Debates between Lord Sharpe of Epsom and Lord Holmes of Richmond during the 2019-2024 Parliament

Computer Systems: Independent Testing

Debate between Lord Sharpe of Epsom and Lord Holmes of Richmond
Monday 12th February 2024

(9 months, 2 weeks ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Sharpe of Epsom Portrait Lord Sharpe of Epsom (Con)
- View Speech - Hansard - -

Regrettably, the noble Lord is wrong. We set up a multistakeholder group of systems owners, law enforcement, cybersecurity companies and prosecutors—a systems access group—to specifically consider the proposal of statutory defences. Six meetings were held between May 2023 and October 2023. Unfortunately, there is a lack of consensus among those participants and the cybersecurity industry, and with law enforcement and prosecutors, on whether there is a need for statutory defences and on what is considered to be legitimate activity. That lack of consensus proves the point that careful thought is needed in this area.

Lord Holmes of Richmond Portrait Lord Holmes of Richmond (Con)
- View Speech - Hansard - - - Excerpts

My Lords, I declare my technology interests as set out in the register. Does my noble friend agree that it is time that a statute which is 34 years old, was introduced when only 0.5% of us were online and which 91% of cyber professionals say is damaging to the UK cyber industry, was updated to enable our fantastic cyber professionals and to increase growth and productivity in the UK?

Lord Sharpe of Epsom Portrait Lord Sharpe of Epsom (Con)
- View Speech - Hansard - -

My noble friend raises some good points and, as I said, the Government are considering the right way to do that. If I talk about some of the difficulties, it might illustrate this point to the House. Amending legislation to enable cybersecurity activities involves accessing computer systems, and the data is complex. This needs a lot of thought. We would need to establish what constitutes legitimate cybersecurity activity and the boundaries of such activity. We would need to consider who should be allowed to undertake such activity, where the professional standards would need to be complied with and what reporting or oversight would be needed. We cannot make changes that would prevent law enforcement agencies and prosecutors investigating and prosecuting those who commit cybercrimes. It is right to consider this carefully and that is what we are doing.