National Security and Investment Bill (Third sitting) Debate
Full Debate: Read Full DebatePeter Grant
Main Page: Peter Grant (Scottish National Party - Glenrothes)Department Debates - View all Peter Grant's debates with the Department for Business, Energy and Industrial Strategy
(4 years ago)
Public Bill CommitteesQ
I would have thought that there are two aspects to that. One is the nature of the acquirer, which is partly what you have already alluded to. The second part is that I would have thought that it is quite difficult to ascertain whether something at the cutting edge of technology is or is not a threat. I would have thought that that is a really difficult judgment to make in practice. Do you have any thoughts on that, and what experience do you have of other regimes trying to make that kind of judgment?
Lisa Wright: I think there are probably a number of ways to tackle that question. I guess that an answer is that it is ultimately a question for the Government. They are the ones who understand the threats and the intelligence. As advisers, we can look at the guidance and cases that have happened in the past, and we can speak to the unit, which, as we understand it, will be open for engagement and will welcome that. We can guide clients through the process, using the touch points and information that is available to us, but ultimately it is the Government that are in possession of the full set of facts and considerations that go into the decisions about whether that particular transaction is a problem or not. I guess what that speaks to is having the right people in the unit and getting them plugged into the right people elsewhere in Government to arm them with the ability to make these assessments.
Christian Boney: To pick up on that, I agree entirely with what Lisa said. It is not necessarily an easy thing for the advisory community or clients themselves to make a judgment about whether they are presenting risk to national security. That is why this concept of real-time, interactive engagement with the unit that is set up to police this regime is going to be so important.
In the world I operate in, one of the regulators we deal with is the Takeover Panel, which is fantastic at being responsive, with real-time engagement. It results in a dialogue and an interaction that helps advisers navigate their clients through a regime that is not straightforward at times. That is the kind of practice that could usefully be learned from in the context of the investment security unit, because that kind of real-time feedback and informal advice will be very helpful in helping companies make the judgment about which side of the line they fall.
Q
There is a fair amount of information in the Bill and the documents published alongside it about the kinds of businesses being acquired or taken over that might give rise to concern. There are quite clear definitions of what constitutes a trigger event, whether it is a purchase of shares or whatever, but there is very little detail about how the Secretary of State will decide which potential acquirers pose a threat. There are clearly good reasons why that information cannot be made public in too much detail, but is the fact that there is so little on the face of the Bill about how that decision is arrived at a problem? Does it make it less certain and therefore more likely to result in legal challenge?
Christian Boney: Acquirer risk is one of the points picked up in the statement of policy intent that is going to be looked at when determining the level of risk that a transaction presents. When looking at and explaining acquirer risk, I think that helpful additional guidance could be added to it to, for example, make clearer how the Government will consider acquirer risk in the context of things such as private equity funds and other funds that may be looking to invest in the UK. By that, I mean in particular whether the Government will be willing to disregard the identity of limited partners and other investors in funds that sit above the particular acquisition vehicle that is doing the relevant transaction. That is the kind of thing that I think there would be real benefit in trying to make clearer in the statement of policy intent.
Q
The Companies Act 2006 has similar requirements for a company to notify Companies House if certain things happen that put someone in a position of significant influence. From a lay person’s point of view, such as my own, some of those provisions are almost word for word the same in the Companies Act and the Bill. Some appear to have the same effect but the wording is different, and therefore there will potentially be occasions when the definition is different. Would there be benefits in completely aligning both pieces of legislation so that a particular event either has to be notified or does not have to be notified? Otherwise, there is the possibility that some events will have to be notified under the Bill, and other events will have to be notified under the Companies Act but not the Bill.
Christian Boney: In short, I think there would be benefit in having as much alignment as there can be. Clearly, the two pieces of legislation are not necessarily designed with the same intent and focus in mind. Yes, I think there is merit in having as much alignment between the two as there can be.
If I may, there is just one point about the trigger events that is worth considering. One of the points in the statement of policy intent in the context of trigger events is the Government considering the risk of espionage. That seems to me to be something that is worth thinking about in the context of this regime. At the moment, the trigger events are focused, as you were saying, on the ability to influence a particular company, but there are certainly circumstances where, without acquiring a level of shareholding that enables a person to influence the company, the person can nevertheless gain very significant access to information—for example, through a board seat, which might come at a shareholding of lower than, for example, 15%. That would give that person considerable access to information within the company. If they were a hostile actor and they wanted to act in a nefarious manner, it would enable them to feed that information back to another hostile party. We have spoken about narrowing the scope of the regime, and I appreciate that that would be an amplification of it, but I think that is a point that is worth considering.
Q
The other thing is that a start-up company can raise money in other ways. The Bill tries to make sure that we are not losing intellectual property, but a business can raise finance by licensing the intellectual property that we are trying to protect—I am not sure that that would come within the scope of this Bill—or even sell the intellectual property and license it back again. There are various other ways in which a company can raise finance, over and above equity, where there is a huge amount of influence or it falls outside the Bill. Clearly, crucial national infrastructure is a very different thing, but intellectual property is something that is very difficult to grab hold of; it is like trying to grasp a handful of sand. Given the objectives, I wonder how the Bill tackles those other areas, which seem to allow malign investors a way through.
Christian Boney: I think an important aspect of the Bill—this is one of the reasons why Lisa and I have described it as a broad regime—is that it does allow policing of the acquisition and control of assets, including intellectual property. In my experience, at least, that is quite different from what you see in other international regimes. Clearly, the acquisition of control of assets does not fall within the mandatory notification regime; nevertheless, it is helpful that the Government have the power potentially to exercise a voluntary call-in in respect of, for example, an acquisition or a licence of intellectual property.
Q
Professor Martin: I do not vehemently disagree with that suggestion, but I am not persuaded by it. It is not a new issue. I remember cases—they have nothing to do with this—going back to the aftermath of the so-called global war on terror, with demands during inquiries for definitions of national security. I am not sure what that would achieve other than it would be heavily litigated. In terms of both definitions of national security and the categories of technology, a better answer is a drumbeat of reviewable activity, which is by definition transparent, about how the Government interpret the scope of the Bill, if it becomes an Act, and the sort of cases it applies to so that, over time, you build up a broadly accepted framework—of course, not everyone will accept it—that is seen to be fair and rational.
Q
Professor Martin: I certainly would not be against things like that, if it could be done in a way that did not compromise the wider use of the Bill, because I do not think there is intent to interfere in the democratic process. I think the intelligence services take that pretty seriously. I remember in other contexts, when asked to co-operate on cyber-security with other countries, given that some cyber-security capabilities—by no means all—can be intrusive, that a lot of due diligence is always done on whether they could be turned by more authoritarian regimes against their own people. I would not object to that in principle. I do not know whether you have a case in mind when you say that might be necessary, but I have an open mind on that.
Q
Professor Martin: In general terms—this is a personal view, for what it is worth—I do not think the location of most government functions matters a great deal. Perhaps I am just a bit of a contrarian on that point, and always have been. The Government is the Government. Institutions do have cultures. I do not know whether the Government or the intelligence services have offered a formal view, but personally I would be reluctant to put it within the national security estate, first, because it has to be economically literate, and secondly, because it has to justify its existence and use. A strong national security input is important, but I would not leave it in the national security community.
I am sorry to sound like a broken record on this point, but I think the more important force in function is some form of reviewable transparency requirement. If you set it up and let it go away, first, you take away pressure to perform well, and secondly, you take away pressure to justify the decisions that are made.
This is a really hard problem. When I was still in government and there were discussions around it, this was not the sort of Bill that most Ministers and politicians came into Government to want to pass. It is a necessity of a bunch of case work that we have become concerned about that has required us to do this. It is sort of the least bad option. The country wants to be open to investment—we are all mindful of the impression it may give that it is trying to deter investment—so it is probably the least bad option, as I say.
I do not think there is any arrogance in government or belief that a bunch of civil servants assembled in BEIS or another Department will make infallible judgments on individual cases, but what is the alternative way to stop the sort of things we have seen happening—world-class taxpayer-funded research in key strategic technologies that are going to be vital for national security being sold for a song to potentially hostile regimes?
I will leave it there, Sir Graham. I may want to come back later, but I will let someone else in now.
Q
Professor Martin: I get that completely. I do not think 100% transparency will be possible in this case. Obviously, it will be judicially reviewable, but I am entirely unsurprised that there is an explicit provision for closed material procedures. It will be a minority, but there will be cases in which the reason why a particular aspect of a particular piece of technology is really sensitive—it will probably be highly specialised, and there might be a dozen people, of whom four serve in government, who actually understand why—cannot be published. Then, of course, there will be commercial sensitivities.
Having said all that, if you take, for example—these are real examples—the current debate around the potential use of offensive cyber, or the sort of allegations Edward Snowden made against Five Eyes countries in 2013, or some of the defences that the Government had to use in the 2000s about their role in the aftermath of 9/11 and Iraq and co-operating with US forces, in my view there is a clear distinction between being able to describe the operating environment and the sorts of thematic issues that you are dealing with, versus individual cases, which often contain extremely sensitive detail. National security organisations can say much more about the former than historically they have been willing to do.
In something like this, where we are talking about business confidence and how the country looks to potentially very friendly and helpful outside investors who like the UK, want to come here, want to put money here and like the high-quality research and the brilliant innovators and individuals, it should be possible to give them something that says, “In the course of the last year, we have looked at quantum resistant cryptography and here are the types of aspects of this that we are reserving and here are the bits that are more open” or that sort of thing, without disclosing anything sensitive. That is all you need to be able to say—these are the judgments. Let us say that the Bill becomes law in the middle of 2021, for sake of argument. By 2025 and the beginning of the next Parliament, the tech landscape will look very different. You will not want investors to be looking back at the debates you are having in the House now as a guide to the latest way in which the Government are applying this, or looking at drip feeds of information. You will want something official. It should be possible to do that.
Q
Professor Martin: I think it should be formal. The Government are not new to this. There should be some sort of review board to make sure that it has the right resources, the right performance, the right skillset and so forth. I would encourage ministerial interest. It may be something that the National Security Council wants to periodically review. In my time in national security, there were standing issues that the Government would come back to twice a year, whether there was anything interesting happening on them or not, just to take stock. That might be an issue. In answer to the previous question about transparency, there may be a case for a formal presentation, secret detail and all, to the National Security Council every year, which would include all the potentially covert and sensitive stuff. It really needs to work with the grain of ministerial thinking as well. That will need to be done collectively, at some point, so there may be a role for the NSC.
Q
Professor Martin: There is a reasonable case for a more frequently reviewable point. There is also a cultural point about the way in which the political processes work. There are aspects of government about which questions are not routinely asked in Parliament, because they seem to be too secret. Again, it is a point about casework versus framework.
To my mind, there is no reason why the Secretary of State for BEIS could not be asked from time to time to update on this or why questions in the House should not be asked. I do not think technology changes fast enough that the whole framework of categories of regulated activity and so forth have to be updated more than every five years, but there will be a possibility of more frequent updates on working, approving listings and that sort of thing.
To be fair, there is nothing to stop MPs from asking questions about international security, but the chances of us ever getting an answer may be somewhat less.
Q
Professor Martin: I am not sure if the Bill will get in the way or help, one way or the other. I think Government technological nous across the civil service needs to be invested in properly. There is a deep, fairly sizeable reservoir in GCHQ. Again, without going into too much detail, more and more people are being transferred and seconded from there into other areas. That is a good thing, and we should welcome that rather than cast aspersions on this being all secret state stuff. It should be permeating normal Government activity.
There will be issues about how to pay for some of the specialists that are needed. I do not think we will ever compete with the big tech companies, but there may be scope for paying some specialists a bit more and bringing them in here. There is something about creating a career path for technologists in Government. There are big issues for the heads of the civil service and the permanent secretaries. If I were heading it, I would want an immediate infusion of seconded talent and private sector buy-ins relatively quickly. Government can do that quite well some- times, and sometimes not so well. There also needs to be a long-term strategy for technologists in Government.