Draft Audiovisual Media Services (Amendment) Regulations 2021
Chi Onwurah Excerpts(3 years, 1 month ago)
General CommitteesRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Chi Onwurah (Newcastle upon Tyne Central) (Lab)
It is a great pleasure to serve under your chairship, Ms Elliott, and I welcome the rest of the Committee to this important statutory instrument. I thank the Minister for her opening remarks—here we are again, talking about audiovisual regulation without there being any online safety Bill in statute or in sight.
To begin with, I declare an interest: as the Minister is aware, before I entered Parliament I spent six years working for Ofcom as head of technology. As she mentioned, Ofcom has responsibility with regard to this SI. During my time there, it had responsibility for regulating broadcast audiovisual services and some responsibility for online audiovisual media services, which were beginning to grow in importance—although not always legally. Online audiovisual media services were nowhere near as widespread or important then as they have since become, and they have been especially critical during the pandemic. Video-sharing platforms, or VSPs, which are the core of the SI, have become a major presence in the lives of many people in this country—just look at TikTok or YouTube.
The SI follows on from two SIs of the same name that were laid in November and September 2020 and which put the UK’s obligations in line with the European Union’s audiovisual media services directive—AVMSD— in preparation for the end of the transition period at the end of last year. As the Minister said, the AVMSD introduced three key requirements for VSPs: to take measures to protect minors from content that is harmful to those under 18; to take appropriate measures to protect the general public from harmful and illegal content; and to introduce standards on advertising. It is notable that we are dependent on the directive for regulation because we do not have online harms legislation, and I want to emphasise that AVMSD should not be used as a replacement for robust UK online safety legislation.
As the Minister said, the SI makes technical changes to the definition of terms and to Ofcom’s duties as a regulator, and it could potentially impact on the UK-EU working relationship. The SI includes changes to the definition of “European works”. As part of the AVMSD’s attempt to strengthen the competitiveness of the European audiovisual industry and to promote cultural diversity and heritage in Europe—I am sure they are ambitions that we all support—the European Union identified “European works”. Such works are both linear and on-demand audiovisual media products. Under the AVMSD, 30% of on-demand programming services must be European works, so the SI laid in November brought that quota into UK law.
For a product to qualify as a European work, it must originate in a member state or third-party state, or have been co-produced within a framework of agreements between the EU and third countries. My understanding is that UK productions currently qualify as European works because the UK continues to be a signatory to the European convention on transfrontier television, and I hope the Minister will confirm that.
The changes made by the SI allow the definition of European works in UK law to adapt to and adopt unilateral changes to the definition of European works by the European Union. On the one hand, this allows flexibility and removes potential legislative barriers that may arise in the future, but on the other hand, it raises concerns over sovereignty, which I am sure the Minister remembers was a key issue in the Brexit debate. Should the European Union change the definition of European works to exclude audiovisual works created in third-party states and by signatories to the European convention on transfrontier television, I believe such a change would be automatically adopted into UK law, leaving UK audiovisual works outside the 30% quota. That could create a circumstance whereby UK audiovisual products are at a disadvantage and are not considered part of European works.
Can the Minister confirm whether any changes made by the EU to the definition of European works will be automatically transposed into UK law? If such a circumstance occurred, how quickly and by what means would the Government act to ensure that UK products are not placed at a disadvantage? It highlights the fact that, although we are still using European Union definitions, we have no say in how those definitions evolve. What guarantees has she received from the European Union that future changes to the definition of European works will not lead to the UK being excluded? What assessment has she made of the impact of such an exclusion, should it happen? Will unilateral changes by the European Union to the definition of European works be addressed in the forthcoming online safety Bill, which we have heard so much about even though we have yet to see even a draft?
I would hope that future negotiations between the European Union and the UK ensure ongoing agreement on this definition. However, it is clear from the draft regulations that the relationship with respect to the definition of European works is not reciprocal: the UK has adopted the European Union’s definition without the European Union being forced to reflect or adopt any changes that the UK could make; I am not sure that in this case it could make any.
Back in November, I raised jurisprudence issues. Under the current rules, a VSP will come under UK jurisdiction if it has a fixed establishment in the UK and the centre of its economic activity relating to the relevant service is based in the UK, not in an EU member state. If the VSP is not established in the UK and no EU member state has jurisdiction over it, it will come under UK jurisdiction if it has a group undertaking established in the UK. The draft regulations and the AVMSD fail to provide a level playing field for online and offline services: they do not protect UK citizens from harmful content, either specifically for VSPs that do not have a group undertaking in the UK or generally, whereas offline broadcast services in the UK are subject to UK regulation.
A significant gap has opened up in online safety legislation. UK citizens and consumers are not adequately protected from harms under the current jurisprudence and regulatory regime, and the draft regulations do nothing to address that. Analysis commissioned by the Government shows that under the current rules-of-origin approach to jurisprudence, YouTube, Facebook, Instagram, Dailymotion and Twitter are all outside the UK’s regulatory scope. What are the Government doing to build the regulatory framework that will protect UK citizens online? What role will the draft regulations play in that? I am sure that the Minister will refer to the online safety Bill; we look forward to more details on the timetable of its passage.
The Government may have left the UK without the regulatory framework that we need, but they have assigned it a regulator, as we heard from the Minister. We do not know how broad Ofcom’s regulatory responsibilities will be—presumably they will be fleshed out in the online safety Bill, which we have yet to see—but the draft regulations do tell us one thing: Ofcom will not have a duty to inform the European Union of breaches of the AVMSD, because its duty to inform has been scaled back to a power that it “may” exercise. I understand that that is because EU states are not mandated to inform Ofcom of a breach, so the Government have decided to remove Ofcom’s mandate to inform European Union states.
I think we can all agree that we would be safer if breaches were reported globally: one of the challenges of regulation in the online world is that it requires global co-operation and collaboration. The decision to stop Ofcom reporting breaches to the European Union has been made because we cannot obtain a reciprocal agreement. Did the Government seek to ensure reciprocity on the sharing of data breaches and of breach data? Have they assessed the impact of the decision on the flow of information between regulators? Failure to ensure that reciprocity is a failure of Government, and it could have implications for the UK’s online safety relationship with the European Union, making us more vulnerable. I am concerned in particular that it may affect the information our regulator receives from friends and partner agencies in Europe. Will the Minister say a little about the future working relationship between UK regulators—Ofcom and the Information Commissioner’s Office, for example—and European Union state regulators, particularly on reciprocity? Will she promise no regression in the sharing of information that may keep us safe online?
I have already touched on the reason why this is so important: the UK lacks any robust online harms legislation. The online safety Bill has been a decade in the making. It is startling to think that from 2010, starting with the coalition, the Government have presided over dramatic changes in the role of the internet, the web and the online world in our lives, but we have yet to see any online safety legislation. It took them nearly two years to issue a full response to their own consultation on the matter, despite huge increases in online threats because of the pandemic. I raised the threat of child abuse, online scams and misinformation in November, when I think we all agreed that legislation was way overdue. Six months later, we still have nothing beyond the promise of a reference in the Queen’s Speech. I hope that the regulations are not a further sticking plaster to hide the Government’s delaying on such a vital issue and that further delays will not materialise. The Minister’s Department has stated that the online safety Bill will supersede the regulations, but as that Bill will probably not become law for another year, we have another year of uncertainty. Has the Minister assessed the impact that such uncertainty is having on the audiovisual sector?
Labour will not oppose the regulations because we do not believe that the Government can legislate quickly enough to address threats to online safety and jurisdiction concerns. However, we are greatly concerned about the holes in the UK’s regulatory framework and the path that the Government are taking with our future relationship with the European Union, which should be one of collaboration and co-operation on the key subject of online safety. We need reassurance that the UK and the EU will work closely together without interruption or confusion, confirmation that the Government will prioritise the wellbeing of the UK audiovisual sector, and robust and substantial regulatory legislation to protect us online.
Chi Onwurah
I thank the Minister for her comments, which are enlightening. Were there discussions around maintaining a mutual reciprocal duty to co-operate on this issue?
Caroline Dinenage
I will drop the hon. Lady a line on that because I do not know for sure. She asked how long this will last and how it works in relation to the online safety Bill. As she knows, we are working at pace to prepare the legislation. It will be ready shortly and she will be able to cast her eyes over it in the near future. In the meantime, we are working closely with Ofcom and will continue to engage with parliamentarians as we prepare the legislation.
Of course, we recognise the importance of being online and the benefits that that brings, but we have seen most poignantly during the coronavirus period how online safety can be a major concern. There are serious risks that users, particularly children, currently face when they are online. It has been brought to a head over the past year, and the prevalence of illegal and harmful content and activity online is unacceptable and has become more so. We have made clear our intention to repeal the video-sharing platform regime in part 4B of the Communications Act 2003 once the more comprehensive online harms regime comes into force.
In the interim, through regulating and engaging with video-sharing platforms, Ofcom will have the unique opportunity to understand the potential challenges and opportunities to be harnessed with systems regulation. These vital learnings, combined with the scope to engage with UK-established video-sharing platforms, will no doubt strengthen the online harms regime once it comes into force.
This instrument ensures that the law remains clear and operable. It is required to remedy the failures of retained EU law arising from the withdrawal of the UK from the EU. The instrument will allow Ofcom to progress the implementation of the video-sharing platform regime and provide protections for UK users, especially minors.
The UK and EU have similar objectives, and we continue to share similar values when it comes to protecting users online. Through the introduction of a power to co-operate, we are signalling our commitment to working with our European and international partners. This engagement will strengthen our ability to keep UK users protected from illegal and harmful material on video-sharing platforms not established in the UK ahead of the upcoming online safety legislation.
Chi Onwurah
I thank the Minister for her comments. I also asked about European works and whether the definition of European works could be changed to exclude the UK at a future date.
Caroline Dinenage
Again, I will drop the hon. Lady a line on that.
Question put and agreed to.
European Football Proposal
Chi Onwurah ExcerptsMonday 19th April 2021
(3 years, 1 month ago)
Commons ChamberRead Full debate Finance Act 2021 View all Finance Act 2021 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: Committee of the whole House Amendments as at 19 April 2021 - large print - (19 Apr 2021)
Oliver Dowden
The hon. Gentleman is absolutely right to highlight that. It seems extraordinary, at a time when most stadiums remain completely empty and clubs are under tremendous financial pressure, that, rather than focusing on the rebuilding of the game and getting fans back into stadiums, these six clubs are distracted by something that is not in the interests of the game. It is right that we look at competition law. We need to look at the range of things that Government do to help games happen, to help clubs participate in the league, and say, “Why should we be doing this anymore for those six clubs?” That is precisely the work that we are undertaking.
Chi Onwurah (Newcastle upon Tyne Central) (Lab) [V]
Newcastle United fans have long suffered from the greed and self-interest that drive premiership owners, but this attempt to turn our national game into the cash cow of a narrow elite shows just how morally bankrupt the premiership has become and how little Government care. There seem to be more rules to prevent the removal of a window frame in a listed building than the wholesale destruction of this jewel of working-class culture. Can the Secretary of State believe that the owners of these six clubs meet the fit and proper person test?
Oliver Dowden
The hon. Lady will have seen from my statement—I am happy to repeat it—that I completely agree with her. This is absolutely central to our heritage. These clubs are as much a part of our heritage as the great castles, stately homes, cathedrals and orchestras of England and the rest of the United Kingdom. We stand ready to do whatever it takes to support this. On the fit and proper person test, that is precisely why we have set up the fan-led group and it will be one of the things my hon. Friend will be looking at as we go forward. In the short term, we need to stop this in its tracks. We do that by working with the leagues—I gave the president of UEFA my 100% support for the measures that he outlined today, and similarly we will see measures coming forward from the Premier League—and then, if that does not work, the Government themselves stand ready to take steps to prevent this from happening.
Oral Answers to Questions
Chi Onwurah Excerpts(3 years, 2 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Matt Warman
I know just how keen my hon. Friend is to tackle broadband roll-out in the rural parts of his constituency as well as in the urban. As I mentioned, Project Gigabit will lay out a nationwide plan and it will do so in a way that promotes competition so that we get the best that the whole of the market can offer, including Openreach, but also other providers.
Chi Onwurah (Newcastle upon Tyne Central) (Lab) [V]
Our Parliament, our businesses, our students, our economy and our social lives all depend on broadband. In 2019, the Prime Minister promised full fibre for all by 2025, and the 2020 Budget set aside £5 billion for that. Can the Minister confirm that only £1.2 billion of that £5 billion is planned to be spent by 2025, and that today’s decision by Ofcom to remove pricing controls will deliver greater profits for BT while allowing Openreach to charge more in rural areas that are already broadband-poorer? When will the country as a whole get the broadband infrastructure we so desperately need?
Matt Warman
The hon. Lady knows that the Government will spend the £5 billion that has been committed as soon as possible and as quickly as the industry can get the cable into the ground. She also knows that the important balance to strike is between a competitive market that makes sure that we get everyone, from Openreach to Gigaclear to CityFibre, involved, and ensuring that those businesses can make a fair return. That is the balance that Ofcom has sought to strike today.
Cyber-troop Activity: UK
Chi Onwurah Excerpts(3 years, 2 months ago)
Westminster HallRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.
Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
Chi Onwurah (Newcastle upon Tyne Central) (Lab)
Thank you, Sir Charles. I greatly appreciate that, but in any case I would like to start by saying what a pleasure it is to serve under your chairship, and what appropriate discretion you show.
I congratulate and thank the hon. Member for Midlothian (Owen Thompson), who called today’s debate. The internet plays an ever-increasing role in our lives, as the pandemic has shown. Our work, social and family lives, and our Parliament, are all largely online, and we get our news from online sources and develop our politics digitally. Research by Ofcom shows that Facebook now rivals ITV as the second most popular news source for UK adults. That is reflected at party level. In 2018 the UK’s three largest parties spent £3.7 million on Facebook advertising alone, which, as Members have observed, is largely unregulated.
We live in a digital age and there are, unsurprisingly, perhaps, emerging digital threats to our democracy, so today’s debate is overdue and I am concerned that the Government are weak on online protections, and are presiding over continuing delays to the online safety Bill as well as failing to decisively oversee the impact of Huawei on our telecoms networks.
As we have heard, cyber-troops are Government military or political party teams, committed to manipulating public opinion over social media. I want to congratulate the hon. Member for Midlothian again. I was the first Member of Parliament to mention the internet of things in the House. As I understand it, he is the first Member of Parliament to mention cyber-troops in a debate, and in congratulating him—it is, as we have heard, a very important subject—I wonder why the Government are not bringing forward or raising issues of this importance. It has been 11 years since the earliest reports of organised social media manipulation in 2010, which coincided with the first Conservative Government after Labour.
Members have mentioned the research by the University of Oxford that found that cyber-troop teams use a variety of strategies, tools and techniques, but they often have an overarching communications strategy that involves creating official Government applications, websites or platforms for disseminating content, using accounts that are either real, fake, or automated to interact with users on social media, or creating substantive content such as images, videos or blog posts—fake images, as well. They do not have to be sinister or abusive in themselves: for example, Israel deploys the policy of positive interactions with social media users who are critical of the Government, and the Czech Republic seeks to provide neutral fact-checking services. However, negative strategies are used, as we have heard.
These Government-sponsored accounts are not always run directly by the services whose message they are spreading, nor is that message always obvious. The University of Oxford research found one Russian cyber-trooper who ran a fortune-telling blog that provided insight into relationships, weight loss, feng shui, and just occasionally geopolitics, with the goal of weaving propaganda seamlessly into what appeared to be the non-political musings of an everyday person. The serious point is that this can be very hard to detect by the most informed consumer.
With the vast range of activities, sources and strategies deployed by cyber-troops, it is important to keep up with the changing geopolitical landscape, so I ask the Minister to tell me what assessment has been made of these measures deployed by cyber-troops across the world, and specifically what the impact is on UK citizens and our democracy. The emergence of these strategies and threats is a threat to our democracy, which emphasises the importance of collaboration with our friends and allies to fully map the threats that we face. We have heard of the well-publicised Russian disinformation campaign in the US 2016 election, as well as our lack of resilience, and even as our service personnel are mobilised to help contain the pandemic, our adversaries are feeding disinformation and division into our communities. That shows how essential public understanding is in a crisis, and that the enemies of democracy will exploit every weakness. The Government launched the armed forces cyber-regiment last year. That is good, but I ask the Minister why it took so long, and whether we have already been exposed to digital hostility.
The hon. Member for Strangford (Jim Shannon) emphasised the changing role of the armed forces, and I pay tribute to his work with the armed forces. What discussions has the Minister had with the Secretary of State for Defence specifically on cyber-troops? There can be confusion between the responsibilities of the National Cyber Security Centre and those of Ofcom in this key area, so could she outline where the demarcation is there? As we have heard, cyber-troops operate primarily on social media: Facebook, Google, YouTube, Instagram, Reddit, Twitter, and all parts of our social lives, as well as our work lives and consumer lives. However, we have little control over how that content is curated. Facebook itself says that millions of users have been exposed to coronavirus disinformation, so I ask the Minister why we are so slow to introduce any effective regulation of online content, when the online safety Bill will be before us, and whether it will include anything to address cyber-troops.
The hon. Member for Midlothian also highlighted the impact of disinformation on our democracy specifically. What discussions has the Minister had about the need to reform our electoral system to protect it from foreign interference, as the Electoral Commission and the Law Commission have set out in a number of reports? Does she accept that cyber-troops warrant reform to our electoral laws, and what recommendations does she have, if any?
It is harder than ever to trust what we see online, with fake images pretending to be from reputable sources such as the BBC and so on. As we have heard, the Government were themselves guilty of that during the 2019 general election, when they changed their official social media channels to appear as unbiased, neutral fact-checkers. The bots may be following the Prime Minister, but is the Prime Minister following the bots?
So far, the Government appear content to leave those issues to the market, but it is a market that has allowed the spread of disinformation, opening the door to cyber-troops. Self-regulation by the social media giants has failed, and they have made little progress. Twitter has begun checking some of its posts, and Mark Zuckerberg has rolled back on his declaration that Facebook would not become the arbiter of peace, but that is too little, too late, and there is not enough progress. Will the Minister explain why the only requirement that she places on those platforms is that they should not make money from disinformation? Surely there has to be a higher standard than not directly profiting from it.
Finally, anonymity is a complex issue, but the sheer scale of misinformation, online abuse and extremism means that there has to be more we can do. We recognise anonymity as a shield for whisteblowers, victims finding refuge online, or children in minorities exploring self-expression, but how does the Minister see the relationship between anonymity and the work of cyber-troops? Is she looking at the trade-off of protecting privacy and free speech—the hon. Member for Strangford talked about the importance of free speech, and I echo that point—and protecting our democracy and citizens from harm and abuse? Inaction is to make the worst trade-off of them all.
This Government have been in place, in one form or another, since 2010, and in that time we have seen a dramatic change in the prominence and the role that the online world plays in our lives, our democracy, our news and our understanding of the world, yet we have seen no action from the Government. Understanding mapping and measuring the impact of cyber-troops on UK citizens is an action that any responsible Government should be taking. We have heard today about the ways in which cyber-troops are deployed, controlled and developed, but those strategies will not stay the same—they will continue to evolve—and we are not even playing catch-up, because we do not seem to be in the game at all. I am really pleased that those key points have been raised in the debate, and I hope that the Minister will set out in her response the action that the Government will take.
The Minister for Digital and Culture (Caroline Dinenage)
It is a great pleasure to serve under your stewardship, Sir Charles. I join everyone else in thanking the hon. Member for Midlothian (Owen Thompson) for bringing forward this really important topic. I know that he has long been a really powerful and strong voice on the subject, and he is absolutely right to keep bringing attention to the issue, because the worrying industrialisation in disinformation is something that we should all be concerned about.
A number of Members have spoken about the increasing sophistication of digital technology. Even this week there was a deepfake of Tom Cruise on TikTok; it was incredibly lifelike and plausible and was not intended for sinister purposes. That only underlines what is the art of the possible if that technology is in the hands of those who are up to no good. It has always been vital that UK citizens have access to accurate information when it comes to elections but also situations such as our current pandemic; it is vital to our democracy and everyday life as well. Disinformation and mis-information, which is spread without intention, threaten our democratic freedoms and can cause harm to individuals and society, and it is an issue that the Government take incredibly seriously.
That is why we established a dedicated counter-disinformation unit, which brings together cross-Government monitoring and analysis capabilities to build a comprehensive picture of disinformation and misinformation. It works with partners to ensure appropriate action is taken. The hon. Gentleman rightly said that this unit that has generally been stood up at elections; it was stood up during the European parliamentary elections, the UK general election in 2019 and again in March last year to respond to the covid pandemic, and it remains operational. The component parts of the unit remain operational all the time—organisations such as the 77th Brigade, for example.
Throughout the pandemic particularly, the unit has been working closely with social media platforms to quickly identify potential harmful content on their platforms and help them respond to it. We have seen major platforms update their terms of service and introduce new measures to tackle disinformation and misinformation related to covid-19. This is not just about not being able to profit from it; a really important part of the agreement is that they also put up links to reliable, Government-backed sources of information. We welcome this, and there is clearly more to do. We continue to put pressure on platforms to ensure that their policies and enforcement are fit for purpose, while respecting freedom of expression. The unit also works with Government communications teams to ensure that public communications and community engagement address false information where appropriate to do so.
Chi Onwurah
I thank the Minister for her comments and the information she is giving. Before she moves on from the unit for disinformation, when I asked recently how many full-time employees it had, the answer was none. She has talked about how spread out it is, but given the increased importance of disinformation, will there be full-time employees in the unit or will they all have other things to do as well as disinformation?
Caroline Dinenage
It is a unit that expands. There are full-time members of staff dedicated to this, but that is obviously a tiny number in normal circumstances. It expands enormously when the Government disinformation unit is stood up.
Caroline Dinenage
The hon. Gentleman is absolutely right. We are working closely with the police and also the Army, as I have mentioned. I am always slightly nervous about what I am allowed to say around this issue, not being an MOD Minister, but there is the 77th Brigade, which is a military unit dedicated to this sort of activity and with which we work very closely.
While such information can come from a range of sources, we know that certain states routinely use it as a tool to exploit our open system by sowing division and undermining trust in our democracy, as the hon. Gentleman said. This can be through disinformation, cyber-attacks and other methods. We have made it clear that any foreign interference in the UK’s democratic process is absolutely unacceptable—it does not even need to be said—and it is, and always will be, an absolute priority to protect the UK against it. The UK, along with our G7 and NATO partners, is working hard to protect our democracy against disinformation as we work together to tackle the shared threat of covid-19.
We remain firmly committed to protecting our democratic values and our electoral processes, which I know the hon. Member for Midlothian is concerned about, and we have robust systems in place to protect the UK against foreign interference. As he says, it is all about working collaboratively. These systems bring together Government, civil society and private sector organisations to monitor and respond to interference in whatever form it takes. The hon. Member for Newcastle upon Tyne Central (Chi Onwurah) talked about these things sometimes coming in the guise of something that could look quite harmless but can actually be incredibly sinister.
It is absolutely vital to ensure that our democracy stays open, vibrant and transparent. The Government are strengthening our legislative framework, enhancing capabilities and engaging with partners to expand our efforts to ensure the maximum impact. That joined-up approach is supported through the defending democracy programme, based in the Cabinet Office, which provides a strategic co-ordinating forum, drawing together work and expertise across Departments on a number of fronts to protect democratic processes, strengthen the integrity of elections, encourage respect for open and safe democratic participation, and promote open, fact-based discourse.
The Government are taking steps to strengthen elections by introducing legislation, as the hon. Member for Midlothian said, to ensure that the framework is fit for the modern age, for example by updating online campaigning rules. In May 2019, the Government committed to introducing a digital imprints regime, which will inform voters about the source of online campaign material. In August, we launched a technical consultation on this proposal. It closed in November, and further details will be set out shortly.
During major democratic events, the Government stand up an election cell—a co-ordinated structure that works with relevant organisations to identify and respond to emerging issues and protect the safety and security of the democratic process. The counter-disinformation unit works closely with the election cell, co-ordinating the Government’s operational response to any evolving threat of disinformation and other forms of online manipulation. The Government are working really closely with partners to support the delivery of safe and inclusive elections. Of course, the next ones will be very shortly, in May.
The Government welcome the valuable analysis and insight from academia, including the Oxford University report, and we take seriously the findings of other experts in this field. Countering disinformation and other forms of manipulation requires a whole-of-society approach, and the Government are working closely with the Oxford Internet Institute and other stakeholders from civil society, academia and industry to much better understand the issues in this space. In particular, last year the Government launched a counter-disinformation policy forum, bringing together key actors in industry, civil society and academia to improve responses to misinformation and disinformation and, crucially, to prepare for future threats. This forum contributes to the collective understanding of challenges to the information ecosystem, allows us to improve the responses that our organisations can deliver to better mitigate evolving threats posed by false narrative and helps us to prepare for future advances in technology, which is of course what we are all really worried about; as we have already said, the technology evolves rapidly.
We are entering a new age of accountability for the tech industry. The hon. Member for Midlothian and others mentioned the online safety legislation. We announced plans at the end of last year for a groundbreaking rulebook that will make tech companies responsible for tackling harmful content on their sites. This new regulatory framework will give digital businesses much more robust rules of the road, as it were, so that we can seize the brilliance of modern technology to improve our lives while protecting children, building trust and, crucially, tackling criminal activity online.
The full Government response to the online harms White Paper was published at the end of last year and set out how the proposed legal duty of care on online companies will work in practice. It will of course defend freedom of expression and the role of the free press. The new laws will also ensure appropriate checks and balances on platforms’ power over public discourse and will promote a thriving democracy where pluralism and freedom of expression are protected. The laws will have robust and proportionate measures to deal with misinformation and disinformation. That is crucial, because we know that they can cause significant physical or psychological harm to an individual. An example is the anti-vax falsehoods that we are seeing around covid-19 at the moment. Crucially, the Bill will give Ofcom the tools it needs to understand how effectively disinformation is being addressed. That will be done through transparency reports, and then it can take action in the appropriate way, as required.
Chi Onwurah
I thank the Minister for her comments. I asked about the role of Ofcom with regard to cyber-troops and electoral disinformation and whether she sees a role for Ofcom and the NCSC there.
Caroline Dinenage
As the hon. Lady knows, the NCSC is not a regulator, but it provides authoritative advice, and the online harms response says very clearly that it is vital that Ofcom is able to take advice, if necessary, from experts in whatever field, whether civil society, charities, academia or businesses. They will have to work together very collaboratively, because it is Ofcom’s job to hold companies to account to ensure that this issue is being tackled appropriately.
It is important to say that we really do support freedom of expression as a fundamental right. It is an essential element of the full range of human rights. Therefore, while we take action to address false narratives online, we have to remain committed to protecting the freedom of expression that we are so well known for, across our nations. However, our commitment to tackling misinformation and disinformation in all their forms remains an absolutely key priority. Our challenge as a society is to help to shape the internet so that it remains open and vibrant but still protects users from all kinds of harm. It is a really difficult balance to strike, but our commitment to protecting our democratic freedoms and processes from outside interference by any actor, whether state or non-state, remains unwavering.
Budget Resolutions and Economic Situation
Chi Onwurah Excerpts(3 years, 2 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Chi Onwurah (Newcastle upon Tyne Central) (Lab)
It is the greatest crisis that this country has faced since the second world war, and the Chancellor offers us a partisan and peripatetic Budget—partisan because it seeks to shore up the majorities of Conservative MPs, regardless of need or national benefit, and peripatetic as it jumps from area to area and sector to sector, giving and taking with no vision and little ambition, with nothing on social care, nothing for our key industries, nothing for Newcastle and almost nothing on climate change.
There is an infrastructure bank with one 20th of the funding for the failing test and trace system. This should have been the moment to light up the road to recovery; instead, it is a mean and limited mates’ rates economic sticking plaster. There is the super deduction capital allowance, which treats jacuzzis the same as manufacturing lines and rewards Amazon for investing in surveillance technology but not companies for investing in people.
After a decade of the Tories religiously repeating that cutting corporation tax increases the revenues brought in, apparently raising corporation tax now increases the revenues brought in. It really is the Tory magic money tree, is it not? It shows that all the years of austerity were driven by Tory ideological fantasy, even though they were a horror story for the communities that suffered, the public services that were cut and the jobs that were lost.
What about small businesses? For a year now I have heard from the wonderful, vibrant businesses in Newcastle Central that are trying so hard to keep going in this pandemic. They have shown amazing resilience and dedication to the protection of customers and jobs. They have invested thousands of pounds in making their premises covid-secure, in the technology to move online if they can, or in diversifying the services that they offer. Some are paying the costs of staff furlough from their own pockets and borrowing against their homes to do so. One pub owner told me that if he gets through this pandemic, he will be working for the bank for the rest of his life.
I wrote to the Chancellor about the town hall that I held last month for Newcastle Central businesses that have been excluded from covid-19 support because they were started a week too late, earned a few pounds too much or do not have business premises. There are thousands of them in Newcastle Central—what did the Budget do for them? There was the continuation of existing schemes, but nothing for those who fall through the existing gaps.
The Government say that local authorities have funds for discretionary grants—which is true, and Newcastle City Council has worked incredibly hard to distribute them—but it is a cowardly and base attempt to dodge responsibility. The Government know that they have not offered anything like the funding necessary to fill the gaps in support which they have created. If the Government allow our small businesses to go bankrupt, the demand we will see after this pandemic ends will be met by big national or international chains and fire-sale venture capitalists, not the local businesses that our economy and communities need.
Telecommunications Infrastructure (Leasehold Property) Bill
Chi Onwurah ExcerptsWednesday 24th February 2021
(3 years, 3 months ago)
Commons ChamberRead Full debate Telecommunications Infrastructure (Leasehold Property) Act 2021 View all Telecommunications Infrastructure (Leasehold Property) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Commons Consideration of Lords Amendments as at 24 February 2021 - (24 Feb 2021)
Matt Warman
Members will be aware, none the less, that despite the importance of that connectivity, there are barriers facing infrastructure deployment, and there is no panacea. But there are steps and then strides and then leaps in the right direction, and this Bill is an important one of those steps.
We expect these provisions, which will affect some 10 million people in the UK who live in flats and apartments, to make a real difference to the vital roll-out of better broadband to which the Government remain totally committed. I trust that Members will have seen that a consultation on further potential changes to the electronic communications code has now been published. We will carefully consider whether further legislative changes are necessary as a result of what we learn from that consultation. Crucially, these measures will take into account the interests of those needing greater connectivity, balancing the interests of landowners as well. Just as with the Bill, that balance is crucial to ensuring that we continue to bridge the digital divide.
The House is here to debate three Lords amendments. I will deal with Lords amendment 1 first. The purpose of Lord Clement-Jones’s amendment on Report in the other place was to clarify that people who rent their flat can make use of the policy in the Bill. Earlier this year, when the Bill made its way through this House, hon. Members felt similarly to Lord Clement-Jones, and that sentiment was subsequently shared in the other place. It remains the case that the Bill has always applied to people living in a flat under the terms of any lease. The most common form of tenancy in the UK, assured shorthold, is a lease, and it has never been our intention to provide otherwise. However, we are aware of the strength of feeling, and while, as drafted, Lords amendment 1 would create an inconsistency with the rest of the electronic communications code, the amendment I am moving clarifies that people who occupy a property under a lease are able to make use of this policy, and it does so in a way that avoids legal ambiguity by clarifying the definition of the lease in the electronic communications code to ensure that that definition includes, for example, any tenancy.
I also encourage the House to agree with Lords amendment 2, tabled in the name of the Minister, Baroness Barran, on Third Reading in the other place in the light of concerns that have been raised there—and, indeed, here—regarding anti-competitive behaviour. It protects competition in the market and ensures that those installing infrastructure do not do so in a way that would prevent a subsequent operator from installing their own apparatus.
I now turn to the main business, which is really in Lords amendment 3. This amendment would add a new clause to the Bill requiring the Secretary of State to commission a review of the impact of the Bill on the electronic communications code, including an assessment of whether the code is sufficient to support 1 gigabit broadband roll-out to every premises by 2025, and further requiring that separate assessments be made of whether the code should be amended to introduce a number of rights, which I will come on to in a minute.
I am grateful to members of the other place for bringing forward the amendment, which the Government understand aims to provide transparency, but those good intentions would none the less introduce some impractical and unnecessary measures to the code that fall outside the purpose of the Bill and, indeed, the code itself. The code is a framework for regulating agreements between landowners and telecoms operators for the installation and maintenance of communications equipment on public and private land. The code is technology-neutral. It is simply not possible to judge whether the code supports access to 1 gigabit broadband because it is not designed to facilitate solely gigabit-capable connections; it is about access to land to facilitate installation, maintenance and upgrading.
That said, while it is logical to assume that, with the market currently deploying those connections, the provisions in this Bill will be used for deployments of those connections, they may equally be used for superfast, ultrafast or other services. The only basis on which to judge the code is to examine the availability of all types of connections. That is why Ofcom, the independent regulator, publishes its annual “Connected Nations” report, which provides a wealth of information on fixed and mobile connections. Should Ofcom raise questions, the Government continue to provide answers in the House and the other place. The report shows progress in 4G and 5G.
Furthermore, there are also other established means of scrutiny through Select Committees. In the past three months, there have been a number of reports from various Select Committees. Hon. Members can rest assured that the Department’s feet are being firmly and regularly held to the fire. Ministers, of course, always relish that process.
The amendment moves on to matters relating to the powers of gas, water and electricity suppliers. The Government recognise that further changes to the code may be required if it is to support the achievement of our coverage and connectivity targets effectively. Shortly before the Bill’s Third Reading in the other place, the Government published a further consultation on possible changes. I encourage Members to respond to that consultation. I am sure they will appreciate and understand the importance of respecting a person’s right to enjoy their property peacefully, so any intervention that seeks to interfere with property rights must be proportionate and justified. The new consultation seeks those reports until 24 March.
Additional permitted development rights are a planning matter and an issue not for this Bill or the electronic communications code. I am sure that many Members know that telecoms operators are afforded significantly more flexibility in how they install their infrastructure. That includes, for example, permitted development rights and exemptions from a number of requirements to request planning permission. That is why my Department continues to work very closely with colleagues in the Ministry of Housing, Communities and Local Government. In August 2019, we launched a joint consultation with MHCLG regarding potential reform of permitted development rights. The Government published our response in July 2020, and, subject to a technical consultation, we will take forward proposed reforms. We expect to publish that consultation in spring this year.
Encouraging telecommunications operators to undertake infrastructure works alongside other works was another issue raised. It relates to the co-ordination of streetworks to promote greater collaboration between telecoms providers, local authorities and the suppliers of gas, water and electricity. My Department has worked closely with the Department for Transport on a number of areas of mutual interest, and it will continue to do so.
In 2020, the Government released a new street manager digital service—the largest update to streetworks in a generation—that has already helped to simplify and improve the planning and co-ordination of works throughout England. That is vital for the deployment of broadband. I hope that hon. Members recognise that streetworks are a transport issue, and not a matter for this Bill or the electronic communications code. It should be noted, furthermore, that roads are a devolved matter and therefore should not be considered in legislation that relates to the reserved matter of telecoms, as this Bill does.
Although we absolutely appreciate and understand that this is a well-intentioned amendment, it is, as I have outlined, none the less impractical. It seeks details on matters outside the code’s competence to provide, such as gigabit connections, and improved planning and streetworks. I hope hon. Members are none the less reassured by the recent publication of the Government consultation, which seeks responses on whether further changes are required to the electronic communications code. I also hope they trust that the Government stand ready to look at the evidence that is made available and act where the need to act is demonstrated. We are hopeful that, once the responses are received and considered, we will have an even more informed idea about the way forward to support the delivery of connectivity and the role that the Government should play in relation to that. I ask the House to disagree with amendment 3.
I thank all hon. Members who are down to contribute for taking an interest in this vital issue. Parliamentary scrutiny is an important part of our commitment to rolling out the broadband that all our constituents deserve across the country. I look forward to hearing the subsequent debate.
Chi Onwurah (Newcastle upon Tyne Central) (Lab) [V]
I begin by thanking colleagues in the other place who have worked so hard to improve the Bill—and for longer than many would have expected, as the Government delayed the Bill until they thought they could resolve their Back Benchers’ concerns on the human rights amendment. That continues to ping-pong as part of the Trade Bill, but I hope we can now move quickly and decisively to resolve the matters of telecoms infrastructure.
The pandemic has shown us how important good fast stable broadband is, with so many people currently depending on it to work from home and stay in contact with friends and family. It is just over a year since I stood at the Dispatch Box for the Second Reading of the Bill and argued that broadband was a vital utility. The pandemic has proved that beyond doubt. I join the Minister in paying tribute to the infrastructure providers who have supported our connectivity at this difficult time, while recognising how much still needs to be done to close the digital divide. I am pleased that the Lords amendments we will be discussing today reflect the issues that Labour has been raising consistently at every stage of the Bill.
The first amendment removes ambiguity over the definition of a lessee and expands the scope of the Bill to be more inclusive with regard to tenants. The amendment would ensure that introductory or probationary tenancies in local authority housing, flexible or joint tenancies and demoted tenancies were all covered. Labour first raised this as amendment 2 on Report, and the Liberal Democrats tabled an amendment in the Lords. This has been replaced by the Government amendment in lieu, with parts (a) and (b) making technical changes to avoid contradictions between this Bill and the Communications Act 2003. We welcome that, but we are concerned that the Government missed this issue, leaving it for others to raise. The interests of tenants as well as those of leaseholders must be kept in mind.
The Government’s amendment, Lords amendment 2, is based on Labour’s amendment 3 on Report. Labour is the party of business, and we are keen to remove barriers to competition and interoperability, and to encourage a competitive market. However, we feel that the Government’s changes to this amendment mean that it does not go far enough.
As the Bill stands, one operator can technically “capture” a building, locking the residents into its service. The Government amendment seeks to ensure that this cannot happen, and the option for diversification is left open. However, it does not encourage deployment and inter- operability. Labour is pleased that the Government have offered concessions on competitiveness and inter- operability, so we will not oppose this amendment as we consider it a gesture in the right direction. However, UK businesses and consumers deserve more than gestures. They need real action to promote competition, and the Bill was a chance for the Government to do that.
Finally, Lords amendment 3 is Labour’s new clause. This has been designed to provide accountability and transparency via a review of the impact of the Bill and the sufficiency of the electronic communications code to support gigabit roll-out. Labour believes that this is vital to ensure that the mechanisms in the Bill are robust and well resourced enough to ensure that legislation does not fail when it makes contact with reality. We do not want to be back here with further legislation after more wasted years for our telecoms infrastructure. This amendment provides the mechanisms to empower the Government to meet and assess their roll-out targets. The Government tell us that the Bill is just about freeholders, but it is clearly part of a larger puzzle. Indeed, the noble Lord Parkinson confirmed that, stating that the Bill was
“one discrete instrument in the Government’s overall strategy”—[Official Report, House of Lords, 2 June 2020; Vol. 803, c. 1331.]
We must know, first, what that strategy is and, secondly, how this Bill is contributing positively or negatively to the telecoms landscape. The Minister said that this would undermine technology neutrality, which is somewhat rich, given that the gigabit ambition was a technologically neutral downgrading of the Prime Minister’s original fibre ambitions.
Oral Answers to Questions
Chi Onwurah Excerpts(3 years, 3 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Caroline Dinenage
I thank the hon. Lady for her question. As I have said, tackling disinformation in all its forms, including vaccine disinformation, remains a key priority for the UK. As we set out in the full Government response, the online safety Bill will introduce a duty of care that requires companies to address online harms such as harmful disinformation that could impact on people’s health and safety on their platforms, and that legislation will be put forward this year.
Chi Onwurah (Newcastle upon Tyne Central) (Lab) [V]
Mr Speaker:
“No one should have to accept racist abuse as the price to pay for being in the public eye”,
the Secretary of State assured footballers. No one should have to accept racist abuse full stop, and no one should be subject to extremist grooming or have their lives endangered by anti-vax misinformation, but they are, and for 10 years Conservative Governments have refused to act. As the head of UK Counter Terrorism Policing tells us, extremism has become so widespread online that it “cannot be policed”. Will the Minister say what steps she has taken to protect us and, please, no more vague assurances for the future?
Caroline Dinenage
Of course, we want the internet to be a very safe space for all users, and we are very clear that what is unacceptable online is just as important as what is unacceptable offline. That is why we are absolutely committed to tackling extremist views, racist views and views that promote violence, hatred and division against individuals and against communities. We want the internet to be a safe space for all users, which is why the online harms framework will require companies to have very clear terms and conditions about how they would respond to such hateful content, and they will be expected to implement those conditions consistently and transparently.
Telecommunications (Security) Bill (Eighth sitting)
Chi Onwurah ExcerptsTuesday 26th January 2021
(3 years, 4 months ago)
Public Bill CommitteesRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 26 January 2021 - (26 Jan 2021)
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
It is a pleasure to be back under your chairmanship, Mr McCabe.
I will try to rattle through these as quickly as I can. Clauses 18 to 23 cover monitoring and enforcement, and further provisions relating to non-disclosure and information requirements. Clause 18 gives the Secretary of State the power to give Ofcom a monitoring direction, requiring the regulator to obtain information relating to a public telecoms provider’s compliance with a designated vendor direction and to provide that information in a report to the Secretary of State.
The clause also includes requirements about the form of such reports and the procedures around their provision, but it does not create any new powers for Ofcom, which already has them under section 135 of the Communications Act 2003. The provisions in the clause are an integral part of the compliance regime. The power to give a monitoring direction to Ofcom is necessary to ensure that the Secretary of State has the ability to require it to provide the information needed to assess compliance with designated vendor directions.
Clause 19 provides Ofcom with the power to give inspection notices to public communications providers. The provisions will apply only where the Secretary of State has given Ofcom a monitoring direction. Inspection notices enable Ofcom to gather information from communications providers in relation to their compliance with a direction. The notices are a tool for Ofcom to give effect to its obligations under a monitoring direction.
Clause 19 also sets out the new duties that inspection notices can impose, the types of information that they can be used to obtain and how the duties in an inspection notice will be enforced. Ofcom may only give inspection notices in order to obtain information relating to whether a provider has complied or is complying with a direction. The notice power cannot be used to obtain information relating to whether a provider has complied or is complying with a direction. The notice power cannot be used to obtain information relating to how a provider is preparing to comply with a direction. Ofcom can instead use its other information-gathering powers under section 135 of the Communications Act 2003 to obtain such information.
Clause 20 provides the Secretary of State with the powers necessary to enforce compliance with designated vendor directions, as well as with any requirement for a public communications provider to prepare a plan setting out the steps it intends to take to comply. It is the Secretary of State’s responsibility to issue directions where necessary in the interest of national security. Clause 20 is essential to ensure that the Secretary of State can carry out this role effectively and enforce compliance with any directions issued. New sections 105Z18 to 105Z21 will be inserted into the Communications Act 2003 for this purpose. The provisions set out the process that the Secretary of State will follow in instances where an assessment is made that a public communications provider is not acting in compliance with the direction or with the requirement to provide a plan. The process encompasses giving a contravention notice, enforcing it and imposing penalties for non-compliance. The clause is essential in ensuring that the Secretary of State can carry out the role effectively and deters and penalises instances of non-compliance.
Clause 21 provides the Secretary of State with the power to give urgent enforcement directions. Provisions to enable urgent enforcement are needed in cases where the Secretary of State considers that urgent action is necessary to protect national security or to prevent significant harm to the security of a public electronic communications network, service or facility.
Clause 22 creates a power for the Secretary of State to impose a requirement on public communications providers or vendors not to disclose certain types of information without permission. The provisions are necessary to prevent the unauthorised disclosure of information, which would be contrary to the interest of national security.
Finally, clause 23 creates a power for the Secretary of State to require information from a public communications provider or any other person who may have information relevant to the exercise of the Secretary of State’s functions under new sections 105Z1 to 105Z26. For example, the Secretary of State can require information on a provider’s planned use of such goods or information relating to how a network is provided. It can also include information about the proposed supply of goods or services. The ability to gather such information would ensure that the Secretary of State is able to make well-informed decisions when considering whether to issue designation notices and designated vendor directions. Information obtained through the use of this power can also be used to support the monitoring of compliance, with directions supplementing information gathered by Ofcom through its information-gathering and inspection notice powers.
To summarise, new sections 105Z18 to 105Z21 together establish the power and processes that outline how the designated vendor regime will be monitored and enforced. The provisions in clause 22 are needed to manage the disclosure of information, the unauthorised disclosure of which may be contrary to national security, and clause 23 will ensure that the Secretary of State is able to obtain the information necessary to make assessments to determine whether to give a notice or direction and to assess compliance.
Chi Onwurah (Newcastle upon Tyne Central) (Lab)
It is a pleasure to serve under your chairmanship once again, Mr McCabe. I will not detain the Committee long with a consideration of the clauses, and I thank the Minister for so ably setting out what the clauses aim to achieve. Indeed, we on this side recognise the importance and the necessity of clauses 18 to 23 in establishing the process and ensuring the powers to obtain information and enforce direction as part of that process.
We only reiterate a small number of important points to draw attention once again to the breadth of the powers, which enable the Secretary of State to require information to an almost unlimited extent. Given the breadth of the powers, the information and progress on the telecommunications diversification strategy is, once again, notable by its absence. Given the breadth of the requirements, it is notable that there is nothing on progress on the diversification strategy. Nor, if my memory serves me correctly, does the impact assessment reflect the potential costs to either the network operators or Ofcom in exercising these powers. The clauses do not set out the impact and they emphasise once again the importance of Ofcom having the appropriate resources to enable it to carry out the requirements effectively. I hope that the Minister will bear those limitations in mind in his ongoing review of the Bill.
Question put and agreed to.
Clause 18 accordingly ordered to stand part of the Bill.
Clauses 19 to 23 ordered to stand part of the Bill.
Clause 24
Further amendment concerning penalties
Question proposed, That the clause stand part of the Bill.
Mr Kevan Jones (North Durham) (Lab)
I would like to speak to new clause 7, which stands in my name. It is related to new clause 3, in the name of my hon. Friend the Member for City of Chester. As he has just said, Ofcom has had an expansion of its duties in the last few years and become a little bit like a Christmas tree with added responsibilities, but none of them will be as important for the nation’s future as this. That is not to decry any of the expertise or other duties that Ofcom has, but national security and the security of our national telecoms infrastructure, is a vital new task. I have said before that my concern about Ofcom centres on national security. That is why I have tabled amendments to the Bill. My fear is that Ofcom will not have the necessary expertise, although I am not suggesting that it cannot develop into a good regulatory body looking at security and our national telecoms infrastructure.
I tabled parliamentary questions on Ofcom’s budgets and headcounts, and I am glad to see that its budget and personnel have increased as its tasks have grown. That was not the case in 2010, when its budgets were subject to some quite savage cuts. My concern—I will call this my Robin Day approach—is that we have to future-proof Ofcom to ensure that the organisation not only has the budget but also has the personnel it needs. I do not want to suggest that the Minister would want to cut Ofcom’s budget at present, as it does important work. However, it is a regulator and perhaps does not have the clout of a Government Department, so any future Chancellor or Treasury looking for cuts disguised as efficiencies could see it as easy, low-hanging fruit.
Ensuring that the Secretary of State undertakes duties highlighting Ofcom’s efficiency puts a spotlight on the basis of considerations by future Administrations of any political persuasion. That will be important, not just in the early stages but as we continue. It may take a while for Ofcom to get up to speed, but I want to ensure that that continues. The obligation for the Secretary of State to report on Ofcom would at least give me comfort that first, it is being looked at and, secondly, that civil servants cannot in future just assume that an easy cut can be made but which might then impact on our national security.
I raised another subject with the head of Ofcom when she appeared before the Committee. I do not really want to rehearse the discussions again, but as the Bill progresses the Minister will have to give assurances on security, and try to demonstrate the close working relationship between Ofcom and the security services. That will be important, as it will give credibility to the expectation that Ofcom can actually do the job that we have set out. If the Minister does that, it will reassure people who may not be convinced that Ofcom has the necessary expertise, and ensure that that close working relationship continues, not just now but in future, so that national security is at the centre of this.
There will always be a balance—as I said, we saw it in the National Security and Investment Bill—between wanting, quite rightly, to promote telecoms as a sector, and national security. I fall very much on the side of national security being the important consideration, and we need to ensure that that is always the case. It is important that national security and intelligence agencies are able to influence these decisions, not just in respect of Ofcom but also in respect of Ministers in future.
Chi Onwurah
I support and second the comments and contributions of my hon. Friend the Member for the City of Chester (Christian Matheson) and of my right hon. Friend the Member for North Durham (Mr Kevan Jones), who tabled new clauses 3 and 7. I would also like to congratulate the Committee on having made it through, as it were, the thickets of the Bill as it stands to the sunlit uplands of our new clauses, which are designed to improve it in a constructive and supportive way.
New clauses 3 and 7 both address the challenge of Ofcom’s resources. As Members of the Committee know, I joined Ofcom in 2004. I know that we are not allowed to use props in debates in the Chamber, but the Communications Act 2003, which I am holding in my hand, is the Act with which the Bill is concerned. The changes that the Bill makes are mainly adding to that Act.
When I joined Ofcom in 2004, the Act was about half the size it is now. I am grateful to the Vote Office for printing and binding the enlarged Act which, as I said, is about double the size it was when I joined Ofcom. That is because—my hon. Friend the Member for City of Chester alluded to this—Ofcom has acquired responsibility for critical national infrastructure, the BBC, the Post Office. What is not yet reflected in the Act is Ofcom’s soon-to-be-acquired responsibility for the entirety of our online existence, as reflected in an online safety Bill, which has yet to make its appearance but has the absolute commitment of the Minister’s Department.
Mr Jones
This is about resources for Ofcom as a whole, but there will also be debate within Ofcom about how its resources are spent. Without any ring-fenced moneys for security, is my hon. Friend concerned, like me, that not only the external control of the budget but that debate internally might compromise security?
Chi Onwurah
My right hon. Friend makes an excellent point. This debate is important for the Bill and important for our new clauses. It is also important that the Minister clarifies what the duties and priorities of Ofcom should be. Having worked for Ofcom at a different point in its history, I can tell hon. Members that when there is, say, a complaint about the behaviour of somebody in the “Big Brother” household that is hitting all the headlines in all the newspapers, that attracts the sudden concentration of resource—unnecessarily, one might argue. There needs to be a counterweight, if you like, to those headline-driven resourcing bottlenecks, which would be either ring-fencing or reporting on how resource is being used to support national security.
All Opposition Members are clear that national security must be the first priority of Government, and therefore the first priority of Ofcom. This is all the more relevant as I pick up the Communications Act 2003, in all its weightiness, where we find the general duties of Ofcom in section 3:
“It shall be the principal duty of OFCOM, in carrying out their functions—(a) to further the interests of citizens in relation to communications matters; and (b) to further the interests of consumers in relevant markets, where appropriate by promoting competition.”
Security is not mentioned—national security or telecommunications security. During the evidence sessions, the argument was made, although I forget by whom, that security was a necessary part of furthering the interests of citizens in relation to communication matters. That is possibly true, but I still think this important issue would be improved by clarity.
As we know, there is a significant pressure on Ofcom’s resources, which changes week by week and month by month depending on what the issues are in the many and increasing domains in which it operates. If these principal duties of Ofcom do not reflect our national security, the concern is that having no direct reporting mechanism to Parliament could mean these resources being used opaquely, with no direct requirement to prioritise national security. I hope the Minister will agree that new clauses 3 and 7 solve a problem the Bill will have in practice. I hope that if he will not agree to the clauses as they stand, he will agree to consider how Ofcom’s prioritisation of national security interests can be made clearer.
Mr Jones
As I have said before, I am not a great fan of arm’s length regulators, because it is a way of Government Departments and Ministers off-loading their responsibilities. Given how my hon. Friend has described the Bill, the way this is going means that Ofcom will be larger than DCMS in the future. Does she share my concern about accountability if things go wrong? It is a good get-out for the Government to be able to hide behind Ofcom, rather than Ministers taking direct responsibility.
Chi Onwurah
As always, my right hon. Friend raises a good point. Having worked for a quango, I had clear insight into the line between independence and dependence, and into the importance of the political will of the Government, regardless of supposed independence. Equally, I saw how any regulator or supposedly independent organisation can be used as a shield for Ministers who do not want to take responsibility.
My right hon. Friend also raises a good point about the hollowing out of capacity in Government Departments. A consequence of 10 years of austerity and cuts is that DCMS and other Departments do not have the capability, capacity or resources that they previously might have enjoyed. I will point out to the Minister the example of the Government’s misinformation unit. It has no full-time employees and is supposed to exist using resources already in the Department—for something as critical now, with the vaccine roll-out, as disinformation.
My right hon. Friend is right to emphasise that given the relationship between the Government and Ofcom, which is an independent regulator, and given the increase in responsibilities that the Bill represents at a time when other responsibilities are also being added to Ofcom, the Minister cannot have it both ways. He cannot have no visibility when it comes to Ofcom’s resources and capacity while giving it yet more responsibility. In fact, this seems to be responsibility without accountability. I hope the Minister will take on board the suggestions in new clauses 3 and 7.
Matt Warman
I thank the hon. Lady for her contributions. To address her central point, it would not be possible for Ofcom to meet the duties Government have tasked it with without addressing the foundational issue of security. It is important that we bear in mind that that is not an exhaustive list, but security will always be a foundational point.
The new clauses would require the Secretary of State to lay a report before Parliament within 12 months of Royal Assent. New clause 3 would require Ofcom to publish an annual report on the adequacy of its budget, resourcing and staffing levels in particular.
As the Committee is aware, the Bill gives Ofcom significant new responsibilities. Ofcom’s budget is approved by its independent board and must be within a limit set by the Government. Clearly, given the enhanced security role that Ofcom will undertake, it will need to increase its resources and skills to meet these new demands. As such, the budget limit set by the Government will be adjusted to allow Ofcom to carry out its new functions effectively. This is of a piece with the direction of travel we are going in. In 2012, Ofcom had 735 employees. Last year, it had 937 employees, so as its remit has expanded, so has its headcount. That will continue to be reflected in the level of resourcing that it will be given.
Matt Warman
The reality is that the relationship between Government Departments and regulators is very often incredibly close, but independence is an important part of regulation. Although the right hon. Gentleman makes a reasonable point about the optimal size for in-house expertise versus external expertise, it is getting the balance right between Ofcom, the National Cyber Security Centre and DCMS that this Government and the reporting measures we already have are fundamentally committed to providing.
The right hon. Gentleman talked about Ofcom’s resourcing. Ofcom will not be making decisions on national security matters, as we have said repeatedly, but it will to be responsible for the regulation around these issues. As the right hon. Gentleman said, the Intelligence and Security Committee has shown great interest in how Ofcom is preparing for its new role.
As for the point about disclosure and resources, I would be happy to write to the ISC to provide further details in the appropriate forum about Ofcom resourcing and security arrangements. This could include information that cannot be provided publicly, including information about staffing, IT arrangements and security clearances of the sort that we have discussed. I hope that Opposition Members understand that that is the appropriate forum to provide reassurance and to satisfy the legitimate requirements of public scrutiny on this issue.
Chi Onwurah
I thank the Minister for giving way and for the tone of his response to the different points we made. I will leave the reassurance about writing to the ISC to my right hon. Friend the Member for North Durham. Does the Minister recognise that that does not address the issue of Ofcom’s resources and reporting more generally, particularly lower down the pipeline, when it comes to national security? We have emphasised again and again the breadth of powers. The Minister has said that Ofcom will have the discretion, for example, to require an audit of all operators’ equipment—an asset register audit. It will take significant resource to understand the audit when it comes back. There are significant resource requirements involved that do not necessarily require security clearance but are nevertheless essential to effective security, and the Minister does not really seem to be offering reassurance on those.
Matt Warman
I would say that there is a sensible place to put some of that information, which is the communication to the ISC that I have offered, and there is a sensible place to put other information, which is the annual reporting that already exists. Hopefully the hon. Lady can find some comfort in the fact that both the information that cannot be shared publicly and the information that can will be subject to an appropriate level of parliamentary and public scrutiny.
Brought up, and read the First time.
Chi Onwurah
I beg to move, That the clause be read a Second time.
New clause 5 is similar in its intent to amendment 19, which we discussed earlier. As with all our amendments and new clauses, it is designed to improve the Bill through ensuring greater scrutiny, focus, transparency and security for the diversification of our network. It would introduce a requirement for the Secretary of State to report to Parliament on the impact of vendor designation on national security risks. It would also require Ofcom to produce a forward-looking report on future threats to network security and undertake an assessment of the adequacy of existing measures.
At the centre of the new clause is a wish to reflect the importance of national security not as a snapshot in time but as something that needs to be continually monitored, considered and assessed for future impact. The new clause would require the Secretary of State to produce an annual report for the Intelligence and Security Committee of Parliament. That would ensure that the report can be comprehensive with regard to security issues that might not be appropriate to share with the public or the Digital, Culture, Media and Sport Committee. The new clause would require that the annual report should concern designated vendor directions made under new section 105Z1 and designation notices issued under new section 105Z8. The report must contain an assessment of the national security risks underpinning the directions and notices made under those sections. That is for the Secretary of State to report.
In addition, Ofcom would be required to produce an annual report for the Intelligence and Security Committee to assess the adequacy of existing security measures within the UK public electronic communication network and services. Critically, it should assess future threats to the security of the networks.
As we have discussed, the Bill gives major sweeping powers to the Secretary of State and Ofcom. We want to ensure that they are proportionate and accountable. Like amendments 5, 9, 10, 20 and 22 to 25, the new clause seeks to address issues of oversight, scrutiny and transparency. We have taken some heart from the Minister’s recognition in the previous debate of the unique role of the Intelligence and Security Committee in assessing security implications, in that case resourcing for Ofcom. The new clause would ensure a focused accountability to Parliament, via the Intelligence and Security Committee, of the notices, designated vendor directions and designation notices made under the provisions of the Bill, and the existing security measures and future threats.
As aspects of this have already been debated, I want to focus on assessing future threats to the security of the network and services. The Minister might say that that is part of the responsibility of the National Cyber Security Centre. What we see is a massive transformation of how the UK addresses security in telecommunication networks, for very good reasons, and a significant amount of the responsibility falls on Ofcom.
The Minister has written to us about how Ofcom and the NCSC will be expected to work effectively together, and we welcome that, but it is also important that Ofcom demonstrates that it has the resources and skills to assess forward-looking threats to the security of our networks. If the measures in the Bill are to be effective for the next five or 10 years, there must be adequate accountability and assessment of future threats, so that we do not find ourselves once more in the position that we are in now because there has been a wholesale change to the networks and Parliament has not been able to assess the implications.
Matt Warman
As the hon. Lady said, we have addressed various issues relating to the new clause in previous debates. It is important to stress that Ofcom has the resources that it needs. She talked about its ability to face the future, but in our evidence sessions, we talked to Simon Saunders, the director of emerging technology. I know she does not wish to suggest that Ofcom does not do this already, but demonstrably it is already proactively engaged in horizon scanning.
Chi Onwurah
Speaking as someone who was head of technology at Ofcom, I am aware that it engages in horizon scanning. I am sure the Minister will come on to this, but while there might be horizon scanning to understand how markets evolve and what level of competition may be seen in new markets in the future, the new clause deals specifically with horizon scanning for security and security threats. I am sure the Minister will focus on that.
Matt Warman
It is important to say that we have amended section 3 of the Communications Act 2003, to which the hon. Lady alluded, so that Ofcom must have regard to the desirability of ensuring the security and availability of networks and services, so that should be incorporated into the horizon scanning work.
Chi Onwurah
This is an important point. I do not think the 2003 Act has been amended, since I had it reprinted a week ago. We were talking about the principal duties. Under section 3, Ofcom has about two and a half pages of duties that it needs to carry out, but only two principal duties. Those principal duties do not mention security.
Matt Warman
The hon. Lady is right, but as of 31 December 2020, section 3(4) states:
“OFCOM must also have regard, in performing those duties, to such of the following as appear to them to be relevant in the circumstances…the desirability of ensuring the security and availability of public electronic communications networks and public electronic communication services”.
It is absolutely there, but I fear we are getting into a somewhat semantic argument.
Chi Onwurah
The Minister is generous in supporting this back and forth in debate. I will close by pointing out that the duty to which he refers is one of 13 duties, so it can hardly be considered a priority. To put it more fairly, to ensure that it is a principal priority, it would need to be elevated.
Matt Warman
I think an organisation of 937 people can cope with 13 priorities. On one level, however the hon. Lady makes a reasonable point, and it is not one that we disagree with. Security has to be absolutely central to the work that Ofcom will do.
I will not restate the points I have made about how seriously we take the Intelligence and Security Committee and how seriously we will continue to take it. We will continue to write to the Committee on topics of interest as they arise and we are happy to continue to co-operate in the way that I have done; however, as I said in the debate on amendment 9, the primary focus of the ISC is to oversee the work of the security and intelligence agencies, and its remit is defined in the Justice and Security Act 2013. Amending the Bill to require regular reporting to the ISC, as proposed by the new clause, would risk the statutory basis of the ISC being set out across a range of different pieces of legislation.
Matt Warman
That may well be the case, but the right hon. Gentleman is not going to win it here—that is the important point to make. It is right not to try to address this issue in the new clause, but the Government will continue to take very seriously the work of the ISC, as he would expect.
Additionally, the new clause is designed to require Ofcom to provide annual reports to the ISC, which would, as the right hon. Gentleman knows, be particularly unusual in the context of the work of the Committee, as Ofcom will not be making judgments about the interests of national security under the Bill, or as part of its wider function. Ofcom’s role as regulator seems not to be something that comes under the purview of the ISC, even if I understand the broader point. As I said earlier, however, the NCSC is very much under the purview of the ISC, and there are plenty of opportunities for the Committee to interrogate the work of that excellent agency. I am sure the Committee will continue to take up such opportunities with vigour, but as I have said before, it would not be right to seek to reframe the remit of the ISC through the new clause. I ask the Opposition to withdraw it.
Chi Onwurah
I thank the Minister for his comments and for engaging so readily in debate. I have to say that we feel very strongly about the new clause, both for parliamentary scrutiny and for ensuring that Ofcom is looking forward and assessing future threats. With bated breath, I wish to test the will of the Committee on the new clause.
Question put, That the clause be read a Second time.
New Clause 6
Brought up, and read the First time.
Chi Onwurah
I beg to move, that the clause be read a Second time.
It is with some sadness that I come to the last new clause we have to present—[Interruption.]. I see that causes some hilarity in the Committee; I am sure that is just nervous laughter and everyone shares my dismay that the focus on telecommunications that the Committee has ably exhibited for the last few sittings will soon come to an end. Our consideration in some detail of the importance and implications of our telecoms network’s security must conclude, but I am pleased that we end on this new clause, which sums up one of the key themes we have focused on throughout our discussions: the importance of the diversification strategy.
Many amendments tabled by the Opposition reflect our concern that the Bill claims to seek the security of our telecommunications networks and yet does not mention once the diversification strategy. We are moving the new clause to put that right. We support the Bill and the Government’s aims in the Bill. We believe it is right to remove high-risk vendors from the UK’s networks and to take the measures in the Bill that will ensure that the Government will be able to designate vendors and require telecoms operators to comply with security requirements. However, those steps must go hand in hand with credible measures to diversify the supply chain, and that must be subject to parliamentary scrutiny.
As I said, the Bill as drafted fails to mention the Government’s diversification strategy and chooses to ignore the impact that the new powers afforded to the Secretary of State and Ofcom will have on supply chain diversity. The Minister recognises that they will reduce diversity, yet there is no reference to the steps that will be taken to diversify the supply chain. The new clause would require the Secretary of State to report on the Government’s diversification strategy’s impact as it relates to the security of telecommunications networks and services.
The Opposition have argued throughout our deliberations that the sweeping powers afforded to the Secretary of State and Ofcom by the Bill must be put under proportionate scrutiny, and the new clause would do that. It would bring about a debate in the House on the findings of the Secretary of State’s diversification strategy report and require a ministerial response no more than two months after the report’s publication. The new clause would therefore provide accountability for the diversification strategy’s progress and lead to real action, not just talk.
It has been said that
“it is essential that we create a more diverse and competitive supply base for telecoms networks”
because reliance on two providers creates “an intolerable resilience risk”. Those are not my words, but the words of the Secretary of State. Members from across the House agree that we cannot have a robust and secure network with only two service providers. That is something we were repeatedly told in the evidence sessions. The chief technology officer of BT Group, the director of emerging technology at Ofcom and the former head of cyber-security at GCHQ think so, and even the Secretary of State thinks so, yet the lack of link between the diversification strategy implementation and the security of our networks is ongoing cause for concern. Now we have the chance to take action, and I am glad to offer the Minister the opportunity to put this right.
This is not new information. The dependence of our telecoms networks on diversifying the supply chain was set out in the 2019 telecoms supply chain report. A leak from that report caused a Cabinet resignation, so important was it considered to be. Unfortunately, in the intervening year and a half, the Government have failed to act, refusing to take the necessary steps to ensure the diversification of our national supply chain, leaving us at real risk of being short-changed on national security. I emphasise, once again, that we place national security at the heart of everything that we do in this Committee.
The UK defence industry seeks to encourage, support and create markets for UK small and medium-sized enterprises, supporting the very best in innovation and helping innovative small and medium-sized enterprises to grow. We would like to see the UK’s telecommunications industry do likewise, to ensure a sovereign security capability. We want the Bill and the diversification strategy to create significant opportunities for UK businesses, linking them to global supply chains.
I welcome the Government’s diversification strategy. After all, I have been calling for a strategy to grow and diversify our telcoms sector for a long time—even before I came to this House. Although the Government have been talking about such a strategy for some time—there was an awful lot of talk about a diversification strategy and bigging it up before it was published—as is often the case with this Government, the strategy that was published was a bit of a disappointment. It lacked the clear commitment and funding that one would expect to find in any effective strategy.
The £250 million committed by the Government over five years came with little detail on how it would be spent. I have now had assurance that the funding is focused on integration and testing facilities, which are necessary, but there is no emphasis on supporting research and development, and particularly supporting our start-ups in the telecommunications sector. In the evidence sessions, Mike Fake of Lumenisity highlighted that the first year of the £250 million diversification funding was equivalent to only 10% of BT’s annual research and development budget. This is not the bold action of a Government committed to network diversification and our telecommunications security.
The diversification strategy declares itself
“a clear and ambitious plan to grow our telecoms supply chain while ensuring it is resilient to future trends and threats.”
That is a bold ambition. It says it will do that by focusing on three main areas:
“Supporting incumbent suppliers to ensure their resilience and ability to supply the market in the near term, while supporting their transition into the emerging market structure; attracting new suppliers into the UK market to build resilience and competition, prioritising deployments that are in line with our longer term vision; accelerating open-interface solutions and deployment so that we are not reliant on any single vendor and begin to realise our long term vision for a more open and innovative market.”
These are all highly laudable. They are not easy. I recognise the challenge that the Government face. As we discussed in the evidence sessions, this comes after decades of neglect of sovereign capability, not only in the UK but by other countries, which is why we find ourselves with only two vendors, both from Scandinavian countries, and no UK, US or other European capability.
We have heard just how difficult this challenge will be. Will the Minister tell me how we can possibly achieve that bold ambition if we fail to monitor the impact of the strategy? We need an annual report on the progress made by the diversification strategy, so that we can apply appropriate parliamentary scrutiny. After all, the strategy commits the Government to regular reports on progress, which is what the new clause asks for, while adding a focus on the diversification strategy’s impact on our national security. That is what it is all about. The Secretary of State tells us that the Government are implementing one of the toughest telecommunications security regimes in the world, but why is there to be no scrutiny applied to this key part of the regime?
When I asked the Minister in parliamentary questions why the diversification taskforce was not diverse in terms of geography—it includes no one from north of Watford—or discipline, having on it no equipment supply chain expertise, I was told that geography did not matter, and that the taskforce was focusing on cyber-security skills. To be fair, the Minister did say that Ian Livingston, the chair, was Scottish, but I think he will acknowledge that he has not lived in Scotland for some time. Geography does matter. We need to build up concentrations of skills and expertise—clusters. Cyber-security is very important, but focusing on it suggests that we are not serious about developing sovereign capability in other very important areas.
We are agreed that diversification is essential, and I hope that we are agreed that that should include UK capability. We also agree that it is challenging. How do we do it? In an evidence session, Professor Webb said:
“If I wanted to diversify, I would instruct the telecoms operators to diversify. I would not try and pull the levers one step removed. I would say to the telecoms operators, either with a carrot or a stick, ‘You must diversify. If you have x number of vendors in your network, I will give you £x million as a carrot.’ The stick might be some kind of licence condition that said, ‘In order to meet your licence, you have to have at least x number of vendors in your network.’”––[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 73, Q87.]
We also heard from Chris Jackson, who said:
“Incentives definitely play a part in this; to comment on Japan for a moment, I know the Japanese Government have incentivised companies to embrace open RAN, and that might well explain why companies such as Rakuten and NTT DOCOMO have been very successful in launching the technology. That proves it can be done and shows that where there is a willingness, there is a way, but if we can drive all those different parties coming together, that is how we will get traction.”––[Official Report, Telecommunications (Security) Public Bill Committee, 14 January 2021; c. 38, Q43.]
The Government have chosen not to do that. They have chosen to focus on big sticks for security, as set out in the Bill, such as designations, enforcements and fines of up to 10% of turnover, but they have left diversification very much to the market, providing it with a sweetener of £250 million over five years. Surely we have a right—indeed a duty—to monitor how and whether that is successful.
We heard in the evidence sessions that we have significant national promise in terms of capability. Dr Andy Sellars, the strategic development director for the Compound Semiconductor Applications Catapult, said:
“In the UK we have something like 5,000 companies that design and manufacture electronic systems. Something like 600 of them are involved in telecoms. I am not suggesting that all of those 600 become equal players. That would be a crazy scenario. But there are certainly some parts of the telecom network where the UK is pre-eminent. There are some backhaul and fibre technologies that we are very good at. As we deploy 5G into rural communities, that is likely to require low Earth orbit satellites; we are very good at satellite communications.”––[Official Report, Telecommunications (Security) Public Bill Committee, Tuesday 19 January 2021; c. 109, Q142.]
I will give the Minister a specific example of both the opportunity and the challenge, which I hope he will respond to equally specifically. I am very pleased to say that the example comes from my constituency of Newcastle upon Tyne Central: INEX, which is leading the UK’s drive for a sovereign radio frequency and communications gallium nitride semiconductor—an important semiconductor capability for telecommunications.
As the Government deliver our strategy across all these areas, we will be making announcements and providing regular updates as required. That approach, rather than the one the hon. Lady seeks through the new clause, will enable us to provide up-to-date and timely information on progress. With that, I hope she will be content that there is plenty in the diversification strategy that will deliver what she wants, but it is not an issue for the new clause.
Chi Onwurah
I thank the Minister for his comments; having spoken for so long myself, I was reluctant to interrupt him. I am pleased that he has clarified that the £250 million is over three years, as opposed to being over five years—I had not seen that before. That is welcome, and I anticipate further funding.
However, the Minister says that the Government cannot legislate for the diversification of the network. Why not? The Government can legislate to break up consolidation in other markets, and they have legislated to do so—for example, competition law does exactly that. We heard in evidence sessions from some who felt that diversification could be achieved only through direct intervention. He implies that I am arguing that diversification delivers telecoms security on its own, but I am not arguing that. I am arguing that it is necessary though not sufficient—clearly, other methods are needed.
The Minister suggests that diversification is one of many things that Ofcom can report on, if it so chooses. That is equally important, but let us be clear that it was the diversification of a supply chain that was the critical report—a report so important that the current Secretary of State for Education was forced to resign because of its leaking, which is why we are here today. The diversification of the supply chain is absolutely critical.
The Minister says that we heard from operators that were committed to diversification, but we also heard that there were real challenges in their commitment to diversification. We would not be where we are today if they were so committed to diversification of their supply chain. That is why there is a need for incentives and intervention. On that basis, it is important to test the will of the Committee on the new clause.
Question put, That the clause be read a Second time.
The Chair
Mr Jones, new clause 7 has already been debated. Do you want to put it to a Division?
The Chair
I realise that this will come as a devastating blow to all of you, but the final question I must put is that—
Chi Onwurah
On a point of order, Mr McCabe. I put on the record my gratitude, and that of my right hon. Friend the Member for North Durham and my hon. Friend the Member for City of Chester, to you and your colleague, Mr Hollobone, for the way in which you have expertly chaired proceedings in the Committee. I also sincerely thank all House staff who have supported our work here, including those representing Hansard, and particularly the Clerks, who have been absolutely invaluable in setting out our desires to improve the Bill in clear and orderly amendments and new clauses.
I also thank all members of the Committee from both sides of the House. This detailed, technical Bill is critical for our national security, coming at a time of national crisis, when we are braving—all of us: staff and Members—a pandemic in order to be here. We have had an orderly and constructive debate.
Matt Warman
Further to that point of order, Mr McCabe. What fun we have had! It is a pleasure to come to this point in the Bill’s passage. I echo the hon. Lady’s thanks to the House staff and to yourself, Mr McCabe, and Mr Hollobone. I also reiterate her point that this is a crucial Bill—one that I am glad enjoys cross-party support. I look forward to debating its further stages in the House.
Bill, as amended, to be reported.
Telecommunications (Security) Bill (Seventh sitting)
Chi Onwurah Excerpts(3 years, 4 months ago)
Public Bill CommitteesRead Full debate Read Hansard Text Read Debate Ministerial Extracts
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
It is a pleasure to be back under your chairmanship, Mr Hollobone. As we discussed during the debate on amendments to this clause in our previous sitting, clause 6 inserts proposed new sections 105N to R, providing Ofcom with strengthened powers to assess whether providers of public electronic communications networks and services are complying with their security duty. These powers are vital to enable Ofcom to fulfil its expanded and more active role, giving it the tools to monitor and assess providers’ compliance with the new telecoms security framework and providing the basis for commencing any enforcement action.
Proposed new section 105O provides the power to give assessment notices to a provider. Assessment notices may impose a duty on a provider to do a number of different things, which I will briefly summarise. First, providers can be required to carry out, or arrange for another person to carry out, technical testing in relation to their network or service. Secondly, they can be required to make staff available to be interviewed, enabling Ofcom to gain insights into how a provider’s security practices and policies are implemented.
Thirdly, providers can be required to allow an Ofcom employee or an assessor authorised by Ofcom to enter their premises to view documents or equipment. I recognise that that is a significant power, but it is necessary. It is subject to certain restrictions to protect legally privileged information and to limit entry to non-domestic premises only. To provide clarity for telecoms providers, Ofcom will also publish guidance setting out how and when it will use the power. Importantly, providers have a right of appeal.
The powers of assessment set out in the clause are key to enabling Ofcom to carry out the effective and extensive monitoring and assessment of providers’ security practices that is necessary.
Chi Onwurah (Newcastle upon Tyne Central) (Lab)
It is a pleasure to serve under your chairmanship, Mr Hollobone, and to come back to this important Bill. I thank the Minister for writing to me and reassuring me on certain matters relevant to the clause. We accept the need for Ofcom to have powers to require information from vendors, but we would like a specific requirement whereby Ofcom can ask vendors for information on the diversity of their supply chains. I will leave further discussion on that for our new clauses. I will support this clause.
Question put and agreed to.
Clause 6 accordingly ordered to stand part of the Bill.
Clause 7
Powers of OFCOM to enforce compliance with security duties
Question proposed, That the clause stand part of the Bill.
The Chair
With this it will be convenient to discuss the following:
Clause 8 stand part.
Clause 9 stand part.
Clause 10 stand part.
Matt Warman
I will seek to move relatively rapidly through these four clauses.
Clause 7 provides Ofcom with enforcement powers in relation to providers’ security duties. The Bill gives Ofcom new powers to impose tough financial penalties on providers who breach their security duties. The penalties range to a maximum fine of 10% of a provider’s annual turnover, which is in line with the maximum fines available for breaching other regulatory requirements. For continuing contraventions, Ofcom can levy a daily penalty of up to £100,000. Penalties that are generally lower than that but still significant will also apply for contravening information requirements, which are subject to a maximum penalty of £10 million or, for a continuing contravention, a penalty of up to £50,000 per day. These penalties ensure that there will be a real financial deterrent to poor security practices. I should also say that, in the most serious cases, or in cases where a provider repeatedly contravenes its security duties, Ofcom would be able to use existing powers to suspend or restrict the provider’s entitlements to provide a network or service. Clearly, that is a step that we hope the regulator will never need to take.
The clause also gives Ofcom an important new power to take action where security is being compromised or is at imminent risk of being compromised. Proposed new sections 105U and 105V of the Communications Act 2003 would enable Ofcom to direct a provider to take interim steps to secure its network or service while Ofcom investigates or pursues further action. This power recognises that contravention of a security duty could result in a security compromise that causes real damage to users of that network or service. Where Ofcom uses that power, it will be required to commence and complete the enforcement process as soon as is reasonably practicable. The clause gives Ofcom the tools it needs to effectively enforce compliance with the new security framework.
Clause 8 sets out the position for bringing civil claims against providers who breach their security duties, which is a matter we touched on in earlier debates. It enables providers to be held accountable not just by Ofcom but by service users, such as members of the public, in cases where loss or damage is sustained by those users as the result of a breach of a duty. Providers owe a duty to any person who may be affected by a contravention of their security duties to take security measures, to comply with specific security duties in any regulations and to inform users of security compromises.
This clause allows any affected person to take legal action should providers breach those security duties. However, any affected person can bring legal proceedings against a provider only with the consent of Ofcom, which may be subject to conditions relating to the conduct of the legal action. This reflects the existing position in the Communications Act 2003 and ensures that providers face legal action only in appropriate circumstances. The clause also makes providers responsible to their users, providing another source of accountability. It allows users to bring legal claims for any losses they have suffered, which is only fair and reasonable.
Clause 9 addresses the interaction between provisions in the Bill and other legislation, specifically national security, law enforcement and prisons legislation. The security duties created by the Bill do not conflict with duties imposed on communications providers by other legislation via these clauses. Equally, we do not want the Bill to affect adversely the important work carried out by our law enforcement agencies, criminal justice authorities and intelligence agencies. The clause gives that clarity to providers about their responsibilities.
Finally, clause 10 requires that Ofcom publish a statement of policy about how it will fulfil its general duty and use specific powers to ensure that providers comply with their security duties. This will provide welcome clarity to industry about the expected use of important new powers. I beg to move that these clauses stand part of the Bill.
Chi Onwurah
I will not detain the Committee long, as we are cracking on through the clauses. I will only emphasise that these clauses give Ofcom broad powers—very broad powers—and measures of enforcement, as well as placing duties on the network operators to all users of their network services. We support these broad powers, but it is incumbent on the Minister and indeed on the Committee to consider whether those powers will receive sufficient scrutiny, and sufficient oversight and input from our security services. We anticipate debating those particular questions in more detail later today. In the meantime, we will not stand in the way of these clauses standing part of the Bill.
Question put and agreed to.
Clause 7 accordingly ordered to stand part of the Bill.
Clauses 8 to 10 ordered to stand part of the Bill.
Clause 11
Reporting on matters related to security
Chi Onwurah
I beg to move amendment 14, in clause 11, page18, line 26, at end insert—
“(aa) an assessment of the impact on security of changes to the diversity of the supply chain for network equipment;”
This amendment requires that network supply chain diversification is included in Ofcom reports on security.
The Chair
With this it will be convenient to discuss the following:
Clause stand part.
Clause 12 stand part.
Clause 13 stand part.
Chi Onwurah
We start this debate where we ended our sitting on Thursday, on the diversity of the supply chain. But this is not groundhog day; this is a very different aspect of the diversity of the supply chain. I hope the Minister has noticed that there are three themes to our amendment: national security, diversity of the supply chain and appropriate scrutiny. Those are our key concerns about the Bill as it stands.
We wish to see the Bill debated as speedily as possible. For the record, I reiterate my concern that, in the midst of a pandemic lockdown, where the advice is to stay at home, the Leader of the House requires that Members of Parliament should congregate in one room for several hours. With that in mind, we are cracking on as quickly as possible, and we have made significant progress only this morning. However, we feel strongly that, given the speed at which we are providing the appropriate scrutiny, more time should be devoted to debating the Bill on the Floor of the House. We are cracking on in order to protect, as far as we can, the public health of Members of Parliament, staff, House officials and Clerks, who are doing an amazing job in the midst of a pandemic.
Clause 11 makes provision for reporting by Ofcom on security matters. That includes a duty to provide an annual security report to the Secretary of State. Amendment 14, in my name and those of my right hon. and hon. Friends, requires that network supply chain diversification is included in Ofcom’s report on security. As I said, we anticipate having a broader debate this afternoon on the importance of the diversification of the supply chain to security, as part of the debates on our new clauses, so I will only summarise our key points and concerns now.
This amendment follows amendment 13, which sought to give Ofcom the power to request reports from operators on their supply and the progress of their supply chain diversification. We support steps to remove high-risk vendors from the UK networks, but they must go hand in hand with credible measures to diversify the supply chain. I am afraid it remains the fact that we have no reference to the diversification of the supply chain in the Bill, despite the fact that, as I will briefly outline, both the Secretary of State and experts during our evidence sessions emphasised that we could not have network security without effective diversification.
We cannot have a robust and secure network with only two service providers. Supply chain diversification is absolutely vital to protecting our national security. If a vulnerability exists in one vendor or service provider, that intrusion may be limited to that one vendor or service provider alone. A diversity of suppliers in the supply chain limits the exposure of vital information. This amendment ensures that network supply chain diversification is addressed in Ofcom’s report on security. My key question to the Minister is, how can Ofcom report on security if it is not reporting on supply chain diversification?
The Minister may well say that Ofcom has the power to report on supply chain diversification and to request information on supply chain diversification. As I have said on a number of occasions, the powers in the Bill are broad. That is why effective scrutiny requires some specification of what will be reported upon.
The security report to the Secretary of State should be made as
“soon as practicable after the end of each reporting period”
and
“must contain… information and advice… to assist the Secretary of State in the formulation of policy”.
It must also include the extent to which providers have complied with security duties. That is as an example of some of what may be included in the security report. Given that the Secretary of State has said on a number of occasions that supply chain diversification goes hand in hand with the security of the network, it is essential that supply chain diversification is specifically mentioned in the Bill, so that we can have accurate and detailed reports from Ofcom on key aspects of network security.
The amendment will help provide the Secretary of State with the information to update Parliament on the progress of the Government’s diversification strategy, depending on Ofcom’s findings. The Secretary of State has promised to give Parliament such updates, so this is an enabling amendment to ensure that the Secretary of State has the information he needs to provide the reporting that he has committed to.
In support of the amendment, I would like to cite one of the witnesses in our evidence sessions. Dr Alexi Drew, from Kings College, London, was asked whether it was possible to have a secure network without a diverse supply chain, and answered:
“That is a great question that comes with a very simple answer: no. The worst-case scenario for creating a risk in this sense is when monopoly meets supply chain—insecure supply chain in this case. Arguably, the reason why SolarWinds was so successful is that it provided the same service to so many different organisations and departments in the United States. Therefore, if you access one—SolarWinds—you access almost all. That is the risk.”—[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 87, Q110.]
That is a risk that, I am sorry to say, the Bill currently does not sufficiently address. I hope that, by accepting this amendment, the Minister will recognise that we are, as always, seeking to improve the Bill and to ensure that it provides a credible and effective means to secure our networks.
With regard to clauses 11, 12 and 13 stand part, we recognise the importance of providing Ofcom with the appropriate powers to request information, but also to share information related to security. In that respect, these provisions are ones that we can support.
Matt Warman
I welcome the spirit of the amendment. I think that the hon. Lady and I share the same ambition. I know that she wants to have the proper debate later, so we look forward to that.
Clause 11 inserts into the Communications Act 2003 proposed new section 105Z, which deals with Ofcom’s reports on security. It requires Ofcom to produce such reports within two years of the Bill receiving Royal Assent and every 12 months thereafter. As the hon. Lady said, amendment 14 is similar to the amendment to clause 6 that we discussed previously. Ultimately, when considering Ofcom’s role and specifically its reporting function, we should note that proposed new section 105Z(2) requires Ofcom security reports to include such information and advice as Ofcom considers may best assist the Secretary of State in the formulation of policy on telecoms security. That could go beyond the list in proposed new subsection (4) to include other relevant information, such as that related to diversification. The Secretary of State can also direct Ofcom to include information that goes beyond that list.
As the Committee and, indeed, Ofcom will be well aware, the Government have recently published a targeted diversification strategy, which will deliver lasting and meaningful change in the 5G supply chain and pave the way for a vibrant, innovative and dynamic supply market. We heard widespread support for the strategy from witnesses during the oral evidence sessions. The strategy demonstrates our commitment to building a healthy supply market and is backed by a £250 million initial investment.
We have publicly announced that the Government will be funding the creation of a UK telecoms lab to research and test new ways of increasing security and interoperability, and we are already partnering with Ofcom and Digital Catapult to fund the industry-facing test facility SONIC—the SmartRAN Open Network Interoperability Centre. Both of those will play a key part in our investment in diversification and demonstrate Ofcom’s existing part in it.
As already mentioned, amendment 14 would require Ofcom to include in its security reports
“an assessment of the impact on security of”
any
“changes to the diversity of the supply chain for network equipment”.
As that requirement is already essentially covered by Ofcom’s existing powers, the amendment is not necessary. The inclusion of any such information is already within Ofcom’s discretion, but I am sure that we will discuss it more later on, as the hon. Lady said.
Clause 12 expands Ofcom’s information-gathering powers for the purposes of its security functions and enhances its ability to share the information with the Government. It enables Ofcom to require a provider to produce, generate, collect or retain security information, and then to analyse that information. Any information sought using this power must always be proportionate to how Ofcom will use it.
Clause 13 makes provision in connection with the standard of review applied by the Competition Appeal Tribunal in appeals against certain of Ofcom’s security-related decisions. Ofcom’s regulatory decisions are subject to a right of appeal to the tribunal, and that will also be the case for most of Ofcom’s decisions relating to the exercise of its regulatory powers conferred by the Bill. This clause makes provision to ensure that the tribunal is not required to modify its approach in appeals against relevant security decisions, and should instead apply ordinary judicial review principles.
I hope that I have sufficiently explained to the Committee why amendment 14 is unnecessary and why clauses 11 to 13 as drafted should stand part of the Bill.
Chi Onwurah
I thank the Minister for his comments. Although we agree on many things in many areas, I think that in this case he is trying to have his cake and eat it, inasmuch as he is saying that amendment 14 is not necessary because Ofcom already has the powers, but he is reluctant or is refusing to specify that those powers will be used for the objective of reporting on the progress of diversification of the supply chain. It was good to hear the Minister reiterate the importance of diversification of the supply chain, but I remain confused about whether he agrees with the evidence and, indeed, with his own Secretary of State that diversification of the supply chain is a prerequisite of the security of our networks and, indeed, our national security—that is what we are discussing with regard to our telecoms networks. If diversification is a prerequisite, why is the Minister so reluctant to refer to it? If he is so confident in the plan to diversify our supply chains, why is he so reluctant to insert any requirements to report on the progress of that diversification?
I listened intently: the Minister said that Ofcom has the powers to report on whatever it considers to be relevant to security. During the evidence session, we heard from Ofcom itself, very clearly and repeatedly, that it is not for Ofcom to make decisions on national security. It will not make national security decisions. That is not within its remit and responsibilities; the witnesses from Ofcom stated that repeatedly and clearly. I would be happy to read from Hansard if that point is in question. Given that Ofcom will not make security decisions and that the diversification of the supply chain is essential for security, I am at a loss to understand why the Minister will not accept a reference to reporting on the progress of diversification. Although, unfortunately, the pandemic means that we are not at full strength on the Opposition side of the Committee, I wish to test the will of the Committee on the amendment.
Question put, That the amendment be made.
Clause 11 ordered to stand part of the Bill.
Reviews of sections 1 to 13
Chi Onwurah
I beg to move amendment 15, in clause 14, page 21, line 28, leave out from beginning to end of line 30 and insert—
“(3) The reports must be published not more than 12 months apart for the first 5 years, then not more than 5 years apart.
(4) The first report must be published within the period of 12 months beginning with the day on which this Act is passed.”.
This amendment requires the Secretary of State to report on the impact and effectiveness of clauses 1 to 13 every year for the first five years after the Act is passed, and then every five years following.
The amendment reflects another of our key concerns about the Bill, which is the level and extent of appropriate scrutiny for such broad and sweeping powers. It seeks to ensure appropriate scrutiny. Clause 14 requires the Secretary of State to review the impact and effectiveness of clauses 1 to 13 at least every five years. Our amendment would require the report to be published every year for the first five years after the legislation is passed, and then up to every five years after that.
As we have said, the Bill gives the Secretary of State and Ofcom sweeping powers. We want to ensure both that they are proportionate and that there is accountability. As we have previously emphasised, we are sure that the Minister and the Secretary of State are inclined to exercise the powers in a proportionate and accountable way, but they will not be in their posts forever, and perhaps not for the entire first five years of the legislation’s operation, so it is important that the Bill requires that Parliament be able to scrutinise its effectiveness, as that is so important to our national security. In that sense, this amendment follows amendments 5, 9 and 10 with respect to the requirement for appropriate oversight and accountability.
I emphasise—I am sure that you will understand, Mr Hollobone—that in some ways we are here because of a lack of effective parliamentary scrutiny of the presence and growth of high-risk vendors in our networks. It was only when Parliament became aware of and was able to give its full-throated input on concerns about the dominance of high-risk vendors in our telecommunications market that the Government took action. We do not want to be in the position of finding again that there has been a dramatic change in the security of our networks without appropriate scrutiny.
Clause 14 states that the Secretary of State must
“carry out reviews of…impact and effectiveness”
and that the report must be laid before Parliament for parliamentary scrutiny. However, we are to wait up to five years before it will be made possible to give parliamentary scrutiny to a Bill that is so important to national security, as both the Minister and the Secretary of State, and indeed the security services, have emphasised. We are not to review its effectiveness for five years.
Sara Britcliffe (Hyndburn) (Con)
Does not the clause state that the period is up to five years? The review could be done during that period; it would not have to be at the five-year mark every time.
Chi Onwurah
The hon. Lady is absolutely right. The clause enables the Minister or Secretary of State to choose to lay a report more frequently. Again, I do not want to impute anything against the Minister or the Secretary of State, but given the importance of the subject and of parliamentary review, why not ensure that it is more frequent?
I am sure that the hon. Lady will agree that Parliament has many things to consider, and so does the Secretary of State. There is competition for parliamentary time, particularly in a pandemic and in view of the challenges that we shall face in the next few years. How can I put this? We have concerns that the priority may slip in the face of, for example, economic challenges, investment challenges and recovery challenges. We want to be sure what is happening. We are the party of national security and we want to ensure that, in this context, national security is brought to Parliament to be debated, discussed and reviewed at least every year.
I have outlined the importance of parliamentary scrutiny as part of our wish to do that, but we should also consider what might happen in the next five years, before the first review mandated by the Bill. We have seen vast technical, technological and geopolitical shifts in the last five years. We face security challenges from China and Russia, and terrorist threats in a complex security environment. I am sure the Minister does not anticipate that those hostile actors against whom the measures in the Bill securing our networks are primarily directed will not respond; they will do so. We cannot imagine that we will take these measures to secure our networks against those who seek to attack or undermine our telecommunications capability in their own interests and they will not respond in some way. As it stands, the first review of that response could be five years after it has happened.
Matt Warman
I listen with interest to the points that the hon. Lady makes, and to the assertion that she is a member of the party of national security. I welcome her to this side of the House, if that is the case. [Interruption.] Thank you, but no.
As the hon. Lady says, clause 14 is a review clause requiring the impact and effectiveness of clauses 1 to 13 to be reviewed at least every five years by the Secretary of State. The review report must be published and laid before Parliament, but it is by no means the only source of parliament scrutiny, as she knows. Her amendment would increase the frequency of these reports to every year for the first five years after the Bill is passed and then every five years thereafter.
Increasing the frequency of the reports would bring its own challenges for a number of reasons. First, the framework is considerably different from the previous security regime in the Communications Act 2003. It seems to me that we will not be able fully to assess the impact and effectiveness of the new security regime instituted by clauses 1 to 13 until all parts of the framework, including secondary legislation, codes of practice and other things, have been in place for a reasonable period of time. The code of practice that will provide guidance on the detailed security measures that telecoms could take is intended to set clear implementation timelines. Some measures may require significant operational change, as we heard in the evidence sessions for telecoms providers, and we are aware that that may be costly. For that reason, we cannot reasonably expect all changes to be implemented instantly or, indeed, all necessarily at the same time.
There is a further practical difficulty with the amendment. If the first report is to be produced 12 months after Royal Assent, it will require the review to be undertaken well in advance of that deadline. That means that the report will represent an incomplete picture of the Bill’s impact, even at its very first production. Some measures will not even have been implemented by telecoms providers.
My hon. Friend the Member for Hyndburn was exactly right that the current requirement for publishing reports is at least—rather than at most—every five years. We have been deliberate in our choice of this timeframe because five years is the reasonable point by which we expect the majority of telecoms providers to have implemented most, if not all, changes. It is therefore considered appropriate to require a report on the impact and effectiveness of the framework by that time. I recognise that five years is a long time. That does not mean that the framework will be free from scrutiny in the intervening period. As clause 11(3) sets out, the Bill amends section 134B of the Communications Act so that Ofcom’s regular infrastructure reports will include information on public telecoms providers’ compliance with the new security framework. Ofcom publishes the reports annually, rendering the amendment unnecessary.
Chi Onwurah
On a point of clarification, I have the impression that the Minister anticipates that the first report under the Bill would only happen once all the requirements had been implemented. I think that that implies that it would only happen once a high-risk vendor, specifically Huawei, had been removed from the network.
Matt Warman
No is the short answer, because while this is a progress report, five years from 2021 is 2026—the deadline is 2027, even at the most extreme end, which is not where we anticipate it will end up—and it would be before the point that she identifies.
The infrastructure reports from Ofcom will help to provide Parliament and the public with a view on how telecoms providers are progressing with compliance with the new framework. As I alluded to earlier, they are not the only means of parliamentary scrutiny. We have the Intelligence and Security Committee and we have Select Committees. I suspect that there might be one or two debates on this matter over the next five years as well. To pretend that this is the only method of parliamentary scrutiny is not accurate.
Chi Onwurah
If the Minister will give way briefly, he may find it saves time. To clarify: for the first report we will not necessarily have to wait until all the provisions of delegated legislation associated with the Bill are in place. As for the infrastructure reports that Ofcom publishes, to which he refers as a form of alternative scrutiny, will they, might they or will they not reflect progress in the diversification of the supply chain?
Matt Warman
The hon. Lady asks me to predict what is in a report that has not been written yet by an organisation that is not a Government Department. I agree with the principle of what she is saying. This is an important aspect and one would reasonably expect it to be reflected in the reports that we have talked about. It is, however, important overall to say that Ofcom’s own regular infrastructure reports will, as I have said, include information on public telecoms providers’ compliance with the new security framework, which is the broadest interpretation and gives a huge amount of latitude for the sorts of information that she seeks. I hope that those infrastructure reports will help to provide Parliament with the kind of scrutiny that she seeks, and the public with the kind of scrutiny that we all seek. [Interruption.] For those reasons I hope that she will withdraw the amendment.
Chi Onwurah
I thank my right hon. Friend the Member for North Durham for an exciting intervention from his phone, and I thank the Minister for his comments. As I think I have said, I spent six years working for Ofcom with the Communications Act 2003 on my desk. I know the importance that our independent regulator places on the words of the Minister during such debates as this. As he has indicated that the reports would do well to include reference to everything that appertains to security, including the diversification of supply chain, I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Clause 14 ordered to stand part of the Bill.
Clause 15
Designated vendor directions
Chi Onwurah
I will speak to amendments 18 and 19, standing in my name and those of my hon. Friends, and to clauses 15 to 17. As the Minister set out, the clauses are about key powers in the Bill that seek to secure our networks and to regularise requirements already in place, albeit informally or not legally, to remove Huawei as a specific high-risk vendor from our networks. The clauses give Government the powers to do what they have said they will do.
On the clauses, I will not repeat what the Minister said, and I congratulate him on clearly setting out their powers, which the Opposition believe are necessary. I also join the Minister and my right hon. Friend the Member for North Durham in paying tribute to our security services, which do such great work to keep us secure across a wide range of threats and challenges—both present and evolving—and on whose continued work and effectiveness the Bill is highly dependent. As my right hon. Friend set out, we want to ensure that national security is absolutely at the heart of the Bill.
As the Minister set out, the clauses are rightly not specific to Huawei or any vendor or country of origin. It is also important, as the Minister clarified to me in a letter, that they sit in addition to the current process for identifying and designating high-risk vendors and then issuing designated vendor directions, which set out how a designated vendor is to be treated and are critical to ensuring that we do not again find ourselves in a position where we have a high-risk vendor dominant in our telecommunications networks.
The Chair
Order. The hon. Lady has done really well, but we are not debating clause 17 stand part. She can refer to the other clause if she wishes.
Chi Onwurah
Thank you for the clarification, Mr Hollobone. I see that we are discussing whether clauses 15 and 16 stand part. I support those clauses and look forward to the Minister’s response to the amendment.
Matt Warman
I pre-emptively covered a lot of the hon. Lady’s questions, but I will say two brief things. She talked about consolidation in the cloud sector. While the Bill is very much a national security Bill, the National Security and Investment Bill would cover consolidation in that sort of sector, rather than this one. Obviously they do work together.
Chi Onwurah
The point I am making—clearly, I did not make it effectively—is that that sector is becoming this sector. The cloud sector is becoming the telecoms sector. The reason we need this Bill in addition to the National Security and Investment Bill is to address the security concerns of the telecoms sector specifically. The cloud sector is becoming part of the telecoms sector, yet the Bill does not address those concerns.
Matt Warman
The hon. Lady is not wrong, obviously, in the sense that there is a potential conversation to be had about when a cloud provider is a telecoms provider and vice versa, if I can put it like that, although it is not the most elegant way of doing so. However, the point is that the reason we have comprehensive coverage of the landscape is because we have both the National Security and Investment Bill, which she debated recently, and this Bill. The broad powers that she described are intended to provide precisely that sort of coverage.
Similarly, the hon. Lady referred to the length of the list in clause 16 of matters that can be taken into consideration. That relates to the point I made previously, namely that the sorts of issues that she is talking about, such as data flows, are already covered in the long list. The list is as long as it is because it is intended to look to the future. Therefore, being prescriptive in the way that she describes is fundamentally unnecessary. We are not excluding what she wants to be on the list. A matter is already very much there if it is pertinent to national security. For that reason, I do not think there is a compelling case to add that single topic to the list, both because it is already there and because if we start going down that route, we could make the case for adding a host of other things that are already covered but that people might want to be mentioned specifically.
As I said earlier on the convergence of the two sectors, the point is that we have comprehensive coverage through both Bills. It will be for the NCSC, Ofcom and the Government to make a judgment as to whether any consolidation in a sector poses a national security risk.
Mr Jones
My hon. Friend the Member for City of Chester said that we were going over old ground, and to a certain extent we are because some of the amendments reflect those that I moved last week.
May I say at the outset, Mr Hollobone, that the Minister has been an exemplar in engaging with and briefing the ISC? He has set something of a precedent; usually we have only Cabinet Ministers or Prime Ministers before us to give evidence. He is one of the few junior Ministers to have appeared before us, so I congratulate him. He did it because he wanted to engage with the issues. He must therefore be commended on his commitment to ensure that there is scrutiny. However—this is not to wish his demise, but to argue for his promotion—he will not be there forever. I think he does not quite understand why the Government are not at least moving on this.
The ISC’s remit is defined in the Justice and Security Act 2013. It sets out which Departments we cover, and the Department for Digital, Culture, Media and Sport is not one of them. However, as I said last week, security is increasingly being covered by other Departments, and this Bill is a good example. The National Security and Investment Bill is another one, where security decisions will be taken by the Secretary of State for Business, Energy and Industrial Strategy. Parliament must be able to scrutinise that.
If a high-risk vendor is designated as banned from the network by the Secretary of State for Digital, Culture, Media and Sport, there are perfectly good reasons why the intelligence behind that cannot be put into the public domain. The methods by which such information is acquired are of a highly sensitive nature, so it would not only expose our security services’ techniques, but in some cases would make vulnerable the individuals who have been the source of that information. I think most people would accept that that is a very good reason.
This sort of thing is happening increasingly. We have the two Bills that I have referred to, but we also have the Covert Human Intelligence Sources (Criminal Conduct) Bill, which will come back to the House tomorrow. Covert human intelligence and the ability to collect intelligence on behalf of our security services is very important. Most of that is covered by the Home Office, and covert human intelligence sources are covered by the ISC’s remit and can be scrutinised. However, there is a long list of other organisations that will be covered by tomorrow’s Bill, including—we never quite got to the bottom of this—the Food Standards Agency, for example. Again, how do we ensure that there is scrutiny of the decisions?
We also have—this has come out of the pandemic—the new biosecurity unit in the Department of Health. Again, there is no parliamentary scrutiny, because the Health and Social Care Committee will not be able to look at the intelligence that supports so much of that. An easy way out of this is in the Justice and Security Act 2013: the memorandum of understanding, which just means that, were our remit extended to look at this and other matters, the ISC could oversee and ask for the intelligence.
Having spoken to the Business Secretary and the Minister, who sympathises with us, I am not sure where the logjam is in Government. The point is that an amendment will be tabled in the Lords. Whether the provision is in the Bill or just in the memorandum of understanding between the Prime Minister and the ISC, it is easily done and would give confidence that the process at least had parliamentary oversight.
On many of these decisions, frankly, the oversight would not be onerous; we are asking only that we are informed of them. On some occasions, we might not even want to look at the intelligence. It might be so straightforward that, frankly, it is not necessary, so I do not think that it is an administrative burden. I cannot understand what the problem is. To reiterate what I said last week in Committee, it is not about the ISC wanting to have a veto or block over such things. It is, rightly, for the Government and the Secretary of State to make and defend those decisions.
It is also not about the ISC embarrassing the Government, because we cannot talk in public about a lot of the information that we receive. It is not as though we would publish a publicly available report, because of the highly classified nature of the information. However, the ISC can scrutinise decisions and, if it has concerns, write to the Prime Minister or produce a report for the Prime Minister raising them. That gives parliamentary scrutiny of the Executive’s decisions.
As I say, the report might not be made public. People might ask, “Would that be a new thing?” No—it happens all the time. For example, on the well-publicised Russia report this year, there was a public report with redactions in it and quite an extensive annex, which raised some issues that we were concerned about. That annex was seen only by individuals in Government, including the Prime Minister.
There is already a mechanism, so I fail to understand why the Government want to oppose this. From talking to Ministers privately, I think that there is a lot of sympathy with the position and I think that we will get there eventually. How we get there and in what format, I am not sure—whether the method is to put it in the Bill or to do it through the mechanism in the 2013 Act. That might be a way forward.
Chi Onwurah
I rise to support the excellent comments made by my hon. Friend the Member for City of Chester and my right hon. Friend the Member for North Durham. I did well to delay my remarks till after my right hon. Friend had spoken, because he has set out very effectively, based on his considerable experience as a long-standing member of the Intelligence and Security Committee, both why it is important that that Committee should be consulted and receive the reports, and why it is hard to understand the Minister’s reluctance both in this Bill and in the National Security and Investment Bill to involve a source of such credible security expertise and, importantly, security clearance in key issues of national security.
I want to add two points to those made by my right hon. and hon. Friends. The first is to reiterate a point made previously: our security threats are changing, evolving and, unfortunately, diversifying. We see that in changes to our defence spending, in changes in the national review of our defence capabilities, and in changes in the evolution of the geopolitical landscape—the potential source of threats. However, the Minister does not seem able to support reflecting that by ensuring that, rather than keeping to our existing modes of parliamentary scrutiny, we enable parliamentary scrutiny of issues of national security by those who are best placed to carry out such scrutiny—undoubtedly members of the Intelligence and Security Committee.
I want to point briefly to a discussion in the evidence sessions. Ofcom made it clear that it does not consider itself in a position to make national security decisions, which is understandable, and that some of the decisions and considerations about national security with regards to telecommunications networks would require people who have STRAP clearance. Ofcom’s group director for networks and communications pointed to the fact that she had had STRAP clearance previously, and she said that if the NCSC
“feels that that is needed for the type of information that we may need to handle, we would make sure that happened.”––[Official Report, Telecommunications (Security) Public Bill Committee, 14 January 2021; c. 90, Q115.]
To my knowledge, Digital, Culture, Media and Sport Committee members do not have STRAP clearance. I would like the Minister to comment specifically on the level of security clearance required for members of the Committee that he has identified as being the location for scrutiny of important issues of national security. What level of security clearance do its members have? Would that enable the scrutiny that we all agree is in the best interests of the Bill?
I would like the Minister to respond to a specific example. Amendments 20, 22, 23, 24 and 25 are designed to require that the Intelligence and Security Committee has access to the appropriate information. There is a requirement for the Secretary of State to lay before Parliament a copy of a designated vendor direction, as set out in clause 15, which inserts new section 105Z11 into the Communications Act 2003. The new section states:
“The Secretary of State must lay before Parliament a copy of—
(a) a designated vendor direction;
(b) a designation notice;
(c) a notice of a variation or revocation of a designated vendor direction; and
(d) a notice of a variation or revocation of a designation notice.”
So far, so good—we have that scrutiny. However, the new section also says:
“The requirement in subsection (1) does not apply if the Secretary of State considers that laying a copy of the direction or notice (as the case may be) before Parliament would be contrary to the interests of national security.”
My right hon. Friend the Member for North Durham alluded to occasions when, we can see, that would be the case. I should like the Minister to respond specifically. Imagine, for example, that through the work of our excellent security services we became aware that a telecoms start-up in this country or abroad was under the undue influence of someone hostile to our national interest, and its integrity was compromised, and that those who had come by the information did not want to share with the wider world how they had done so. Indeed, as my right hon. Friend said, sharing that information might compromise the means by which it was acquired. It might also have a significant impact on the stock market price of the company, and perhaps of other companies or British institutions that were invested in it. That information could not be shared publicly. Yet there could not be an understanding of the reason for the designation notice or effective scrutiny of it by Parliament unless the information was shared in some secure way. Surely that secure way would be sharing it with the ISC.
Chi Onwurah
We support clause 17 and our amendments are intended to make it more accountable to Parliament and therefore more successful and effective in securing our national security.
The Chair
Order. I misled the hon. Lady. We are now discussing amendments 20 and 22 to 25. When we finish the debate on those amendments, we will debate clause 17 stand part. The hon. Lady may want to save this part of her remarks until the next debate.
Chi Onwurah
Thank you, Mr Hollobone. It is sometimes confusing to know exactly what is being discussed at what point. With that, I ask the Minister to respond to our concerns about the scrutiny of the powers in the clause.
Matt Warman
I welcome the second salvo in the campaign to address this matter by the right hon. Member for North Durham. He said it would be an ongoing campaign.
This group of amendments would require the Secretary of State to provide information relating to a designated vendor direction or designation notice to the ISC. The amendments would require the Secretary of State to do this only where directions and designation notices had not been laid before Parliament, whether in full or in part, as a result of the national security exemptions in clause 17. It will not surprise the right hon. Member for North Durham or other Opposition Members that some of these short remarks will overlap with the conversation that we had earlier on a similar matter.
Amendment 20 would require designated vendor directions or designation notices to be provided to the ISC. Amendments 22 to 25 would require the Secretary of State also to provide the ISC with copies of any notifications of contraventions, confirmation decisions and so on. Although I recognise some Members’ desire for the ISC to play a greater role in the oversight of national security decision making across government, including in relation to this Bill, the amendments would, as the right hon. Member for North Durham knows, extend the ISC’s role in an unprecedented way. None the less, I thank his welcome for my unprecedented appearance.
As I said in the debate on amendment 9, the ISC’s primary focus is to oversee the work of the security and intelligence agencies. Its remit is clearly defined in the Justice and Security Act 2013, and the accompanying statutory memorandum of understanding, to which the right hon. Gentleman referred. I do not think he thinks it is my place to take a view on that role, and I do not think this Bill is the place to have that debate.
Telecommunications (Security) Bill (Seventh sitting)
Chi Onwurah ExcerptsTuesday 26th January 2021
(3 years, 4 months ago)
Public Bill CommitteesRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 26 January 2021 - (26 Jan 2021)
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
It is a pleasure to be back under your chairmanship, Mr Hollobone. As we discussed during the debate on amendments to this clause in our previous sitting, clause 6 inserts proposed new sections 105N to R, providing Ofcom with strengthened powers to assess whether providers of public electronic communications networks and services are complying with their security duty. These powers are vital to enable Ofcom to fulfil its expanded and more active role, giving it the tools to monitor and assess providers’ compliance with the new telecoms security framework and providing the basis for commencing any enforcement action.
Proposed new section 105O provides the power to give assessment notices to a provider. Assessment notices may impose a duty on a provider to do a number of different things, which I will briefly summarise. First, providers can be required to carry out, or arrange for another person to carry out, technical testing in relation to their network or service. Secondly, they can be required to make staff available to be interviewed, enabling Ofcom to gain insights into how a provider’s security practices and policies are implemented.
Thirdly, providers can be required to allow an Ofcom employee or an assessor authorised by Ofcom to enter their premises to view documents or equipment. I recognise that that is a significant power, but it is necessary. It is subject to certain restrictions to protect legally privileged information and to limit entry to non-domestic premises only. To provide clarity for telecoms providers, Ofcom will also publish guidance setting out how and when it will use the power. Importantly, providers have a right of appeal.
The powers of assessment set out in the clause are key to enabling Ofcom to carry out the effective and extensive monitoring and assessment of providers’ security practices that is necessary.
Chi Onwurah (Newcastle upon Tyne Central) (Lab)
It is a pleasure to serve under your chairmanship, Mr Hollobone, and to come back to this important Bill. I thank the Minister for writing to me and reassuring me on certain matters relevant to the clause. We accept the need for Ofcom to have powers to require information from vendors, but we would like a specific requirement whereby Ofcom can ask vendors for information on the diversity of their supply chains. I will leave further discussion on that for our new clauses. I will support this clause.
Question put and agreed to.
Clause 6 accordingly ordered to stand part of the Bill.
Clause 7
Powers of OFCOM to enforce compliance with security duties
Question proposed, That the clause stand part of the Bill.
The Chair
With this it will be convenient to discuss the following:
Clause 8 stand part.
Clause 9 stand part.
Clause 10 stand part.
Matt Warman
I will seek to move relatively rapidly through these four clauses.
Clause 7 provides Ofcom with enforcement powers in relation to providers’ security duties. The Bill gives Ofcom new powers to impose tough financial penalties on providers who breach their security duties. The penalties range to a maximum fine of 10% of a provider’s annual turnover, which is in line with the maximum fines available for breaching other regulatory requirements. For continuing contraventions, Ofcom can levy a daily penalty of up to £100,000. Penalties that are generally lower than that but still significant will also apply for contravening information requirements, which are subject to a maximum penalty of £10 million or, for a continuing contravention, a penalty of up to £50,000 per day. These penalties ensure that there will be a real financial deterrent to poor security practices. I should also say that, in the most serious cases, or in cases where a provider repeatedly contravenes its security duties, Ofcom would be able to use existing powers to suspend or restrict the provider’s entitlements to provide a network or service. Clearly, that is a step that we hope the regulator will never need to take.
The clause also gives Ofcom an important new power to take action where security is being compromised or is at imminent risk of being compromised. Proposed new sections 105U and 105V of the Communications Act 2003 would enable Ofcom to direct a provider to take interim steps to secure its network or service while Ofcom investigates or pursues further action. This power recognises that contravention of a security duty could result in a security compromise that causes real damage to users of that network or service. Where Ofcom uses that power, it will be required to commence and complete the enforcement process as soon as is reasonably practicable. The clause gives Ofcom the tools it needs to effectively enforce compliance with the new security framework.
Clause 8 sets out the position for bringing civil claims against providers who breach their security duties, which is a matter we touched on in earlier debates. It enables providers to be held accountable not just by Ofcom but by service users, such as members of the public, in cases where loss or damage is sustained by those users as the result of a breach of a duty. Providers owe a duty to any person who may be affected by a contravention of their security duties to take security measures, to comply with specific security duties in any regulations and to inform users of security compromises.
This clause allows any affected person to take legal action should providers breach those security duties. However, any affected person can bring legal proceedings against a provider only with the consent of Ofcom, which may be subject to conditions relating to the conduct of the legal action. This reflects the existing position in the Communications Act 2003 and ensures that providers face legal action only in appropriate circumstances. The clause also makes providers responsible to their users, providing another source of accountability. It allows users to bring legal claims for any losses they have suffered, which is only fair and reasonable.
Clause 9 addresses the interaction between provisions in the Bill and other legislation, specifically national security, law enforcement and prisons legislation. The security duties created by the Bill do not conflict with duties imposed on communications providers by other legislation via these clauses. Equally, we do not want the Bill to affect adversely the important work carried out by our law enforcement agencies, criminal justice authorities and intelligence agencies. The clause gives that clarity to providers about their responsibilities.
Finally, clause 10 requires that Ofcom publish a statement of policy about how it will fulfil its general duty and use specific powers to ensure that providers comply with their security duties. This will provide welcome clarity to industry about the expected use of important new powers. I beg to move that these clauses stand part of the Bill.
Chi Onwurah
I will not detain the Committee long, as we are cracking on through the clauses. I will only emphasise that these clauses give Ofcom broad powers—very broad powers—and measures of enforcement, as well as placing duties on the network operators to all users of their network services. We support these broad powers, but it is incumbent on the Minister and indeed on the Committee to consider whether those powers will receive sufficient scrutiny, and sufficient oversight and input from our security services. We anticipate debating those particular questions in more detail later today. In the meantime, we will not stand in the way of these clauses standing part of the Bill.
Question put and agreed to.
Clause 7 accordingly ordered to stand part of the Bill.
Clauses 8 to 10 ordered to stand part of the Bill.
Clause 11
Reporting on matters related to security
Chi Onwurah
I beg to move amendment 14, in clause 11, page18, line 26, at end insert—
“(aa) an assessment of the impact on security of changes to the diversity of the supply chain for network equipment;”
This amendment requires that network supply chain diversification is included in Ofcom reports on security.
The Chair
With this it will be convenient to discuss the following:
Clause stand part.
Clause 12 stand part.
Clause 13 stand part.
Chi Onwurah
We start this debate where we ended our sitting on Thursday, on the diversity of the supply chain. But this is not groundhog day; this is a very different aspect of the diversity of the supply chain. I hope the Minister has noticed that there are three themes to our amendment: national security, diversity of the supply chain and appropriate scrutiny. Those are our key concerns about the Bill as it stands.
We wish to see the Bill debated as speedily as possible. For the record, I reiterate my concern that, in the midst of a pandemic lockdown, where the advice is to stay at home, the Leader of the House requires that Members of Parliament should congregate in one room for several hours. With that in mind, we are cracking on as quickly as possible, and we have made significant progress only this morning. However, we feel strongly that, given the speed at which we are providing the appropriate scrutiny, more time should be devoted to debating the Bill on the Floor of the House. We are cracking on in order to protect, as far as we can, the public health of Members of Parliament, staff, House officials and Clerks, who are doing an amazing job in the midst of a pandemic.
Clause 11 makes provision for reporting by Ofcom on security matters. That includes a duty to provide an annual security report to the Secretary of State. Amendment 14, in my name and those of my right hon. and hon. Friends, requires that network supply chain diversification is included in Ofcom’s report on security. As I said, we anticipate having a broader debate this afternoon on the importance of the diversification of the supply chain to security, as part of the debates on our new clauses, so I will only summarise our key points and concerns now.
This amendment follows amendment 13, which sought to give Ofcom the power to request reports from operators on their supply and the progress of their supply chain diversification. We support steps to remove high-risk vendors from the UK networks, but they must go hand in hand with credible measures to diversify the supply chain. I am afraid it remains the fact that we have no reference to the diversification of the supply chain in the Bill, despite the fact that, as I will briefly outline, both the Secretary of State and experts during our evidence sessions emphasised that we could not have network security without effective diversification.
We cannot have a robust and secure network with only two service providers. Supply chain diversification is absolutely vital to protecting our national security. If a vulnerability exists in one vendor or service provider, that intrusion may be limited to that one vendor or service provider alone. A diversity of suppliers in the supply chain limits the exposure of vital information. This amendment ensures that network supply chain diversification is addressed in Ofcom’s report on security. My key question to the Minister is, how can Ofcom report on security if it is not reporting on supply chain diversification?
The Minister may well say that Ofcom has the power to report on supply chain diversification and to request information on supply chain diversification. As I have said on a number of occasions, the powers in the Bill are broad. That is why effective scrutiny requires some specification of what will be reported upon.
The security report to the Secretary of State should be made as
“soon as practicable after the end of each reporting period”
and
“must contain… information and advice… to assist the Secretary of State in the formulation of policy”.
It must also include the extent to which providers have complied with security duties. That is as an example of some of what may be included in the security report. Given that the Secretary of State has said on a number of occasions that supply chain diversification goes hand in hand with the security of the network, it is essential that supply chain diversification is specifically mentioned in the Bill, so that we can have accurate and detailed reports from Ofcom on key aspects of network security.
The amendment will help provide the Secretary of State with the information to update Parliament on the progress of the Government’s diversification strategy, depending on Ofcom’s findings. The Secretary of State has promised to give Parliament such updates, so this is an enabling amendment to ensure that the Secretary of State has the information he needs to provide the reporting that he has committed to.
In support of the amendment, I would like to cite one of the witnesses in our evidence sessions. Dr Alexi Drew, from Kings College, London, was asked whether it was possible to have a secure network without a diverse supply chain, and answered:
“That is a great question that comes with a very simple answer: no. The worst-case scenario for creating a risk in this sense is when monopoly meets supply chain—insecure supply chain in this case. Arguably, the reason why SolarWinds was so successful is that it provided the same service to so many different organisations and departments in the United States. Therefore, if you access one—SolarWinds—you access almost all. That is the risk.”—[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 87, Q110.]
That is a risk that, I am sorry to say, the Bill currently does not sufficiently address. I hope that, by accepting this amendment, the Minister will recognise that we are, as always, seeking to improve the Bill and to ensure that it provides a credible and effective means to secure our networks.
With regard to clauses 11, 12 and 13 stand part, we recognise the importance of providing Ofcom with the appropriate powers to request information, but also to share information related to security. In that respect, these provisions are ones that we can support.
Matt Warman
I welcome the spirit of the amendment. I think that the hon. Lady and I share the same ambition. I know that she wants to have the proper debate later, so we look forward to that.
Clause 11 inserts into the Communications Act 2003 proposed new section 105Z, which deals with Ofcom’s reports on security. It requires Ofcom to produce such reports within two years of the Bill receiving Royal Assent and every 12 months thereafter. As the hon. Lady said, amendment 14 is similar to the amendment to clause 6 that we discussed previously. Ultimately, when considering Ofcom’s role and specifically its reporting function, we should note that proposed new section 105Z(2) requires Ofcom security reports to include such information and advice as Ofcom considers may best assist the Secretary of State in the formulation of policy on telecoms security. That could go beyond the list in proposed new subsection (4) to include other relevant information, such as that related to diversification. The Secretary of State can also direct Ofcom to include information that goes beyond that list.
As the Committee and, indeed, Ofcom will be well aware, the Government have recently published a targeted diversification strategy, which will deliver lasting and meaningful change in the 5G supply chain and pave the way for a vibrant, innovative and dynamic supply market. We heard widespread support for the strategy from witnesses during the oral evidence sessions. The strategy demonstrates our commitment to building a healthy supply market and is backed by a £250 million initial investment.
We have publicly announced that the Government will be funding the creation of a UK telecoms lab to research and test new ways of increasing security and interoperability, and we are already partnering with Ofcom and Digital Catapult to fund the industry-facing test facility SONIC—the SmartRAN Open Network Interoperability Centre. Both of those will play a key part in our investment in diversification and demonstrate Ofcom’s existing part in it.
As already mentioned, amendment 14 would require Ofcom to include in its security reports
“an assessment of the impact on security of”
any
“changes to the diversity of the supply chain for network equipment”.
As that requirement is already essentially covered by Ofcom’s existing powers, the amendment is not necessary. The inclusion of any such information is already within Ofcom’s discretion, but I am sure that we will discuss it more later on, as the hon. Lady said.
Clause 12 expands Ofcom’s information-gathering powers for the purposes of its security functions and enhances its ability to share the information with the Government. It enables Ofcom to require a provider to produce, generate, collect or retain security information, and then to analyse that information. Any information sought using this power must always be proportionate to how Ofcom will use it.
Clause 13 makes provision in connection with the standard of review applied by the Competition Appeal Tribunal in appeals against certain of Ofcom’s security-related decisions. Ofcom’s regulatory decisions are subject to a right of appeal to the tribunal, and that will also be the case for most of Ofcom’s decisions relating to the exercise of its regulatory powers conferred by the Bill. This clause makes provision to ensure that the tribunal is not required to modify its approach in appeals against relevant security decisions, and should instead apply ordinary judicial review principles.
I hope that I have sufficiently explained to the Committee why amendment 14 is unnecessary and why clauses 11 to 13 as drafted should stand part of the Bill.
Chi Onwurah
I thank the Minister for his comments. Although we agree on many things in many areas, I think that in this case he is trying to have his cake and eat it, inasmuch as he is saying that amendment 14 is not necessary because Ofcom already has the powers, but he is reluctant or is refusing to specify that those powers will be used for the objective of reporting on the progress of diversification of the supply chain. It was good to hear the Minister reiterate the importance of diversification of the supply chain, but I remain confused about whether he agrees with the evidence and, indeed, with his own Secretary of State that diversification of the supply chain is a prerequisite of the security of our networks and, indeed, our national security—that is what we are discussing with regard to our telecoms networks. If diversification is a prerequisite, why is the Minister so reluctant to refer to it? If he is so confident in the plan to diversify our supply chains, why is he so reluctant to insert any requirements to report on the progress of that diversification?
I listened intently: the Minister said that Ofcom has the powers to report on whatever it considers to be relevant to security. During the evidence session, we heard from Ofcom itself, very clearly and repeatedly, that it is not for Ofcom to make decisions on national security. It will not make national security decisions. That is not within its remit and responsibilities; the witnesses from Ofcom stated that repeatedly and clearly. I would be happy to read from Hansard if that point is in question. Given that Ofcom will not make security decisions and that the diversification of the supply chain is essential for security, I am at a loss to understand why the Minister will not accept a reference to reporting on the progress of diversification. Although, unfortunately, the pandemic means that we are not at full strength on the Opposition side of the Committee, I wish to test the will of the Committee on the amendment.
Question put, That the amendment be made.
Chi Onwurah
I beg to move amendment 15, in clause 14, page 21, line 28, leave out from beginning to end of line 30 and insert—
“(3) The reports must be published not more than 12 months apart for the first 5 years, then not more than 5 years apart.
(4) The first report must be published within the period of 12 months beginning with the day on which this Act is passed.”.
This amendment requires the Secretary of State to report on the impact and effectiveness of clauses 1 to 13 every year for the first five years after the Act is passed, and then every five years following.
The amendment reflects another of our key concerns about the Bill, which is the level and extent of appropriate scrutiny for such broad and sweeping powers. It seeks to ensure appropriate scrutiny. Clause 14 requires the Secretary of State to review the impact and effectiveness of clauses 1 to 13 at least every five years. Our amendment would require the report to be published every year for the first five years after the legislation is passed, and then up to every five years after that.
As we have said, the Bill gives the Secretary of State and Ofcom sweeping powers. We want to ensure both that they are proportionate and that there is accountability. As we have previously emphasised, we are sure that the Minister and the Secretary of State are inclined to exercise the powers in a proportionate and accountable way, but they will not be in their posts forever, and perhaps not for the entire first five years of the legislation’s operation, so it is important that the Bill requires that Parliament be able to scrutinise its effectiveness, as that is so important to our national security. In that sense, this amendment follows amendments 5, 9 and 10 with respect to the requirement for appropriate oversight and accountability.
I emphasise—I am sure that you will understand, Mr Hollobone—that in some ways we are here because of a lack of effective parliamentary scrutiny of the presence and growth of high-risk vendors in our networks. It was only when Parliament became aware of and was able to give its full-throated input on concerns about the dominance of high-risk vendors in our telecommunications market that the Government took action. We do not want to be in the position of finding again that there has been a dramatic change in the security of our networks without appropriate scrutiny.
Clause 14 states that the Secretary of State must
“carry out reviews of…impact and effectiveness”
and that the report must be laid before Parliament for parliamentary scrutiny. However, we are to wait up to five years before it will be made possible to give parliamentary scrutiny to a Bill that is so important to national security, as both the Minister and the Secretary of State, and indeed the security services, have emphasised. We are not to review its effectiveness for five years.
Sara Britcliffe (Hyndburn) (Con)
Does not the clause state that the period is up to five years? The review could be done during that period; it would not have to be at the five-year mark every time.
Chi Onwurah
The hon. Lady is absolutely right. The clause enables the Minister or Secretary of State to choose to lay a report more frequently. Again, I do not want to impute anything against the Minister or the Secretary of State, but given the importance of the subject and of parliamentary review, why not ensure that it is more frequent?
I am sure that the hon. Lady will agree that Parliament has many things to consider, and so does the Secretary of State. There is competition for parliamentary time, particularly in a pandemic and in view of the challenges that we shall face in the next few years. How can I put this? We have concerns that the priority may slip in the face of, for example, economic challenges, investment challenges and recovery challenges. We want to be sure what is happening. We are the party of national security and we want to ensure that, in this context, national security is brought to Parliament to be debated, discussed and reviewed at least every year.
Matt Warman
I listen with interest to the points that the hon. Lady makes, and to the assertion that she is a member of the party of national security. I welcome her to this side of the House, if that is the case. [Interruption.] Thank you, but no.
As the hon. Lady says, clause 14 is a review clause requiring the impact and effectiveness of clauses 1 to 13 to be reviewed at least every five years by the Secretary of State. The review report must be published and laid before Parliament, but it is by no means the only source of parliament scrutiny, as she knows. Her amendment would increase the frequency of these reports to every year for the first five years after the Bill is passed and then every five years thereafter.
Increasing the frequency of the reports would bring its own challenges for a number of reasons. First, the framework is considerably different from the previous security regime in the Communications Act 2003. It seems to me that we will not be able fully to assess the impact and effectiveness of the new security regime instituted by clauses 1 to 13 until all parts of the framework, including secondary legislation, codes of practice and other things, have been in place for a reasonable period of time. The code of practice that will provide guidance on the detailed security measures that telecoms could take is intended to set clear implementation timelines. Some measures may require significant operational change, as we heard in the evidence sessions for telecoms providers, and we are aware that that may be costly. For that reason, we cannot reasonably expect all changes to be implemented instantly or, indeed, all necessarily at the same time.
There is a further practical difficulty with the amendment. If the first report is to be produced 12 months after Royal Assent, it will require the review to be undertaken well in advance of that deadline. That means that the report will represent an incomplete picture of the Bill’s impact, even at its very first production. Some measures will not even have been implemented by telecoms providers.
My hon. Friend the Member for Hyndburn was exactly right that the current requirement for publishing reports is at least—rather than at most—every five years. We have been deliberate in our choice of this timeframe because five years is the reasonable point by which we expect the majority of telecoms providers to have implemented most, if not all, changes. It is therefore considered appropriate to require a report on the impact and effectiveness of the framework by that time. I recognise that five years is a long time. That does not mean that the framework will be free from scrutiny in the intervening period. As clause 11(3) sets out, the Bill amends section 134B of the Communications Act so that Ofcom’s regular infrastructure reports will include information on public telecoms providers’ compliance with the new security framework. Ofcom publishes the reports annually, rendering the amendment unnecessary.
Chi Onwurah
On a point of clarification, I have the impression that the Minister anticipates that the first report under the Bill would only happen once all the requirements had been implemented. I think that that implies that it would only happen once a high-risk vendor, specifically Huawei, had been removed from the network.
Matt Warman
No is the short answer, because while this is a progress report, five years from 2021 is 2026—the deadline is 2027, even at the most extreme end, which is not where we anticipate it will end up—and it would be before the point that she identifies.
The infrastructure reports from Ofcom will help to provide Parliament and the public with a view on how telecoms providers are progressing with compliance with the new framework. As I alluded to earlier, they are not the only means of parliamentary scrutiny. We have the Intelligence and Security Committee and we have Select Committees. I suspect that there might be one or two debates on this matter over the next five years as well. To pretend that this is the only method of parliamentary scrutiny is not accurate.
Chi Onwurah
If the Minister will give way briefly, he may find it saves time. To clarify: for the first report we will not necessarily have to wait until all the provisions of delegated legislation associated with the Bill are in place. As for the infrastructure reports that Ofcom publishes, to which he refers as a form of alternative scrutiny, will they, might they or will they not reflect progress in the diversification of the supply chain?
Matt Warman
The hon. Lady asks me to predict what is in a report that has not been written yet by an organisation that is not a Government Department. I agree with the principle of what she is saying. This is an important aspect and one would reasonably expect it to be reflected in the reports that we have talked about. It is, however, important overall to say that Ofcom’s own regular infrastructure reports will, as I have said, include information on public telecoms providers’ compliance with the new security framework, which is the broadest interpretation and gives a huge amount of latitude for the sorts of information that she seeks. I hope that those infrastructure reports will help to provide Parliament with the kind of scrutiny that she seeks, and the public with the kind of scrutiny that we all seek. [Interruption.] For those reasons I hope that she will withdraw the amendment.
Chi Onwurah
I thank my right hon. Friend the Member for North Durham for an exciting intervention from his phone, and I thank the Minister for his comments. As I think I have said, I spent six years working for Ofcom with the Communications Act 2003 on my desk. I know the importance that our independent regulator places on the words of the Minister during such debates as this. As he has indicated that the reports would do well to include reference to everything that appertains to security, including the diversification of supply chain, I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Clause 14 ordered to stand part of the Bill.
Clause 15
Designated vendor directions
Chi Onwurah
I will speak to amendments 18 and 19, standing in my name and those of my hon. Friends, and to clauses 15 to 17. As the Minister set out, the clauses are about key powers in the Bill that seek to secure our networks and to regularise requirements already in place, albeit informally or not legally, to remove Huawei as a specific high-risk vendor from our networks. The clauses give Government the powers to do what they have said they will do.
On the clauses, I will not repeat what the Minister said, and I congratulate him on clearly setting out their powers, which the Opposition believe are necessary. I also join the Minister and my right hon. Friend the Member for North Durham in paying tribute to our security services, which do such great work to keep us secure across a wide range of threats and challenges—both present and evolving—and on whose continued work and effectiveness the Bill is highly dependent. As my right hon. Friend set out, we want to ensure that national security is absolutely at the heart of the Bill.
The Chair
Order. The hon. Lady has done really well, but we are not debating clause 17 stand part. She can refer to the other clause if she wishes.
Chi Onwurah
Thank you for the clarification, Mr Hollobone. I see that we are discussing whether clauses 15 and 16 stand part. I support those clauses and look forward to the Minister’s response to the amendment.
Matt Warman
I pre-emptively covered a lot of the hon. Lady’s questions, but I will say two brief things. She talked about consolidation in the cloud sector. While the Bill is very much a national security Bill, the National Security and Investment Bill would cover consolidation in that sort of sector, rather than this one. Obviously they do work together.
Chi Onwurah
The point I am making—clearly, I did not make it effectively—is that that sector is becoming this sector. The cloud sector is becoming the telecoms sector. The reason we need this Bill in addition to the National Security and Investment Bill is to address the security concerns of the telecoms sector specifically. The cloud sector is becoming part of the telecoms sector, yet the Bill does not address those concerns.
Matt Warman
The hon. Lady is not wrong, obviously, in the sense that there is a potential conversation to be had about when a cloud provider is a telecoms provider and vice versa, if I can put it like that, although it is not the most elegant way of doing so. However, the point is that the reason we have comprehensive coverage of the landscape is because we have both the National Security and Investment Bill, which she debated recently, and this Bill. The broad powers that she described are intended to provide precisely that sort of coverage.
Similarly, the hon. Lady referred to the length of the list in clause 16 of matters that can be taken into consideration. That relates to the point I made previously, namely that the sorts of issues that she is talking about, such as data flows, are already covered in the long list. The list is as long as it is because it is intended to look to the future. Therefore, being prescriptive in the way that she describes is fundamentally unnecessary. We are not excluding what she wants to be on the list. A matter is already very much there if it is pertinent to national security. For that reason, I do not think there is a compelling case to add that single topic to the list, both because it is already there and because if we start going down that route, we could make the case for adding a host of other things that are already covered but that people might want to be mentioned specifically.
As I said earlier on the convergence of the two sectors, the point is that we have comprehensive coverage through both Bills. It will be for the NCSC, Ofcom and the Government to make a judgment as to whether any consolidation in a sector poses a national security risk.
Mr Jones
My hon. Friend the Member for City of Chester said that we were going over old ground, and to a certain extent we are because some of the amendments reflect those that I moved last week.
May I say at the outset, Mr Hollobone, that the Minister has been an exemplar in engaging with and briefing the ISC? He has set something of a precedent; usually we have only Cabinet Ministers or Prime Ministers before us to give evidence. He is one of the few junior Ministers to have appeared before us, so I congratulate him. He did it because he wanted to engage with the issues. He must therefore be commended on his commitment to ensure that there is scrutiny. However—this is not to wish his demise, but to argue for his promotion—he will not be there forever. I think he does not quite understand why the Government are not at least moving on this.
The ISC’s remit is defined in the Justice and Security Act 2013. It sets out which Departments we cover, and the Department for Digital, Culture, Media and Sport is not one of them. However, as I said last week, security is increasingly being covered by other Departments, and this Bill is a good example. The National Security and Investment Bill is another one, where security decisions will be taken by the Secretary of State for Business, Energy and Industrial Strategy. Parliament must be able to scrutinise that.
If a high-risk vendor is designated as banned from the network by the Secretary of State for Digital, Culture, Media and Sport, there are perfectly good reasons why the intelligence behind that cannot be put into the public domain. The methods by which such information is acquired are of a highly sensitive nature, so it would not only expose our security services’ techniques, but in some cases would make vulnerable the individuals who have been the source of that information. I think most people would accept that that is a very good reason.
This sort of thing is happening increasingly. We have the two Bills that I have referred to, but we also have the Covert Human Intelligence Sources (Criminal Conduct) Bill, which will come back to the House tomorrow. Covert human intelligence and the ability to collect intelligence on behalf of our security services is very important. Most of that is covered by the Home Office, and covert human intelligence sources are covered by the ISC’s remit and can be scrutinised. However, there is a long list of other organisations that will be covered by tomorrow’s Bill, including—we never quite got to the bottom of this—the Food Standards Agency, for example. Again, how do we ensure that there is scrutiny of the decisions?
We also have—this has come out of the pandemic—the new biosecurity unit in the Department of Health. Again, there is no parliamentary scrutiny, because the Health and Social Care Committee will not be able to look at the intelligence that supports so much of that. An easy way out of this is in the Justice and Security Act 2013: the memorandum of understanding, which just means that, were our remit extended to look at this and other matters, the ISC could oversee and ask for the intelligence.
Having spoken to the Business Secretary and the Minister, who sympathises with us, I am not sure where the logjam is in Government. The point is that an amendment will be tabled in the Lords. Whether the provision is in the Bill or just in the memorandum of understanding between the Prime Minister and the ISC, it is easily done and would give confidence that the process at least had parliamentary oversight.
On many of these decisions, frankly, the oversight would not be onerous; we are asking only that we are informed of them. On some occasions, we might not even want to look at the intelligence. It might be so straightforward that, frankly, it is not necessary, so I do not think that it is an administrative burden. I cannot understand what the problem is. To reiterate what I said last week in Committee, it is not about the ISC wanting to have a veto or block over such things. It is, rightly, for the Government and the Secretary of State to make and defend those decisions.
It is also not about the ISC embarrassing the Government, because we cannot talk in public about a lot of the information that we receive. It is not as though we would publish a publicly available report, because of the highly classified nature of the information. However, the ISC can scrutinise decisions and, if it has concerns, write to the Prime Minister or produce a report for the Prime Minister raising them. That gives parliamentary scrutiny of the Executive’s decisions.
As I say, the report might not be made public. People might ask, “Would that be a new thing?” No—it happens all the time. For example, on the well-publicised Russia report this year, there was a public report with redactions in it and quite an extensive annex, which raised some issues that we were concerned about. That annex was seen only by individuals in Government, including the Prime Minister.
There is already a mechanism, so I fail to understand why the Government want to oppose this. From talking to Ministers privately, I think that there is a lot of sympathy with the position and I think that we will get there eventually. How we get there and in what format, I am not sure—whether the method is to put it in the Bill or to do it through the mechanism in the 2013 Act. That might be a way forward.
Chi Onwurah
I rise to support the excellent comments made by my hon. Friend the Member for City of Chester and my right hon. Friend the Member for North Durham. I did well to delay my remarks till after my right hon. Friend had spoken, because he has set out very effectively, based on his considerable experience as a long-standing member of the Intelligence and Security Committee, both why it is important that that Committee should be consulted and receive the reports, and why it is hard to understand the Minister’s reluctance both in this Bill and in the National Security and Investment Bill to involve a source of such credible security expertise and, importantly, security clearance in key issues of national security.
I want to add two points to those made by my right hon. and hon. Friends. The first is to reiterate a point made previously: our security threats are changing, evolving and, unfortunately, diversifying. We see that in changes to our defence spending, in changes in the national review of our defence capabilities, and in changes in the evolution of the geopolitical landscape—the potential source of threats. However, the Minister does not seem able to support reflecting that by ensuring that, rather than keeping to our existing modes of parliamentary scrutiny, we enable parliamentary scrutiny of issues of national security by those who are best placed to carry out such scrutiny—undoubtedly members of the Intelligence and Security Committee.
I want to point briefly to a discussion in the evidence sessions. Ofcom made it clear that it does not consider itself in a position to make national security decisions, which is understandable, and that some of the decisions and considerations about national security with regards to telecommunications networks would require people who have STRAP clearance. Ofcom’s group director for networks and communications pointed to the fact that she had had STRAP clearance previously, and she said that if the NCSC
“feels that that is needed for the type of information that we may need to handle, we would make sure that happened.”––[Official Report, Telecommunications (Security) Public Bill Committee, 14 January 2021; c. 90, Q115.]
To my knowledge, Digital, Culture, Media and Sport Committee members do not have STRAP clearance. I would like the Minister to comment specifically on the level of security clearance required for members of the Committee that he has identified as being the location for scrutiny of important issues of national security. What level of security clearance do its members have? Would that enable the scrutiny that we all agree is in the best interests of the Bill?
I would like the Minister to respond to a specific example. Amendments 20, 22, 23, 24 and 25 are designed to require that the Intelligence and Security Committee has access to the appropriate information. There is a requirement for the Secretary of State to lay before Parliament a copy of a designated vendor direction, as set out in clause 15, which inserts new section 105Z11 into the Communications Act 2003. The new section states:
“The Secretary of State must lay before Parliament a copy of—
(a) a designated vendor direction;
(b) a designation notice;
(c) a notice of a variation or revocation of a designated vendor direction; and
(d) a notice of a variation or revocation of a designation notice.”
So far, so good—we have that scrutiny. However, the new section also says:
“The requirement in subsection (1) does not apply if the Secretary of State considers that laying a copy of the direction or notice (as the case may be) before Parliament would be contrary to the interests of national security.”
Chi Onwurah
We support clause 17 and our amendments are intended to make it more accountable to Parliament and therefore more successful and effective in securing our national security.
The Chair
Order. I misled the hon. Lady. We are now discussing amendments 20 and 22 to 25. When we finish the debate on those amendments, we will debate clause 17 stand part. The hon. Lady may want to save this part of her remarks until the next debate.
Chi Onwurah
Thank you, Mr Hollobone. It is sometimes confusing to know exactly what is being discussed at what point. With that, I ask the Minister to respond to our concerns about the scrutiny of the powers in the clause.
Matt Warman
I welcome the second salvo in the campaign to address this matter by the right hon. Member for North Durham. He said it would be an ongoing campaign.
This group of amendments would require the Secretary of State to provide information relating to a designated vendor direction or designation notice to the ISC. The amendments would require the Secretary of State to do this only where directions and designation notices had not been laid before Parliament, whether in full or in part, as a result of the national security exemptions in clause 17. It will not surprise the right hon. Member for North Durham or other Opposition Members that some of these short remarks will overlap with the conversation that we had earlier on a similar matter.
Amendment 20 would require designated vendor directions or designation notices to be provided to the ISC. Amendments 22 to 25 would require the Secretary of State also to provide the ISC with copies of any notifications of contraventions, confirmation decisions and so on. Although I recognise some Members’ desire for the ISC to play a greater role in the oversight of national security decision making across government, including in relation to this Bill, the amendments would, as the right hon. Member for North Durham knows, extend the ISC’s role in an unprecedented way. None the less, I thank his welcome for my unprecedented appearance.
As I said in the debate on amendment 9, the ISC’s primary focus is to oversee the work of the security and intelligence agencies. Its remit is clearly defined in the Justice and Security Act 2013, and the accompanying statutory memorandum of understanding, to which the right hon. Gentleman referred. I do not think he thinks it is my place to take a view on that role, and I do not think this Bill is the place to have that debate.