Product Security and Telecommunications Infrastructure Bill Debate

Full Debate: Read Full Debate
Department: Department for Digital, Culture, Media & Sport

Product Security and Telecommunications Infrastructure Bill

Nigel Evans Excerpts
Wednesday 26th January 2022

(2 years, 10 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Nigel Evans Portrait Mr Deputy Speaker (Mr Nigel Evans)
- Hansard - -

I inform the House that Mr Speaker has not selected the reasoned amendment.

Nadine Dorries Portrait The Secretary of State for Digital, Culture, Media and Sport (Ms Nadine Dorries)
- Hansard - - - Excerpts

I beg to move, That the Bill be now read a Second time,

We are living in the digital age. It is not only our computers and smartphones; Brits young and old have an average of nine connected devices in their house, from smart speakers and TVs to baby monitors and doorbells. We are more connected than ever, and we need to make sure that those connections are fast and secure. The Bill will achieve both those aims. It will take our roll-out of gigabit broadband and 5G to the next level while boosting the protection of citizens across the UK.

If there is one thing we have learned from this pandemic, it is how central technology is to our everyday existence. We need technology to work remotely; we need it to reach our children and to drive scientific breakthroughs and business innovations; we need tech to be interoperable—I struggled to say that—because we are living in a world where our baby monitors, kettles and doorbells will all be able to talk to one another; and we need tech that is secure.

Underneath all that, we need the digital infrastructure to support all those connections—the ones that we make minute by minute, hour by hour and day after day. Such networks are vital for the UK’s future prosperity. We cannot stay at the heart of the global economy if our connections are not world class, which is why the Government have made huge investments in digital infrastructure.

--- Later in debate ---
Nadine Dorries Portrait Ms Dorries
- Hansard - - - Excerpts

We have listened to landowners. We have not introduced the legislation without involving them in its development. We have included measures in the Bill that make it easier for landowners and operators to use a dispute resolution if landowners feel that they are not getting a fair price. That means greater collaboration, and it makes preposterously low offers less likely. Hopefully, a fair and reasonable price would be agreed. If landowners were not happy with it, it would go to independent arbitration. If they were then unhappy with that, they would have recourse to the courts, which we know would look very dimly on a situation where the telecom providers had been neither reasonable nor fair to landowners. We think that that is a fair and reasonable process.

Making the most of existing infrastructure can play a key role in upgrading services and increasing competition. Under the Bill, operators will have the automatic right to upgrade or share apparatus installed before the 2017 reforms. That will be subject to specific conditions to ensure that the work does not negatively impact landowners. The measures have been considered carefully to deliver significant benefits, while ensuring that there will be little impact on landowners. The Bill also rationalises the way that certain older code agreements are renewed so that they reflect the code as reformed in 2017. This means that there will be greater consistency in how agreements are renewed across the UK. On that basis, the 2017 coding agreements will not be revisited.

All those things will make much better use of existing infrastructure, reducing the need for new installations. That means less disruption with fewer street works and fewer mast installations in both rural and urban settings—something that, I am sure, will welcomed in all parts of the House. We will take away that community disruption. In response to my right hon. Friend the Member for Wokingham (John Redwood), I will take away his point about cables being laid under roads. In the area where I live, it is done under the pavement right outside my house. I would imagine that there is a good reason why that has to happen in some areas, but I will get back to him with what it is.

Secondly, we want to build stronger, more constructive relationships between network operators and potential site providers. We are introducing measures to make it easier for those two parties, when negotiating agreements to install telecoms apparatus, to use an alternative form of dispute resolution if a disagreement arises such as I have set out. This will encourage constructive dialogue between networks, operators and potential site providers. It will help new agreements be reached more quickly and address situations where landowners may feel compelled to accept terms offered by operators.

Finally, we are creating a new court process to address situations where landowners are not responsive. This process will provide a quick and inexpensive route for operators to gain access to certain types of land. Again, these measures have been developed to strike the balance between protecting landowners and ensuring that everyone across the UK has access to reliable and quick digital infrastructure.

We need this infrastructure because of the sheer demand on our networks. Just think of all the devices that are in use at this very moment. Millions of people will be switching on their smart TVs to stream a film or a series box-set, unlocking their phones or tablets to call a friend or a relative, or asking their smart speakers to play music or give information. Around this Chamber, right now, many wrists are sporting smartwatches that keep us up to date with the latest news or alert us to the fact that we have a new message from those infamous WhatsApp groups. [Laughter.] Sorry—I just couldn’t resist.

But with every connectable product that enters our lives, the risk of cyber-attack grows. In the first half of 2021 alone, we saw 1.5 billion attacks on connectable products—double the figure for the same period in 2020. Most of us assume that if a product is for sale in the UK it is safe and secure, but thousands of people in the UK have been victims of cyber-attacks. Many of them have lost significant amounts of money or have had their private data hacked and shared, and they have lost trust in the idea that they can connect with one another and go about their daily lives with confidence. This is not just damaging on a personal level; it also has serious implications for our national security. Cyber-criminals now have the ability to use compromised connectable products to attack large infrastructure. We saw this with the 2016 Mirai attack, which targeted anything from baby monitors to medical devices to home appliances to disable internet access across much of the US east coast.

In the past few years, this Government have made significant progress to strengthen the UK’s cyber-security. In 2018, we published a code for manufacturers to improve the security of their own consumer devices. We led the world on this, and that code has since been used by countries such as Australia and India to inform their own product security principles. However, the cyber landscape is constantly evolving and our approach needs to evolve with it if we want to stay safe.

We have reached the point at which legislation is required to protect citizens and networks from the harm posed by cyber-criminafls. Packaged together, the telecoms and product safety measures in the Bill will work in tandem to do just that, creating a reliable, fast broadband while supporting the growth of more secure consumer connectable products.

The Bill will enable the Government to specify a number of mandatory security requirements for smart devices. They will be set out in regulations, but manufacturers are already on notice regarding what the initial three requirements will be. The first is a ban on universal default passwords. Too often, consumer connectable products come with easy-to-guess passwords as their default setting, such as “password”, “admin” or four zeros. That makes them vulnerable to hacking, and risks compromising a user’s privacy and security right from the get-go. Under this new security requirement, all passwords that come with a new device will need to be unique and not easily guessable.

The second mandatory requirement is for manufactured consumer connectable products to provide a public point of contact so that security researchers and others can easily report when they discover security vulnerabilities, flaws and bugs in their devices. Manufacturers can then quickly identify and address any shortcomings in their products. At present, nearly 80% of firms have no such system in place.

Finally, manufacturers will be required to be completely transparent about how often, and for how long, their products will receive security updates and patches. According to the current guidance that is being commonly issued, if we update our computers regularly when asked to do so and use two-step verification, 90% of cyber-attacks can be avoided. The requirement for manufacturers to be transparent about how often their product will receive security updates is intended to help consumers to know at which point they will need to do that.

Businesses will have to give customers that information at the point of sale, and keep them updated throughout. If a product will not be covered by security updates, that must be disclosed. That will enable consumers to have all the facts that they need to make an informed decision about their purchase, to understand when the product they buy could become vulnerable, and to base their decision on whether or not to buy on that information. When the security requirements have not been complied with, businesses will not be allowed to make these products available in the UK. We will be able to monitor, investigate and take enforcement action against non-compliant businesses.

We have been setting consumer standards of this kind for decades. Every product on our shelves has met all sorts of minimum requirements, whether to ensure that it is fire-resistant or to ensure that it is not a choking or suffocation hazard. It should be no different in the digital age. The Bill allows us to protect people across the UK even as the world around us changes. It allows us to keep pace with technology as it transforms our everyday lives. Combined with the measures on the telecoms infrastructure, it will do a huge amount in the coming years to benefit our constituents and society at large.

I hope that Members will show their support for the Bill, and that the benefits can be realised as quickly as possible. I commend the Bill to the House.

Nigel Evans Portrait Mr Deputy Speaker (Mr Nigel Evans)
- Hansard - -

I do not think there could be a better birthday present than being in the Chamber today and listening to this Second Reading debate. Happy birthday, Jeff Smith!

--- Later in debate ---
Lucy Powell Portrait Lucy Powell
- Hansard - - - Excerpts

It is a very serious Bill, yes—

Nigel Evans Portrait Mr Deputy Speaker (Mr Nigel Evans)
- View Speech - Hansard - -

It is just as well I am in a generous mood today, is it not?

Lucy Powell Portrait Lucy Powell
- Hansard - - - Excerpts

It is just as well you are in the Chair, Mr Deputy Speaker!

We have here another infrastructure Bill. As with every big infrastructure project this Government oversee, from the northern rail betrayal to the disastrous green homes schemes, the broadband and 5G roll-out has been beset with piecemeal, short-term thinking. The Government try to get British infrastructure built on the cheap, relying on the private sector, which more often than not means foreign state-run companies. On the broadband roll-out, the Government have wasted a decade and squandered the world-leading position left by the last Labour Government. This Government’s legacy over 10 years has seen huge delays in the superfast broadband roll-out, and a widening in the digital divide. Why were we not, 10 years ago, investing in a public-private partnership, so that home-grown British businesses could develop our own 5G network? Instead of looking towards the future, and building up British capacity and resilience, the Government have left us reliant on Huawei and other foreign state-backed companies for our 5G, with all the security complications that that entails.

This Bill deals with a couple of specific aspects of the broadband and 5G roll-out: part 1 places security requirements on manufacturers of smart devices and part 2 amends the electronic communications code, which governs the rules on how rent is set for community groups and others to host phone masts on their land.