Telecommunications (Security) Bill

Richard Thomson Excerpts
2nd reading & 2nd reading: House of Commons & Carry-over motion & Carry-over motion: House of Commons & Money resolution & Money resolution: House of Commons & Programme motion & Programme motion: House of Commons & Ways and Means resolution & Ways and Means resolution: House of Commons
Monday 30th November 2020

(3 years, 3 months ago)

Commons Chamber
Read Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts
Richard Thomson Portrait Richard Thomson (Gordon) (SNP)
- Hansard - -

It is a pleasure to speak in this Second Reading debate and to follow the Chair of the Intelligence and Security Committee, the right hon. Member for New Forest East (Dr Lewis), who has given us some very important historical context to how we have arrived at the point we have arrived at today. He posed some pointed and pertinent questions, which we look forward to seeing addressed as the Bill progresses.

The Bill provides a very much stronger security framework for telecommunications infrastructure and gives the Government the ability to manage the risk posed by high-risk vendors. I speak on behalf of my group when I say that we support it in all that it is trying to achieve. 5G technology offers great opportunities for connectivity and for commerce, through the internet of things, including the greater use of telemedicine, automated threat detection and even autonomous vehicles, but anything that compromises the access to or proper use of telecommunications networks or the security and integrity of the information that flows through them is a cause for concern. Whether in terms of intercepting information, interfering with information or stopping it from being transmitted or received, it represents a commercial and security threat to be very much guarded against.

Clearly, the infrastructure that the suppliers use to provide us with that communications bandwidth is of crucial importance in maintaining the security and integrity of that information. Therefore, it is something of a surprise that the UK Government appear to have come to the realisation only comparatively recently that having too much of the critical national infrastructure in too few hands might be a problem.

The Scottish National party is clear: the UK Government need to learn the lessons of how we have got to where we have got to on security in awarding the 5G contracts and to provide assurances going forward that the replacement strategy will be a safe and secure one. My party very much wishes us to be among the forward-looking nations at the forefront of the 5G age. However, given that these new opportunities carry new risks, security and resilience need to be built into it from the outset. We also wish to be assured that this legislation and the impacts that it may go on to have will not adversely impact network roll-out or consumer costs in the longer term, and we also want to make sure that the opportunities for building our domestic capabilities in manufacturing, in open RAN and in the broader supply chain will be fully seized.

Inevitably, in this debate so far there has been a focus on Huawei and China, and for all that Huawei has previously been regarded as a reliable partner, that focus is entirely understandable. The point needs to be made that Huawei did not suddenly become a potentially high-risk vendor overnight. This has not just crept up on us; it has been allowed to creep up on us. The Chinese Government’s involvement in recent state-sponsored cyber-attacks ought to have been enough to set the alarm bells ringing, if they were not already ringing, and to give proper cause for refection over the possible security concerns in that well before now. It is right that we use this opportunity to pause for reflection on the relationship we have with China.

Clearly, it is important to have a strong relationship, one on which we would seek to exert a positive influence, especially when it comes to human rights. However, international relationships need to be founded on self-respect as well as on mutual respect, and if this Government wish to be able to deal with other Governments on as close to equal or favourable terms as is possible, it is important to ensure that they do not leave us in a position where we are too reliant on any other single state for technology or investment.

Make no mistake: a rapid de-engagement of this kind with Huawei technology is not helpful to maintaining constructive relationships. In our relationship with China, there will now inevitably be a price to pay in terms of loss of influence, as well as an economic price to pay at home if this holds up our roll-out of the technology. To be absolutely clear, we are glad that the decision was taken, but although that U-turn was necessary, there needs to be a clearer commitment to domestic manufacturing than in previous years—decades, even—and better visibility on emerging threats from Governments. This situation was avoidable.

Hybrid threats are growing, as are the capabilities of states and non-state bad actors to enact them, and the UK very much likes to see itself as a country that punches above its weight in the world. In our military and intelligence services, that is almost certainly the case, but I believe there needs to be a realisation and an embracing of the concept of total defence and resilience. At this point in time, our Scandinavian and, particularly, Baltic neighbours seem to have a much better grasp of the significance of that concept than the UK Government do. It is to be very much hoped that with this legislation and recent announcements on defence spending, the UK might now be beginning to come to terms with the many ways in which our economic activities, our public space, and even our political space can be undermined in asymmetric and unconventional ways and finally taking steps to properly address that.

To get into some of the detail of the Bill, the Government have made it clear that vendors who they consider to be high risk should not have access to the core 5G infrastructure. Obviously, we agree, but this needs to be a formal part of any requirements for infrastructure of this kind, and there should be assurances from the Government that any replacement vendors for Huawei or, indeed, others meet the very highest standards that we would expect with that objective in mind.

The Government also need to ensure that there is a proper dialogue with our international allies, to ensure conformity—as far as possible—with high standards of protection. Like many western countries, we are an importer of technology, and as such we need to be seeking unity, as far as possible, in the standards we are willing to allow for this infrastructure that we will ultimately be sharing with our allies and neighbours.

For all that technology is a matter that is reserved to Westminster under the Scotland Act 1998, there are clear implications in how the Bill may operate for devolved nations. We would very much like to see in it a duty on the part of Ministers to consult with devolved nations before taking any ministerial actions under the Bill, as well as a duty on the Minister to consult with devolved nations when it comes to the five-yearly review of the effectiveness of clauses 1 to 13. Given the reserved nature of telecommunications, if there are any additional costs that accrue to businesses or Governments—by businesses, I do not necessarily mean the telecoms companies themselves—the UK Government may be willing to at least contemplate assuming some of the costs that might otherwise fall on tiers of government or the non-telecoms businesses.

I wish to spend some time dwelling on the impact of the roll-out. As a Member of Parliament for rural Scotland, I know that this problem is not unique to rural Scotland—other parts of the UK are affected as well—but there is a recurring theme. From the original Vodafone and Cellnet networks through 3G and to 4G, the coverage maps for mobile phones inevitably roll out in exactly the same way and cover pretty much exactly the same pattern, with the same notspots being missed out.

It is my earnest hope that the same thing does not happen with 5G. It is also important to point out that the roll-out of 4G, and even 3G, across Scotland has not been as complete as we would like, and it would be naive in the extreme to think that 5G roll-out will be any different unless there are some significant changes. It would also be naive not to recognise some of the potential problems that the Bill might present in that light, in terms of the rate of build-out that would otherwise have occurred.

To put the issue into perspective, just 42% of Scotland’s land mass has 4G coverage from all four main UK operators, and 80% from at least one mobile operator. Almost 1 million people living in rural areas currently have no reliable mobile service at that speed of connectivity. That is unacceptable, and has to be an early part of any levelling up agenda.

Owing to the lack of hardware interoperability that the mobile network has been built with, mobile network operators will have to rip out and replace a large amount of high-risk vendor equipment from existing 4G mobile masts before they can even be upgraded to 5G using equipment from an alternative supplier, as well as writing off and replacing that equipment from high-risk vendors already deployed. It is inevitable that the resulting reduced competition will drive prices higher.

From discussions with and briefings from the industry, it is clear to me that while operators can absorb the costs of the decision to remove Huawei equipment, BT estimates that the cost will be as much as half a billion pounds for it alone. It will not be possible to move any faster than the 2027 deadline that the Minister mentioned without creating a significant risk of network blackouts, as well the loss of economic benefits that would otherwise accrue to all parts of the UK. It is a huge challenge for the network operators, and we should not underestimate it. I would like to hear the Minister give a clear assurance that the Government will stick to the 2027 deadline and will not make what is already a difficult job for the mobile network operators even harder.

I would also like the Government to look at ways of trying to counteract the negative effect on the speed of the roll-out. Governments of all political stripes have been rewarded handsomely from selling off electromagnetic spectrum portions for mobile roll-out. Looking again at some of the licence fees might allow some of the telecommunications companies to save that money to invest in new infrastructure from non-high-risk vendors, which would compensate for that level of roll-out and give consumers and business the coverage that we all hope they can get from 5G.

On diversification of the marketplace, we very much welcome the Government’s 5G supply chain diversification strategy, which has been announced alongside the Bill. Reducing the reliance on a comparatively small number of big-player vendors will be hugely important in increasing competition, driving innovation and improving resilience. It will take time to move at scale towards new approaches such as open RAN, and to be successful, network operators need to be confident in the maturity of the performance and the integration and the security credentials of new vendors and technologies before they are deployed on the main networks. The Government can help to accelerate that process and create real opportunities for leadership and job creation with an ambitious commitment to research and development and trials. The funding of £250 million for that activity in the spending review and the Government’s national infrastructure strategy are very much to be welcomed.

This is an important and necessary Bill. It is one that we very much look forward to getting into the detail of and scrutinising further as it makes progress.