All 2 Baroness Winterton of Doncaster contributions to the Telecommunications (Security) Act 2021

Read Bill Ministerial Extracts

Mon 30th Nov 2020
Telecommunications (Security) Bill
Commons Chamber

2nd reading & 2nd reading & 2nd reading: House of Commons & Carry-over motion & Carry-over motion: House of Commons & Money resolution & Money resolution: House of Commons & Programme motion & Programme motion: House of Commons & Ways and Means resolution & Ways and Means resolution: House of Commons & 2nd reading & Programme motion & Money resolution & Ways and Means resolution & Carry-over motion
Tue 25th May 2021
Telecommunications (Security) Bill
Commons Chamber

Report stage & Report stage & 3rd reading

Telecommunications (Security) Bill

Baroness Winterton of Doncaster Excerpts
2nd reading & 2nd reading: House of Commons & Carry-over motion & Carry-over motion: House of Commons & Money resolution & Money resolution: House of Commons & Programme motion & Programme motion: House of Commons & Ways and Means resolution & Ways and Means resolution: House of Commons
Monday 30th November 2020

(4 years ago)

Commons Chamber
Read Full debate Telecommunications (Security) Act 2021 Read Hansard Text Read Debate Ministerial Extracts
None Portrait Several hon. Members rose—
- Hansard -

Baroness Winterton of Doncaster Portrait Madam Deputy Speaker (Dame Rosie Winterton)
- Hansard - -

Order. There is now less than two hours until the wind-ups are likely to start. By my calculation, that means that if everybody is going to have equal time, contributions ought to take about eight minutes. I do not want to set a time limit, but that is a rough guide for the debate.

--- Later in debate ---
Bob Stewart Portrait Bob Stewart (Beckenham) (Con)
- Hansard - - - Excerpts

This Bill makes sense. I agree with the right hon. Member for North Durham (Mr Jones) that it is primarily about security. It is a top priority for us to ensure the security of all telecommunications networks, particularly those that might carry classified information and that is what this Bill is all about. I particularly endorse those clauses in the Bill that give the Government robust powers to manage high-risk vendors based, of course, on National Cyber Security Centre advice. That may well also include direct guidance from other intelligence agencies as well. It is also absolutely right that the Government have placed a ban on purchasing new equipment from high-risk vendors from September 2021 and ordered the removal of high-risk vendor equipment from our networks by 2027, but, as I will go on to say, it will have implications. I wish we could achieve that earlier, but, obviously, industry needs time to manage the transition required.

The NCSC is at the forefront in developing telecommunications security requirements. It has done this in collaboration with industry and these requirements are detailed and effectively designed to establish a layered defence against cyber-attacks and infiltration. Codes of practice will devolve from these requirements and they will form a method of operation as well as being a way of calculating risks for operators Ofcom, DCMS, and NCSC. I endorse the view that these requirements and codes of practice will definitely increase the difficulty, the cost and the risks faced by a hostile player attempting to infiltrate or to compromise a UK telecommunications network, but, as the right hon. Gentleman has said, that does not mean that we are invulnerable—oh, no, it does not. There are still risks.

Next year, I gather that we will need to pass secondary legislation to endorse codes of practice that will, thereafter, be used to instruct operators on how to meet their security obligations. Such codes of practice will be policed by Ofcom—we have talked about that a little. Most certainly, it will require training on how to do this. Here there needs to be a serious interchange with the NCSC where a working relationship between the two bodies is crucial—and at cost. Of course there are penalties for this decision. Not only will this change delay the roll-out of the 5G network, but significant consequent costs will be incurred by industry. I know that industry may need the Government to support it in consequence of this decision. On the other hand, a recent report has also suggested that upgrading the UK’s 5G infrastructure could be worth about £158 billion to the economy over a 10-year period.

We have already mentioned that there are three significant vendors who provide large-scale telecommunications equipment in the UK. These are Ericsson, Nokia and Huawei. With the significant removal of Huawei as a result of this Bill, choice of vendors is of course reduced by a third, which is most certainly not ideal. It would be far better if we had more choice and competition, but we do not—that is the fact of it. However, Ericsson and Nokia are very good, trusted and long-standing companies whose security credentials are tried and trusted. I am very pleased by the idea of the open radio access network—open RAN—being developed. It is crucial to develop the UK as a world leader in 5G. Essentially, open RAN allows interconnectivity between different telecommunications mobile networks, and avoids the necessity of all components coming from just one supplier. For instance, Ericsson equipment can be interfaced with that of Nokia, or perhaps another new supplier—let’s hope so. That aids the drive towards competition andthus has cost benefits.

 

I have been an extremely good boy, Madam Deputy Speaker. I hope I am going to get a thumbs up for finishing in six minutes. I commend this Bill to the House.

Bob Stewart Portrait Bob Stewart
- Hansard - - - Excerpts

I got a thumbs up from Madam Deputy Speaker; I sit down with a big glow on my face.

--- Later in debate ---
Iain Duncan Smith Portrait Sir Iain Duncan Smith
- Hansard - - - Excerpts

I agree completely. The point is that when we were talking about this earlier on, it was clear that that was, underneath it all, the centre’s real opinion, but it was kind of moving and modifying. It was also used in a political way, by the way, which I did not think was right. An opinion is either there or it is not; do not get people in to brief Back Benchers about what they should be thinking. I thought that was wrong.

We are absolutely in the right place at this point and the Bill goes a long way towards achieving that. However, we need to do some other things that could be in the Bill. For example, the Bill is about security but it does say on the front that it goes slightly wider than security: the Under-Secretary of State for Digital, Culture, Media and Sport, my hon. Friend the Member for Boston and Skegness (Matt Warman) signed the bit that says:

“In my view the provisions of the Telecommunications (Security) Bill are compatible with the Convention rights.”

That convention is the European convention on human rights. We need to ask ourselves whether that idea applies to many regimes—not just China—and companies that come from those regimes that may be guilty of human rights abuses.

I asked the Minister previously, in a private context, whether he would consider including in proposed new section 105Z8 of the Communications Act 2003, on designation notices, the inclusion of the ability, where it may arise, to do something in the area of genocide and the involvement of companies in that process. There is very strong evidence in a couple of cases—particularly in the Uyghur case—of the use of slave labour, which should result in those companies being outlawed. The Minister may argue that this Bill might not be the appropriate vehicle for that because it is specifically about security, but every Bill has on its face that we abide by human rights laws. I am not trying to widen the Bill’s scope; I am giving the Minister the opportunity to have that extra element as part of his possible designations. After all, we are dealing with countries and nations that have, particularly in China’s case, torn up much of the book on co-operation and diplomacy.

Let me raise a final point before I conclude. My hon. Friend the Member for The Wrekin (Mark Pritchard) has gone, but he mentioned Australia. One of our Five Eyes partners, Australia, had the temerity to ask for an inquiry into the covid outbreak. Since then, the Chinese have attempted, in essence, massively to beat up Australia in a very undiplomatic and aggressive manner. It started with abuse of the individuals who asked for an inquiry and then went further into abuse of the Government. Subsequently, it has gone on to sanctions: the Chinese has now broken WTO rules, with sanctions of more than 200% on Australian wine.

In the past couple of days, the Chinese have produced what I think is called a meme—which is a mocked-up instrument on the internet—that shows something about an Australian soldier trying to kill a child. This is appalling behaviour and I want my Government, at some point, to be very clear that such behaviour is simply not to be borne. Although we have said that we stand with China, the key thing about this sort of thing and our co-operation with our Five Eyes partners is to do more than stand with China: we should condemn behaviour like that that deliberately targets and demeans a democratic nation that goes by the rule of law and human rights, which is something that China does not do. I do hope that the Minister will pass on to his colleagues that no matter what we do with this Bill, we need to make sure that we stand up with our Five Eyes partners, now that we have the National Security and Investment Bill and are moving in that direction, and never allow any one of them to be isolated and picked off one at a time. I commend the Bill to the House.

Baroness Winterton of Doncaster Portrait Madam Deputy Speaker (Dame Rosie Winterton)
- Hansard - -

The next listed speaker has withdrawn, so we go straight to the Chair of the Defence Committee, Tobias Ellwood.

Telecommunications (Security) Bill

Baroness Winterton of Doncaster Excerpts
Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab) [V]
- Hansard - - - Excerpts

I beg to move, That the clause be read a Second time.

Baroness Winterton of Doncaster Portrait Madam Deputy Speaker (Dame Rosie Winterton)
- Hansard - -

With this it will be convenient to discuss the following:

New clause 2—Provision of information to the Intelligence and Security Committee—

“The Secretary of State must provide the Intelligence and Security Committee of Parliament as soon as is reasonably practicable with a copy of—

(a) any direction or notice (or part thereof) that is withheld from publication by the Secretary of State in the interests of national security in accordance with section 105Z11(2) or (3) of the Communications Act 2003;

(b) any notification of contravention given by the Secretary of State in accordance with section 105Z18(1) of the Communications Act 2003;

(c) any confirmation decision given by the Secretary of State in accordance with section 105Z20(2)(a) of the Communications Act 2003;

(d) any reasons for making an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in the accordance with section 105Z22(5) of the Communications Act 2003; and

(e) any reasons for confirming or modifying an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in accordance with section 105Z23(6) of the Communications Act 2003.”

This new clause would ensure that the Intelligence and Security Committee of Parliament is provided with any information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an enforcement direction made on grounds of national security.

New clause 3—Network diversification—

“(1) The Secretary of State must publish an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communication networks and services.

(2) The report required by subsection (1) must include an assessment of the effect on the security of those networks and services of—

(a) progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;

(b) likely changes in ownership or trading position of existing market players;

(c) changes to the diversity of the supply chain for network equipment;

(d) new areas of market consolidation and diversification risk including the cloud computing sector;

(e) progress made in any aspects of the implementation of the diversification strategy not covered by subsection (a);

(f) the public funding which is available for diversification.

(3) The Secretary of State must lay the report before Parliament.

(4) A Minister of the Crown must, not later than two months after the report has been laid before Parliament, make a motion in the House of Commons in relation to the report.”

This new clause requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security of telecommunication networks and services, and allow for a debate in the House of Commons on the report.

Amendment 1, in clause 14, page 21, line 27, at end insert—

“(3) The Secretary of State must, in the process of carrying out reviews and drafting subsequent reports, consult the appropriate ministers from the devolved governments.”

Chi Onwurah Portrait Chi Onwurah
- View Speech - Hansard - - - Excerpts

It is a great pleasure to speak in this debate on Report. As I may have mentioned before, I am a chartered electrical engineer; before I entered Parliament, I worked for 20 years helping to build out the networks—fixed wireless and mobile—that became the internet. I am proud of that work and of the immense contribution that the telecommunications sector makes to our society, our economy and our security.

I am very pleased that today we are dedicating parliamentary time to our telecommunications sector. I thank all Members across the House who served on the Bill Committee for our many hours of fruitful debate as we strove to secure improvements to the Bill. I also thank the officials of this House, particularly in the Public Bill Office and the Library, who have provided such excellent support.

I declare an interest: many provisions in the Bill deal with the regulator Ofcom, and my last telecommunications role was with Ofcom. I joined it in 2004 just a few weeks after it was born, when it was to be a light-touch regulator, small and nimble. As a consequence of my time in the sector, I have been calling for greater security, particularly for our mobile networks, since I first entered this place in 2010.

The Labour party and I welcome the intention behind the Bill, but a number of areas in it need to be addressed. We are here today because of the Huawei debacle of the Government’s making. The Government have been forced to require the removal of Huawei, at an estimated cost of £2 billion and a delay of two to three years to our 5G roll-out, after overseeing Huawei’s rapid rise to be the foremost supplier to the telecoms company that carries our country’s name and universal service obligation: British Telecom.

The telecoms supply chain review found that there were no incentives for our mobile network operators to provide secure networks. Moreover, successive Tory Governments have squandered the world-leading position on broadband infrastructure left to them by Labour in 2010, as the United Kingdom has fallen down the league table from 27th to 47th in the world for average internet speeds. This lack of sovereign capability and absence of an effective telecoms strategy has resulted in our dependency on high-risk vendors, which the Bill seeks to address.

I am sure that you will be pleased to know, Madam Deputy Speaker, that I will not repeat the same arguments on Huawei that have dominated the debate over recent years. Given where we are now, we support the aims of the Bill. National security is the first duty of any Government, and Labour will always put national security first. Our telecoms infrastructure is clearly critical to our defence and security, as well as our economic prosperity.

We agree that, as the Bill sets out, the Secretary of State should have powers to designate vendors of concern and require mobile network operators to take appropriate action, and that Ofcom should have the power to monitor and enforce those directions. However, we wish to improve the Bill in three key areas, which our new clauses 1, 2 and 3 seek to address.

The first area is national security. Labour prioritises national security, and the sweeping powers that the Bill gives the Secretary of State must be used in the interests of securing our critical national infrastructure. Removing Huawei does not, in and of itself, make our networks secure now or protect them against future threats; that requires a number of additional measures, some of which are in the Bill and some of which are not. For a start, if our telecoms network is to be secure, there must be expert democratic oversight of the measures that make it secure—yet the Bill makes no provision for Parliament’s experts, the Intelligence and Security Committee, to be informed or consulted. We want to fix that.

Secondly, the security of our network depends on an effective plan to diversify the supply chain. We are very concerned that the Bill does not even mention diversification and thus risks short-changing our national security, our technological sovereignty and our telecoms infrastructure. We want to ensure that progress is made in diversification as a prerequisite for the security of the telecoms network and a UK sovereign capability should be a part of that.

Thirdly, the Bill gives many new responsibilities and powers to Ofcom. That follows a vast expansion of Ofcom’s remit over the past 10 years. We want to make sure that Ofcom is appropriately resourced to carry out its duties and to be forward looking, not simply looking back.

One of the great failings of the Bill is that the Government are so fixated on fighting the last battle—the Huawei battle—they are not looking to the future. That is, in part, because various Government Back-Bench Members have very real concerns about the rise of China and its influence on our infrastructure. But these concerns, however well justified, seem to be blinding the Government to threats that are not Chinese in origin. We want to fix that. We want Ofcom to have the resources and the will to monitor the evolution of our telecoms networks, so that future threats, wherever they come from, can be identified and we do not find ourselves forced, as we are now, to make a huge change to our networks, at a huge cost to our economy.

I turn to new clause 1. As I said in my opening remarks, I joined Ofcom in 2004 when it was in its infancy as a slimline regulator. I kept a copy of the Communications Act 2003 on my desk. Since then, that Act has already doubled in size as Ofcom has acquired responsibility for critical national infrastructure: the BBC; the Post Office; online harms—that Bill is coming down the road; and, in this Bill, parts of national security as well. This latest expansion of Ofcom duties will necessarily add a strain not only to its budget, but to its resources. In January, in response to my written question, the Government stated that Ofcom would have the resources that it needs to do the job, in which case the Minister should be keen to support new clause 1, which requires Ofcom to report on the adequacy of its resources in fulfilling its functions under the amendments made in the Bill.

Ofcom lacks experience in national security measures—this was discussed during the evidence stage—and the expansion of duties will require the recruitment of people with the required level of security clearance and experience. That is not going to be easy, as we heard during the evidence sessions. Emily Taylor of Oxford Information Labs said that Ofcom

“will have to acquire a very specific set of skills and capabilities and that will require substantial investment and learning as an organisation”.––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 72, Q84.]

These skills are rare. The memo from the Minister, for which I am grateful, sets out how Ofcom and the National Cyber Security Centre will work. While it is welcome that they will work together, it did not provide the reassurance that we need. Indeed, it suggests that Ofcom will be entirely dependent on the NCSC for cyber skills and therefore, presumably, unable to understand the advice that it receives from the organisation.

New clause 1 requires Ofcom to report annually on the adequacy of measures taken by network providers to comply with changes introduced in the Bill, empowering the Government to track the effectiveness of the legislation. However, new clause 1 does more than that. It ensures that Ofcom has the human and informational resources to be forward looking. As I said, we are concerned that the Bill is backward looking and does not look to future threats. New clause 1 requires Ofcom to provide an assessment of emerging or future security risks based on its interrogation of network providers’ asset registers.

I am pleased that the Government are taking steps—as I understand it from the Minister—to formalise existing best practice in the telecoms sector and ensure that national providers maintain asset registers. I can tell Members that that has not always been the case. As the Minister said during the Committee stage, asset registers are an

“important part of the existing landscape”––[Official Report, Telecommunications (Security) Public Bill Committee, 21 January 2021; c. 162.]

But I ask him: why does he not take this further? We need to ensure that we have a good understanding of our national assets and so can assess emerging threats. Doing so would have made Huawei’s dominance visible earlier and it would now enable warning signs of future concerns—and there are future concerns. Again, Emily Taylor said:

“I feel a little like we have been fetishising 5G and a single company for the last two years, perhaps at the expense of a more holistic awareness of systemic cyber-security risks… Healthcare systems probably would not have been top of the list two years ago, but now they are. The SolarWinds attack shows that the identity of the vendor is not always the key risk point. SolarWinds is a very trusted vendor from a like-minded, close ally country, and yet it turns out to be a critical single point of failure across key, very sensitive Government Departments, both in the US and the UK.––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 74, Q88.]

So I want the Minister to consider that in his response on this proposal.