and, hopefully, share best practice. The Government welcome this development and wish it every success when it launches in November. I use that as an example to address some of the concerns and suggestions in this House that somehow relationships have broken down between landowners and operators.
While having 360-degree support, Amendment 28 would make the changes to the code in 2021 and 2017 subject to specific and independent review. As with similar amendments, I wholly appreciate the House’s determination to ensure that the Government are held accountable for this legislation and for providing updates on progress towards their coverage and connectivity targets, which are at the heart of the Bill, but the Government see three important difficulties with this amendment, which I hope noble Lords will consider.
First, and this is a key concern, having another review of the code on the immediate horizon will not help a market that is starting to settle. Officials have been gathering data throughout the passage of the Bill, and the number of code agreements already concluded this year is extremely positive. I know that noble Lords are keen to see that data—
Lord Fox (LD)
I realise that this is taking some time, but on a number of occasions the Minister has talked about the market “starting to settle”. Can he describe what settling a market is and what data he is using to make that assertion?
Lord Kamall (Con)
The noble Lord makes a reasonable point. I know that noble Lords are keen to see the data, but all that I can do at the moment is undertake to make it available as soon as possible—I did not say “in due course”, by the way. We believe that the prospect of another review will, quite simply, create chaos in the market—I know that noble Lords disagree with that. Site providers would inevitably, and not unreasonably, draw out negotiations as long as possible, in the hope that the “no scheme” valuation regime would be scrapped. It is important to consider that.
Secondly, the amendment seeks to impose a duty to assess, in isolation, the impact of this legislation and the previous reforms made to the code on digital connectivity and on stakeholder relationships. The Government question how feasible it is to quantify the extent to which such progress is attributable to a single piece of legislation, and we all know that the market to which these provisions apply is dynamic. By the time such a review has been commissioned, the research carried out and the findings reported on, the market is likely to have moved on significantly, rendering that report obsolete. In 1996, I wrote a bestseller on EU telecommunications policy—I am sure you have all heard of it—and, by the time it was published, it was already out of date. That shows how quickly this market develops. Funding such a report therefore cannot provide good value to the taxpayer, and the amount could be better spent helping the Government reach their ambitious connectivity targets, to which I will come in a moment. But remember: the report would probably be obsolete by the time it is published.
Finally, this amendment overlooks the substantial review and reporting mechanisms that are already in place. For example, in relation to progress on gigabit-capable broadband, my noble friend Lord Parkinson referred in Committee to Ofcom’s annual Connected Nations report, which is updated twice a year and provides a clear assessment of the progress in both fixed and mobile connectivity. The Government also monitor and report regularly on their connectivity commitments, with quarterly updates published by BDUK. The Government will of course carefully consider the implementation of this legislation to understand how it is working in practice. For these reasons, I believe that the proposals in this amendment, while well-intentioned, could be disproportionate and ultimately unhelpful. I have also written about unintended consequences, and we have to be very careful of these here.
I will respond directly to the question of the noble Lord, Lord Fox, about targets. The levelling-up White Paper set out our mission that, by 2030, the UK will have nationwide gigabit-capable broadband and 4G coverage, with 5G coverage for the majority of the population. The Government are developing a wireless infrastructure strategy to set out the strategic framework for that development, and this will be published later this year.
The existing 5G target, which is for the majority of the population to have access to 5G by 2027, has been met five years early, with basic non-standalone 5G. As part of the wireless infrastructure strategy, we are establishing a new ambition for 5G. The shared rural network will see the Government and industry jointly investing over £1 billion to increase 4G mobile coverage throughout the UK to 95% geographic coverage by the end of the programme, underpinned by licence obligations.
The UK Government’s other target for broadband remains to deliver gigabit-capable broadband to at least 85% of premises by 2025 and to reach over 99% by 2030. To achieve the minimum 85% objective, DCMS is stimulating the market to deliver as much as possible—at least 80% by 2025. It has also invested £5 billion as part of Project Gigabit to ensure that the remaining 5% in the UK receive coverage. If I have not answered the questions of the noble Lord, Lord Fox, I commit to write to him—perhaps he could let me know.
I understand that there was a lot of interest, and there have been very well-made points during the debate, but I am afraid that the Government cannot accept this amendment at this stage.