Baroness Northover (LD) [V]

- Hansard -

Copy Link

- - Excerpts

My Lords, we move into the scrutiny of the Bill, which seeks to balance the need for the United Kingdom to be at the forefront in technological development and connectivity—requiring the fastest and most efficient broadband, for example—with the need to ensure that we do not inadvertently open ourselves to malicious actors or states as we do so. It is therefore appropriate that the first group of amendments seek to strengthen the security side, recognising the complexity of modern threats. The noble Lord, Lord Alton, has as ever laid out the case extremely clearly and in detail, and I look forward to the noble Baroness, Lady Barran, replying as comprehensively. He has long made sure that in the Lords we delve deeply into these issues as we challenge the Government and hold Ministers to account.

These are sensible amendments intended to set the Bill in the context of what our allies are doing, drawing from their knowledge and experience and, as the noble Lord said, most importantly, working together. They propose actions that should be happening anyway but which we know can be easily set aside or overlooked as Governments address many pressing issues. Amendment 1 includes a duty to review telecoms vendors

“which are prohibited in other jurisdictions on security grounds”.

It is important that we both learn from other jurisdictions and act together. We have seen how China, for example, seeks to pick off states, as in its recent threat to ban Australian beef on the basis of what it had judged to be interference in its internal affairs. We also saw the Foreign Minister of New Zealand at first indicate that her country should go its own way in relation to China, clearly worried about China’s possible actions, before stepping back from that position in recognition of the fact that we really are stronger together.

There are clear risks. We see Canadian citizens used as pawns in a wider concern about Huawei. As China becomes ever more dominant economically, and under its current leadership, resistance to its positions will become ever more difficult. We have been unable even slightly to hold it back in relation to Hong Kong, and it is therefore vital that like-minded countries work together. Therefore, there are two reasons for seeing what other like-minded countries are doing: first, to see what risks they identify and, secondly, to decide whether we should act together, as we would hope they would act when we saw risks. We are of course in a weaker position globally as we are out of the EU, which has strength in numbers and economic power.

Amendment 20 would expand the powers to include ownership or investment, and this clarifies further where risks might be; for example, through the investment clout of certain players. This is clearly vital.

Amendment 27 would require the Secretary of State to review the UK’s security arrangements with countries banned by a Five Eyes partner and decide whether to issue a designated vendor direction or take similar action with regard to the UK’s arrangements with that company. This updates previous legislation where this risk was not so apparent as it is now, with the hugely increased economic and other associated power, for example, of China. Of course, the Five Eyes of the US, Canada, Australia, New Zealand and the UK are very much aligned on this. Certainly, the risks identified by the Five Eyes should be front and centre in our thinking. I would say that we should add in the EU. Had we still been in it, we would have had that major sphere of influence to strengthen our position further. That makes these amendments even more important.

As the noble Lord, Lord Alton, laid out, we have become very dependent on China in many areas. That is true not only in the area of the Bill but in the new green industries, for example. We need to be much more strategic than we have been in this regard up to now. As he also set out, we cannot build our business on human rights abuses even up to genocide.

I am sure the Minister will say that these amendments are not needed as all these actions will be taken, but they are tabled to make sure that they are. We know that this has not happened adequately up to now; we need to strengthen the Bill, as the noble Lord, Lord Alton, has stated. I therefore look forward to the Minister’s reply.

The Earl of Erroll (CB)

- Hansard -

Copy Link

- - Excerpts

My Lords, I want to say a few words on this. It is highly relevant that we keep a close eye, but on all vendors, including the ones that may seem okay at any given moment—the world keeps changing. I am not an apologist for, and nor do I wish to promote, China in any way whatever, but it happens to be there and it happens to have ripped off a lot of Cisco stuff a few years back and improved it. The Japanese did this to our cars, many years ago—nothing changes.

The real problem is that we do not manufacture this sort of stuff here; some of it is manufactured in Europe, and of course we are no longer part of that, but does that matter anyway? We are reliant for the supply of all this electronic equipment, and the components—such as chips, which I mention specifically —on China and many other places. The Americans also rely on China to manufacture components which they then put in their equipment. We had a security compromise a few years ago, when compromised components were put into some Cisco equipment. It is more complex than trying to ban one company or one country. But there are not many alternatives for us here, and that is the real problem. We need to get some home-grown stuff going and we need to get it done very quickly if we want to be really secure.

What are we going to do about it? The thing that worries me is that you cannot assume that your allies are always your friends in everything. We have to be particularly careful of being dragged into a trade war under the cover of security or defence—and this does happen. The cost of this whole thing is not so much that Huawei will try to cause us problems in some way unknown if we remove it from our system completely; there is the other side of it. If its technology is working and is better, and we can make sure in various ways that we are secure against what Huawei might do, its technology might get us to where we need to be in an internet world a lot quicker. I notice that we have already delayed quite substantially the rollout of broadband everywhere and 5G—everything seems to be stalling because of these rows, which to me are trade rows.

I fully understand the points of the noble Lord, Lord Alton, about supporting regimes that are doing appalling things around the world. The trouble is that there are an awful lot of them. Take the situation he mentioned, to do with cameras. It is actually the software that does the facial recognition, not the camera; it is purely a bit of hardware that takes a very good, high-quality photograph, and there are many alternatives to it. Who is supplying that facial recognition software? That is where I would really target, and I would bet it is China. If there are bits that are useful to us, we need to use them. We need to stay in the world and we need to get ahead. We are not ahead and we are going to drop behind more and more.

The other difficult thing about picking a fight with China is that, if we are really going to go net zero and start going all electric in the next few years, lithium supplies and processing are from China. There is already a shortage of chips and other things in the automotive industry; I am sorry, but we are reliant on an intertwined global supply chain which stretches all over the place. We must be very careful about singling out one country, but we are—and that is why the amendment is useful. We must have something that says that we are keeping a proper eye on the whole lot of them.

Lord Clement-Jones (LD)

- Hansard -

Copy Link

- - Excerpts

My Lords, I hope the Committee will forgive me if I move on to drier but—I hope the Committee will agree—important ground. In moving Amendment 2, I will also speak to Amendments 3, 4, 5 and 6.

Amendment 2, along with similar amendments to Clause 1 in the name of my noble friend Lord Fox and myself, seeks to narrow the scope of the definitions of “security compromise” and “connected security compromise”. As well as having concerns about oversight of the new powers of the Secretary of State, which we will debate later, there is also concern, reflected by the Constitution Committee, about the width of these crucial definitions and the consequences that flow, particularly as regards planned outages and the need to make a clear distinction between reporting on security compromises and on resilience.

I say this in the context of the impact assessment of 9 June, which stresses the large degree of uncertainty surrounding the costs to be incurred by business, amplified by the report of the Regulatory Policy Committee under its new chair. The Constitution Committee says:

“Clauses 1 and 2 impose duties on providers of a public electronic communications network or service … These include taking such measures as are appropriate and proportionate for the purposes of identifying and reducing the risk of security compromises occurring. The Bill defines security compromises, but the Explanatory Notes acknowledge this definition is broad and do not explain their intended scope. The consequences of a security compromise for providers are potentially significant, including substantial and costly duties of due diligence”—


this echoes the impact assessment. It goes on:

“The House may wish to consider whether narrowing the definition of security compromises would be appropriate.”


BT gave evidence to the Public Bill Committee in the Commons. Of course, BT is a provider which will need to comply with the provisions of the Bill, so I take the liberty of reading out much of its evidence:

“As currently defined, a ‘security compromise’ … would cover any planned network outage that may be required for maintenance or upgrading of the network, or any unplanned outages due to faults or wear and tear. These types of outages are relatively regular occurrences given the scale of our network and we always seek to minimise customer impact and restore service as quickly as possible. The duties on operators in the Bill that flow from this definition are significant—including network issues that cannot reasonably be considered as security compromises (rather resilience or availability issues) would create undue burdens on operators and potentially on OFCOM.


These outages are not the result of any unauthorised access or malicious intent, nor do they have consequences for the confidentiality of data or signals carried over the network. We do not believe it is the intention of the Bill to apply the same requirements (e.g. with respect to reporting or notification to stakeholders), or to make the same powers available to OFCOM, in relation to these types of incidents, as are intended to apply to ‘security compromises’.”


It goes on:

“The definition also seeks, we understand, to capture any compromise to the integrity of signals conveyed over a network. However, the way that this is expressed—by reference solely to compromises of the ‘confidentiality of signals’—is unclear and confusing. It could be significantly improved by making a simple amendment to refer to ‘confidentiality and integrity’.


The definition of ‘connected security compromise’ … is a simple definition referring to something that ‘occurs in relation to another public electronic communications network or a public electronic communications service’. Given the potential breadth of this definition, building some specifics on how the ‘connected’ element will be assessed in the overall Government/OFCOM guidance on ‘security compromise’ will be important.”


So a provider that will be considerably impacted by the Bill and the Constitution Committee have raised important issues about the width of these definitions. These amendments perhaps do not go as far as some providers would like, but they attempt to give greater certainty by specifying that compromises which involve security issues are covered, but not wider outages which do not have security implications. I very much hope the Government will heed both the providers and the Constitution Committee by narrowing the width of these definitions. I beg to move.

The Earl of Erroll (CB)

- Hansard -

Copy Link

- - Excerpts

My Lords, I can see that it might be useful to avoid scrutiny sometimes when we have to finesse difficult issues—say, balancing effectiveness and public perception of certain other issues, or whatever. We can also end up with an awful lot of SIs in front of both Houses and everyone feeling rather swamped and bored by them and no one really doing anything about them. The trouble is that we get more and more wide-ranging powers in Bills, and this is a particular example of it. The more we do that, the more careful we have to be about the secondary legislation, because that is where the devil resides and that is where the real control is. We have just passed something that enables a takeover by the Executive. In some cases that may be a good thing; in others it could be very dangerous. To be honest, because of the huge, general issues in these Bills, I now come down in favour of the affirmative procedure. We are going to have to scrutinise it.