Sally-Ann Hart

- Hansard -

Copy Link

-

Q You said earlier, looking at the increasing concerns about China and cyber-espionage, that the Bill will be useful against the threat from China, but do you think that the Bill will make the UK safer from the cyber-espionage threat from China, or will we require enhanced offensive capabilities?

Professor Ciaran Martin: They are not mutually exclusive. The thing about offensive capabilities is that they are sometimes seen as almost symmetrical—cyber is a sort of enclosed boxing ring, where you have offence versus defence—but offensive cyber can be used for anything. Our own British Government’s one declared offensive cyber-operation was against so-called Islamic State, not against the cyber-capabilities of another state.

I need to be reasonably careful about what I say here, but if you think that the US’s offensive cyber-capabilities are largely in the Cyber Command and the UK’s in the National Cyber Force, the GCHQ-MI6-Ministry of Defence partnership, one would expect that the operational security of those capabilities to be pretty good and therefore make quite hard targets for other actors. Similarly, some of China and Russia’s offensive cyber-capabilities against us will have quite good operational security, which will make them hard targets. We cannot rely on offensive cyber-capabilities to stop other people, particularly at the top end of the spectrum, at the elite nation- state level.

There is no magic panacea in the Bill, because no magic panacea is available. Even in the areas we were talking about, such as completely remote activity, one of the things that we saw anecdotally—there is some emerging research to support this—was that when the US in particular had a legal framework, where it can prosecute and indict people in absentia, in China and to some extent Iran, that did have some impact for some time. It did not solve everything, but it did affect the behaviour of some actors—they could not travel to the west, most practically, because they were under indictment by the US and therefore all the US’s allies. It meant that the associates of these people, because digital infrastructure is global, could get arrested.

Some people working with Russian groups have been arrested in eastern European countries with which we can co-operate in law enforcement terms. Strengthening that sort of legal framework gives you something. It is probably more incremental than transformative, but it is still something.

Sally-Ann Hart

- Hansard -

Copy Link

-

Q We heard from the previous witnesses about the challenges of online harm—sabotage and dis, mis and malinformation—and the Bill seeks to modernise the espionage regime to meet the challenge of the digital age. Do you think it will achieve that aim and where are the gaps, if any?

Paddy McGuinness: I would expect it to be a dynamic process. I think you will be looking at further legislation; let us hope you have a long life as an MP, but in your time as an MP I would expect you to have to look at this again.

To Sir David’s point, I do not think we should delay for a moment fixing the things that the Bill fixes because of the fact that technologies develop dynamically. There is a lag. I can remember—I think I was actually working at GCHQ at the time—us thinking about what was happening with Facebook as it emerged as a widely used platform. Here we are with the Online Safety Bill, about 13 years later. There is a natural and quite proper lag between rapid technology innovation and slow and considered regulation and legislation, and we are going to have to live with that. I think this is good. It provides a basis, and I think the extraterritoriality is particularly important, as is the way in which sabotage is broadly defined to allow you to deal with the kind of range of things that I have been talking about, given that the opponent will move through those spaces.