Product Security and Telecommunications Infrastructure Bill (Second sitting) Debate
Full Debate: Read Full DebateSally-Ann Hart
Main Page: Sally-Ann Hart (Conservative - Hastings and Rye)Department Debates - View all Sally-Ann Hart's debates with the Department for Digital, Culture, Media & Sport
(2 years, 8 months ago)
Public Bill CommitteesQ
Professor Carr: No, to be honest.
Q
Professor Carr: It is impossible to answer that. That is what makes this type of legislation difficult. We do not know how the threats will emerge or change. A couple of years ago we could not have imagined that ransomware would be the threat that it has become, but the fact that we cannot anticipate the future with certainty does not mean that we cannot act now. Nothing will be sufficient to fix the insecurity of the digital world that we live in. No Bill will change that, but small bits of legislation beginning to address these vulnerabilities is the right way to go. I do not think that anyone should be afraid of doing this. This is the beginning of the future. Governments will not stand by forever and watch the damage and destruction that can be done by digital devices. We have to start somewhere, and I think that this is it.
David Rogers: I am coming from a slightly different position, but obviously I would like to see all 13 requirements implemented. I think that it does provide future proofing, because this provides the foundation of future trust for everything. Everything that we have written in there provides future underpinnings. If we are allowing industry-based organisations such as the European Telecommunications Standards Institute to maintain the specification for the future, that allows organisations to improve and add things. I think Dave mentioned biometrics, for example. They can go to ETSI and add to it, and let’s allow industry to develop that. Organisations such as NCSC and DCMS are also there to input into those standard bodies. I think it is a really strong start.
Thank you. That brings us to a slightly premature end of this evidence session. I thank the witnesses, on behalf of the Committee, for their evidence.
Examination of Witnesses
Catherine Colloms, Simon Holden, Mark Bartlett and Juliette Wallace gave evidence.
Thanks. I think everyone understood there was going to be a reduction, but I cannot remember those sorts of figures ever being mentioned at the time of the 2017 Bill.
Q
Catherine Colloms: Effectively—let me take a multi-dwelling unit and then I will take a pole—we need to put a new fibre cable over some of these pieces of infrastructure. I actually have my kit behind me, which I can show you in a second. With an MDU, there is often fibre outside a premises; we will build to the curtilage. What we have inside an MDU is the existing cable—the existing hybrid fibre—that is going up inside the risers. You basically cannot see it. It then kind of pops on to a room. We would reinstall the new part of the full-fibre kit in the classic plant room downstairs, so that it is all with the maintenance bits. We then need a new small cable—this one is basically it; it is called InvisiLight—which we would run up through the risers. This is what you would see, or not see, running through corridors or along the wall. When you put this on a wall, you cannot find it because it is absolutely tiny. This cable has all the fibres running through it.
The visual impact is going to be minimal.
Catherine Colloms: It is minimal. You often need a very small box that just sits on the top of someone’s door and you effectively put this cable inside someone’s flat to a new box. That is for an MDU.
For a pole network, it is similar in the sense that you need slightly more than this amount, because we will probably have some more cables in it. Over the existing pole infrastructure, you will have a new cable that basically has fibres in it. As you can see, this cable is absolutely tiny compared with copper, and it will serve hundreds of premises, as opposed to the copper, which needs to be a different size. You would effectively need a cable that is slightly larger than the one that I have here—because it would be protected—that runs across the existing infrastructure. You sometimes need some termination points, so there might be a few pieces of black plastic, which is effectively where you put various bits of the access network.
On the telegraph pole.
Catherine Colloms: On the telegraph pole, but not every pole. It will be only on a few of the access poles, but we try to minimise the impact and keep it as small as we can.
Simon Holden: We are using exactly the same process and procedures, and the ducts and poles that are available, so my answer is the same.
Q
Catherine Colloms: At the moment, the way that clauses 59 and 60 are drafted, they talk about “no adverse impact” as opposed to minimal adverse visual impact. The existing code under which we are currently operating talks about “minimal adverse impact”, which is why we have been able to put infrastructure in as we are doing today. That has not been transposed in the Bill. We are suggesting that if we could change the definition to “minimal adverse impact” as opposed to “no adverse impact”—with, for example, the MDU having something like this cable—that would allow us the ability to go in and upgrade with minimal adverse impact where we currently have the infrastructure.
Q
Catherine Colloms: For me, it is the critical clauses 59 and 60. If we could extend the measure to multi-dwelling units, that solves your urban problem, but, critically, if we can extend it over the pole network, that is what will make the difference in rural areas. As I was explaining to the Minister, it is not necessarily that the target changes, because we will still try to do everything we can to meet the target, but the danger of not being able to upgrade existing infrastructure over poles is that you end up with pockets that are excluded as you upgrade. We are effectively trying to avoid getting all these pockets of digital divide in MDUs and cities, but also the little pockets as we are upgrading through rural areas at the same time.
Simon Holden: I would add one administrative point. The way that the Bill is drafted at the moment means that the main operator, which would typically be Openreach, has to notify the private landowner. The fact of the matter is that if we wanted to use it, we could equally notify the private landowner. What I do not want to do is either to burden Openreach with lots of my administration, or for that to become a bottleneck to the speed of my roll-out. We would propose that if it is the main operator or the new operator that has utilised that infrastructure, it could give the noticing. By the way, we are giving noticing to local authorities for works all over the place; we have a process for doing that. That would actually accelerate things from our perspective and not create an inadvertent administrative bottleneck from a process perspective. We can provide you wording on that.
Q
Mark Bartlett: First of all, towercos have been around in the industry since the start. The BBC became National Grid became Crown wireless became Arqiva became Cellnex, and so on. This is not a 2017 phenomenon. Secondly, Cellnex itself has invested billions of pounds in the UK over the last couple of years and invests hundreds of millions of pounds a year, whether that is in connecting the Brighton main line or providing DAS, small cells, tower upgrades or new towers. To describe a huge enabler of connectivity across the UK as a middleman is, I think, a step too far. Fundamentally, we are an industry that is bringing connectivity to the whole of the UK; we are part of it, and we believe that these changes are needed to deliver it.
Q
Mark Bartlett: That is a good question. First of all, do we collaborate as an industry to use shared infrastructure? We are required to do so under planning laws. In fact, towercos’ reason for being is to create efficiencies and share infrastructure, to the benefit of the community. We are, through the planning process, not allowed to stick one tower next to another. Those sorts of things protect the community, but also make sure that we exploit the infrastructure that we have today to maximum effect.
Secondly, in terms of sharing upgrade rights, obviously we have existing towers. At the point at which we need to upgrade for 5G, often we need to put more equipment on those towers, so it is important that we are able to do that without having to negotiate higher costs under the old regime, and that we are able to do that very quickly. To Catherine’s point, where we do not get agreement to upgrade a tower, it simply means—the local community around that tower is much further than 500 metres; depending on which technology you use, it might be 500 metres, but I will not go into that, and one big tower serves many hundreds of people—that that tower does not get upgraded and the money is spent on a different tower in a different community.
The power of the individual to affect the outcomes of the community is very high in the process that we have today, especially where the legislation does not work. To be frank, that is why the changes are required. It is not necessarily to overcome some battle with a land agent. We are simply attempting to create this connectivity solution across the UK as fast as we possibly can, and having the simplicity—while remaining fair to the landlord—of legislation that works and an operational process that works is going to enable that.
Is there anything else you want to add, Juliette? If I may, I will refer to Juliette on the technical—
Juliette Wallace: I do not think there is anything particular to add, other than to say that the shared rural network absolutely relies on the ability both to roll out new sites to new areas that are total notspots at the moment and to roll out sharing and upgrade capability on existing sites. If we do not get the changes in this Bill, we are going to be seriously reduced in our ability to effectively roll out, share and upgrade those existing sites. There are some sites where currently we have no mechanic to be able to renew those agreements. As Mark said, the power of the individual to frustrate the roll-out of new technology or increase technology to a geographical area is huge currently.
Q
Rocio Concha: In terms of the Bill, an example could be to change or tighten the definition that you have of distributors. In terms of implementation, online marketplaces are the gateway between the consumers and the manufacturers of these products. They are the ones that have the power to make sure that these products comply with the law. Let me give you an example. We routinely do product tests to identify security vulnerabilities with these products. Often when we go to the online marketplaces, we get the answer that, because there is no regulation, they cannot take these products out.
We need the regulation to be clear that any smart product needs to comply with these baseline security requirements. Also, we need regulation to put responsibility on the online platforms to make sure that they are monitoring proactively which products are being sold on their platforms. That is key, and I feel that it is not optional. It is quite clear what is going to happen. There are bad actors out there, manufacturing products that are not going to comply with the baseline requirements. They know that there are not going to be the necessary checks in there by the online marketplaces, but the consumer does not know. It is impossible for the consumer to make an assessment of whether the product will be secure or not. Unless we put in regulation, you can see where all these bad actors are going to go.
Q
Rocio Concha: I personally think that yes, the Government should provide information to consumers so that they are aware of this. Organisations such as ours also play a role, and we play it. We continuously publish our findings on security vulnerabilities and the sorts of things that consumers can do to protect themselves. There is a need for more information for consumers in general so that they can be aware that when they put these products in their homes, unless they take certain steps and buy products that meet the regulations that we hope will soon be introduced, they are putting themselves at risk.
Jessica Eagleton: I would agree with what my fellow panellist has said. When we think about tech abuse, we see that awareness of it is quite low among the general public. In fact, in a survey we ran last year the results were that two thirds of women did not know where to go for information if they thought that a device in their home was compromised. There is a role there for that awareness piece. At Refuge, the approach we tend to take is to empower survivors to use technology safely and to take back control of their products and technology. We have developed a range of resources to do that, but we would welcome more work and more efforts on this more widely.
Q
Jessica Eagleton: The national domestic abuse helpline is the gateway to a wide range of domestic abuse services across the country. If she phoned the national domestic abuse helpline, we would be able to help her there, and help her with safety planning and next steps. We have some resources on our website and have recently developed a home safety tool that talks you through various devices in the home and gives tips on how to secure them.
Q
Rocio Concha: Yes, we would support that. If it is not possible to include it in the Bill, we would ask that the Bill allows for it to be included in secondary legislation in the future. We would be very supportive of introducing minimum supporting periods for products.