Product Security and Telecommunications Infrastructure Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Lord Fox
Main Page: Lord Fox (Liberal Democrat - Life peer)Department Debates - View all Lord Fox's debates with the Department for Digital, Culture, Media & Sport
Product Security and Telecommunications Infrastructure Bill
Lord Fox ExcerptsTuesday 21st June 2022
(1 year, 10 months ago)
Lords ChamberRead Full debate Product Security and Telecommunications Infrastructure Act 2022 View all Product Security and Telecommunications Infrastructure Act 2022 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 16-I(a) Amendment for Committee (Supplementary to the Marshalled List) - (20 Jun 2022)
“Amendments to consumer protection legislation
(1) In section 9(3) of the Consumer Rights Act 2015 (goods to be of satisfactory quality), after paragraph (e) insert—“(f) compliance with security requirements.”(2) In Schedule 2 to the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (S.I. 2013/3134), after paragraph (x) insert—“(y) where applicable, confirmation of compliance with all security requirements as set out in regulations made under section 1 of the Product Security and Telecommunications Infrastructure Act 2022.”(3) In section 2(2) of the Consumer Protection Act 1987 (liability for defective products), after paragraph (c) insert—“(d) in relation to a relevant connectable product within the meaning of Part 1 of the Product Security and Telecommunications Infrastructure Act 2022, any person who is a distributor of the product within the meaning of that Act.””Member’s explanatory statement
This amendment would clarify the relationship between proposed provisions in this Bill and those already in law under the Consumer Rights Act 2015 and other consumer legislation. This would include defining a security issue as a fault for the purposes of consumer law and ensuring the liability for a defective connectable product is properly defined.
Lord Fox (LD)
My Lords, this group contains two amendments that have been tabled by my noble friend Lord Clement-Jones, and I rise to move Amendment 14 and to speak to Amendment 14A on his behalf and my own. These are probing amendments to understand consumer law with this and other legislation.
It seems that the Government’s intention is that consumers will be entitled to redress under the Consumer Rights Act 2015 for breaches of the product security requirements in Part 1 of this Bill and the requirements of related future secondary legislation where breaches amount to a product not being of satisfactory quality as described or fit for purpose. However, for clarity, this will require the specific inclusion in this Bill of amendments to the CRA and other related consumer legislation. So I ask the Minister to clarify how redress will work in practice. As Which? has strongly urged in relation to the current consultation on reform of consumer law generally, collective redress should also be available for groups of consumers that have suffered breaches of the CRA relating to product security.
To help your Lordships, let us look at a typical scenario where the consumer reads a report about a security issue with a product that they own and considers it insecure and hence faulty. They try to take the product back to the retailer as redress, as per CRA 2015 rights, but under the CRA, after the first six months of ownership, the burden falls on them to prove that the fault was not of their making. It is unclear what burden of proof would be required at this stage for the consumer to get redress for security faults as described in this Bill.
The CRA places the primary obligation on retailers—as “traders” concluding contracts with consumers—not manufacturers, to remedy products found to be in breach. Due to the unique nature of security faults, it is currently unclear whether a retailer would have the ability to verify reports of faults to facilitate effective redress. Experience has shown that it has been hard when reporting security issues to retailers, and that can often result in pushback. There is a risk that the consumer will find it very hard to enact their CRA rights in practice to get redress on insecure products. In that regard, proper legal guidance for what classifies a security fault is absolutely vital for redress to work effectively.
At present, it is unclear how security updates—and hence a commitment to fix security faults that occur with smart products—interact with the CRA 2015. For example, a manufacturer could claim that it will provide four years of updates on a product at the point of sale but then renege on that; perhaps because it has gone out of business or some such reason. The product then develops a security fault that the manufacturer will not fix. It is unclear what the consumer rights would be in this scenario.
Moreover, it is unclear if the Bill effectively waters down consumer rights under the CRA. If the manufacturer claims that it will give four years of support in which it will fix security faults, how does this impact on a claim that a consumer may have under the CRA to have faults addressed—which they may be able to bring for up to six years from when they purchased the goods? If the Government are not willing to mandate minimum support periods for at least six years, this could become a commonplace problem to consumers seeking redress. The Bill must make it clear how it interacts with the CRA 2015 and associated consumer legislation in a way that gives maximum protection to consumers and does not water it down.
Finally, under the CRA 2015, after the first six months of ownership, the burden falls on the consumer to prove that a fault was not of their making. Consideration should be given to extending this period and making it easier for consumers to obtain redress for insecure products. The 2019 EU sale of goods directive has extended the burden of proof in EU member states to one year—extendable to two years by member states—from delivery of the goods. For goods with digital elements supplied on a continuous basis, the burden of proof for conformity is on the seller in relation to any non-conformity that becomes apparent during a minimum of two years, or the period of supply where longer than two years, effectively providing a minimum of two years of security support. The directive also has specific provisions requiring sellers to keep consumers informed about and supplied with updates, including security updates. Similar protections should be introduced for UK consumers.
So there is a whole heap of issues here, and these two amendments try to get some clarity. Amendment 14 seeks to clarify the relationship between the provisions proposed in the Bill and those already in law under the Consumer Rights Act 2015 and other consumer legislation. This would include defining a security issue as a fault for the purposes of consumer law and ensuring that the liability for a defective connectable product is properly defined. Amendment 14A would ensure that the provisions of the Bill will not conflict with any existing legal rights regarding the enforcement of consumer law, ensuring that redress for defective connectable products can be sought by individual consumers, as opposed to solely leaving the redress procedure to the designated enforcement body to ensure compliance.
We await detailed exposition on all this, either now or in a letter from the Minister. I beg to move.
Lord Parkinson of Whitley Bay (Con)
At the risk of a philosophical debate on the nature of security versus safety, I accept some of the points that the noble Earl makes. There are distinct differences between our approach to product security and existing product safety as set out in consumer legislation, but I will address myself to that philosophical point in the letter, if I may. For now, I ask the noble Lord to withdraw Amendment 14.
Lord Fox (LD)
I hope that the Minister will take some time to read my speech in Hansard and address the issues that I have raised, because there are some specific points that have not been touched.
A lot of this has come from Which? whom I thank for its help. Which? is an extraordinarily experienced organisation, with some of the country’s most experienced consumer lawyers dealing with the sharp end of customer consumer problems. The fact that it has gone to the trouble of raising these issues should raise a red flag. It is not doing it out of mischief or political intrigue, but because it cares about the future of consumers. For that reason, the department needs to take this seriously.
If the Minister requires a meeting with Which? I am sure that I, the noble Lord, Lord Bassam, or the noble Baroness, Lady Merron, will be very happy to broker one. We could then go through some of these consumer issues. This is an organisation dedicated to protecting the needs of consumers. It has gone to the trouble of flagging up this and several other issues. For that reason, for the future of this Bill, it would be very sensible to take Which? seriously.
That said, I beg leave to withdraw Amendment 14.
The Earl of Erroll (CB)
My Lords, very quickly, I remember well during the passage of the Computer Misuse Act and the Police and Justice Act 2006 trying to tidy up language about hacking tools and so on. It became very complicated and no one could quite work out how to do it, because the same thing could be used by baddies to do one thing and by good people to help maintain systems, et cetera. In the end, I think it went into the Act and they just said, “Well, we won’t prosecute the good guys”. Everyone felt that was a little inadequate. I do not know quite what we are going to do about it but it needs to be looked at. Therefore, this is a good start and I would welcome some discussion around it, because we need something in law to protect the good people as well as to catch the criminals.
Lord Fox (LD)
My Lords, this amendment is countersigned by my noble friend Lord Clement-Jones. I know he will be very disappointed not to be able to speak to this, because it is an issue he feels particularly strongly about, as do I. Also in their absence are the auras of the noble Lords, Lord Vaizey and Lord Holmes, who spoke at Second Reading on this issue—it is a shame they are not here, but I think they have been ably replaced by the noble Baroness, Lady Neville-Jones, and the noble Earl, in their speeches. I will try not to duplicate the points that have been made by the three speakers before me. At the heart of this, as the noble Baroness confirmed, is the need to address the UK’s outdated Computer Misuse Act to create fit-for-purpose cybercrime legislation to protect national security. Clearly, that is not easy, as she pointed out, but that does not mean we should not do it at some point.
The Computer Misuse Act, as we know, was created to criminalise unauthorised access to computer systems or illegal hacking. It entered into force in 1990, before the cybersecurity industry as we know it today had really developed in the UK. Now, 32 years later, many modern cybersecurity practices involve actions for which explicit authorisation is difficult, if not impossible, to obtain. As a result, the Computer Misuse Act now criminalises at least some of the cybervulnerability and threat intelligence research and investigation that UK-based cybersecurity professionals in the private and academic sectors are capable of carrying out. This creates a perverse situation where the cybersecurity professionals, acting in the public interest to prevent and detect crime, are held back by the legislation that seeks to protect the computer systems: it is an anomaly.
As noble Lords will know, under the guidance that will be introduced following the passage of the Bill, manufacturers of consumer-connectable products will be required to provide a public point of contact to report vulnerabilities. This could be an important step forward in ensuring that vulnerability disclosures by cybersecurity researchers are encouraged, leading to improved cyber resilience across these technologies, systems and devices.
“Rights in occupation
(1) The electronic communications code is amended as follows.(2) In paragraph 21 (test to be applied by the court), in sub-paragraph (4), at the end insert “the terms of any existing agreement, and any other method of statutory renewal available.””Member’s explanatory statement
This amendment seeks to ensure that any new agreements which are made with reference to Clause 57 of the Bill and using paragraph 20 of the Electronic Communications Code must have regard to the terms of the existing agreement to ensure continuity and fairness.
Lord Fox (LD)
My Lords, once again I am a substitute for the noble Lord, Lord Clement-Jones—
Lord Fox (LD)
I know. I rise to move Amendment 17 in his name. I am grateful for the tuition that I have also had from the noble Earl, Lord Lytton—more about him shortly. Unfortunately, we are missing his huge expertise, but do not worry, I will be here to channel some of his thoughts.
This amendment seeks to ensure that any new agreements made with reference to Clause 57 and using paragraph 20 of the Electronic Communications Code must have regard to the terms of the existing agreement to ensure continuity and fairness. It aims to address outstanding concerns with the way rights are assigned when there are operators in occupation at a site. This is a complex issue and I am aware that the Minister and his colleagues at DCMS have been grappling with it as the Bill has been developed, but it is vital that the Government get this right.
The issue that the Government are trying to address was brought about by a confusion in the 2017 code. There have been some issues where operators have been prevented from getting the code rights they need to support their networks because they are already in occupation of the land and they cannot grant themselves rights.
The Government’s original consultation response and the first draft of the Bill tried to address this by changing the definition of “occupier” in the Bill. This was at Clause 57 in the original Bill. The stated policy intent made it clear that the change is intended only to address the issue that we have outlined and to ensure that when operators are in occupation of land they are able to obtain new code rights.
However, it was made clear to the Minister and his colleagues at DCMS that the original draft would in fact have much greater implications and would potentially allow operators to misuse Clause 57 as it was originally set out to modify or cancel agreements mid-term. This would be in the operators’ interest, since they could break a contract that had been agreed in good faith and move the new contract on to a new valuation basis under the 2017 “no scheme” provisions for consideration.
The Government tried to address this by removing the original draft of Clause 57 and replacing it with the new Clause 57 that we have before us today. Instead of changing the definition of “occupier” in the Electronic Communications Code, it creates a more specific code right to deal with the underlying problem.
Lord Fox (LD)
I say to the noble Lord, Lord Bassam, we are coming to the Landlord and Tenant Act 1954.
The residential security of rent control caused a seizing up of the private rented sector for the next 25 years. This is something that the Landlord and Tenant Act 1954 avoided doing in the business sector by providing security of tenure, but on market rental terms. The word of warning here from the noble Earl is that Government should be careful what they wish for and how they go about any significant transition in dealing with human sentiment against actuarial robotics, and be aware of whose voices they lend their ears to.
There are apparently three routes to lease renewal: the 1954 Act, which the noble Earl believes is effectively overwritten in some instances by the 2017 code revision; the immediate pre-2017 code for non-LTA leases; and the situation that pertains for agreements following the 2017 changes. This seems a recipe for confusion, and if the noble Earl is confused, where does that leave the rest of us?
There is a lot of detail in quite a short amendment, but this is an issue. I understand, and I think my noble friend Lord Clement-Jones and the noble Earl, Lord Lytton, understand, that there needs to be some clarity over which measures apply where, and whether the Government really want to sanction wholesale renegotiations of the nature that the noble Earl, Lord Lytton, has set out. I think that is a law of unintended consequence, and it will slow down the implementation of what we want to be implemented rather than allow it to happen more quickly.
The Earl of Erroll (CB)
My Lords, I would add that I completely trust my noble friend Lord Lytton on these affairs and issues. I have talked to him, particularly when discussing burying fibre and things like that, and he knows a lot about it.
Lord Parkinson of Whitley Bay (Con)
As the noble Baroness says, this begins to anticipate some issues to which I know we will return on the second day of Committee, but it is useful to begin them tonight.
Amendment 17 seeks to insert a new clause after Clause 57 of the Bill. Its purpose is to add an extra element to the test at paragraph 21 of the code, where an operator enters into a new agreement because of the provisions in Clause 57. This is likely to be in circumstances where an operator in occupation of the land on which its apparatus is installed has an existing agreement but wishes to seek an additional code right. The code currently provides that operators in exclusive occupation of land are unable to obtain additional code rights until their existing agreement is about to end or has ended. This is because the code currently provides that only an occupier can grant code rights, and the operator clearly cannot enter into an agreement with itself.
Clause 57 remedies this position and allows an operator to obtain code rights where it is in exclusive occupation of the land. The test at paragraph 21 of the code is often referred to as the public interest test and sets out what a court must consider when deciding whether to impose a code right on a landowner. Paragraph 23 then sets out how the court should determine the remaining terms of the code agreement. Clause 57 simply gives an operator the ability to obtain a new code right or rights that they do not already have. The clause does not allow an operator to force changes to its existing code agreement or to compel the other party to modify any of its terms—for instance, to attempt to reduce the amount of rental payments. Furthermore, the clause does not enable an operator to bring an existing agreement to a premature end in order to take advantage of more favourable terms. Any existing code agreement that the operator has will be expected to continue and operate alongside the agreement relating to the new code right.
Amendment 17 seeks to expand the test at paragraph 21 so that the court also has to consider the terms of any existing agreement and any other method of statutory renewal available. We are, however, of the view that the court can already take such matters into consideration when deciding whether to make an order under paragraph 20 of the code, and again when applying the test at paragraph 23 to determine what terms the code agreement should contain.
This is a topical issue. Clause 57 rectifies an issue in the code that currently prevents operators who are in exclusive occupation of the land being able to obtain new code rights. As I said, three cases have touched on this issue, all of which were heard in the Supreme Court earlier this year, and the Supreme Court is due to hand down its judgment tomorrow.
At present we believe that Clause 57, as drafted, achieves its intended objective, but we recognise that this is a complex and technical area, on which the noble Lord, Lord Fox, valiantly conveyed the expert view of the noble Earl, Lord Lytton, and it is imperative that any unintended consequences are avoided. We will of course look closely at the Supreme Court’s judgment and carefully consider whether further amendments are needed, engaging with interested parties as required to ensure that the aim of the clause is fully realised.
I too am very conscious that the noble Earl, Lord Lytton, with whom we have already had some discussions on this and broader aspects of the Bill, will want to join those discussions, so I am sure he will be following the official record. But I am very happy to meet the noble Lords who have spoken, as well as the noble Earl, to discuss this issue in further detail, particularly once we have seen the judgment. For now, I urge the noble Lord to withdraw the amendment.
Lord Fox (LD)
I thank the Minister for his response, during which he said that the department is of a view. When I was speaking for my part, rather than for the noble Earl, I made it clear that there were quite strong opinions that that view might not be correct. Three cases are to be judged tomorrow, before this Bill is enacted, so although it may have some relevance, it will potentially —and in the views of the people we have spoken to, almost certainly will—end up back in the courts.
We share the objective of the noble Baroness, Lady Merron, that the rollout be accelerated, not inhibited. We also share the view, as expressed in the not very veiled threat in the part of my speech on behalf of the noble Earl, Lord Lytton, about what the 1963 rent Act did, which was clog up the system. We do not want to do that—we cannot afford to clog up the rollout. There are strong suspicions that, without giving the legal certainty we need to avoid getting tangled up in the courts, we will be back there again, notwithstanding the judgments of tomorrow. That said, I beg leave to withdraw Amendment 17.