Baroness Lane-Fox of Soho (CB)

- Hansard -

Copy Link

-

My Lords, even just a few years ago it would have seemed slightly surprising that a dotcom entrepreneur was speaking in a debate about national security. Now it would seem surprising if I were not. In fact, I am looking forward to contributing as a new member of the Joint Committee on the National Security Strategy. I also declare my interest as a director of Twitter and co-founder of Doteveryone, a charity fighting for a fairer internet.

The world has changed irrevocably and irrefutably with the immensely rapid rise of the internet and digital technologies. When Brent Hoberman and I started Lastminute.com 20 years ago, we were grappling with the early technologies to make credit card payments safe on the web, and the largest cloud we faced was the drama that the potential of the millennium bug was presenting. Now we face a set of complex and interrelated challenges unprecedented in human history, and all exaggerated by the global and borderless nature of the technology that is woven so deeply into our everyday lives.

There are many themes relating to security and it would take far more time than I have today to describe even just what has happened in recent history. Look at what we have faced in the last few months: NHS data breaches; WannaCry ransom attacks; ATMs hijacked; fake news; Jihadi content on YouTube. Now let us think for a moment of a potential future: more use of big data; autonomous vehicles hitting our roads; the internet of things being implemented all over the place; and more and more machine learning, underpinning all our systems.

I want to tick off three areas: first, the role of the large tech platforms; secondly, the levels of digital understanding in Parliament; and thirdly, the wider digital security of our citizens. First, on the large technology businesses—the so-called platform businesses —I am the last person to rush to the defence of the monopolies that dominate our consumer internet. Indeed, it is one of the greatest surprises of my life that more of the original promise of the web, to redistribute and enable many more voices to be heard, has not been fulfilled. Five large companies dominate our online world and they have unimaginable power: Google, Apple, Facebook, Amazon and Microsoft.

However, I find the lack of sophisticated debate about the internet and security in the media—and, in parallel, the knee-jerk reaction by parliamentarians—extremely serious. Too often, all the internet is lumped together and blamed for an attack in the real world. It has recently been felt that, as long as we turned the internet off, we would all be safe. This weekend, I was lucky enough to hear John Kerry give a masterful Ditchley lecture in which he highlighted this point, calling for elected representatives to be honest with us all about the real causes of extremism—and he specifically talked about social media. He reminded the audience that the young people demonstrating in Tahrir Square during the Arab spring organised themselves using Twitter, and they were not terrorists. They needed the anonymity of social media to stay safe. As Professor Peter Neumann and Dr Shiraz Maher have written earlier this year, big social media platforms have cracked down on jihadist accounts, with the result that most jihadists are now using end-to-end encrypted messenger platforms, such as Telegram. This has not solved the problem, it has just made it different. Moreover, few people are radicalised exclusively online; blaming social media platforms is politically convenient and intellectually lazy.

As we have heard, some of the big tech businesses have now come together to form the global internet forum to continue to fight extremism. They will work on four strands. First, there will be sharing and developing new software to detect terror-related content. I must spend a moment explaining that this is harder than many realise. To use Twitter, an example that I know well, if we run an algorithm that we believe has 90% accuracy in finding inappropriate content, we might wrongly remove 50 million tweets—at 90% accuracy. Secondly, they will research bringing academics, industry and government together to share intelligence on the nature and scale of problems. There will be knowledge-sharing with smaller companies, as many tech companies find themselves suddenly with huge user bases and without the infrastructure to deal with those new legal and policy issues. This group will share best practice and help them to set up internal systems. Lastly, it will focus on counter-speech, boosting efforts by working in communities.

The noble Lord, Lord King, talked of the German Government’s recent decision to impose massive fines on these businesses. Although I believe that that might be the wrong solution and hard to implement, it is imperative that Governments hold those companies’ feet to the fire and make no apologies for them. They have been too slow to realise the gravity of the content created on their watch. Nevertheless, we cannot undermine a free and secure internet for political expediency, or allow the systems underpinning our daily lives to be weakened. It was refreshing to hear Robert Hannigan, the ex-head of GCHQ, speak so eloquently just this morning on Radio 4 about why the idea of a so-called “back door” into encryption is flawed and shows the gap between the reality of this dangerous activity online and perception.

That brings me to my second point. How will we ensure that we make the right decisions if our parliamentarians do not have the experience from which to understand these issues? I find it hard, and I have devoted my life to the technology sector. I believe that the gap between innovations driving the pace of change in citizens’ lives and the ability of policymakers to keep up is one of the most pressing questions that we face. Do we need new global institutions? Do we need more-focused parliamentary education programmes? As a local example, Doteveryone, the charity that I started, runs an MP mentoring programme; a small cohort of MPs were matched with digital mentors to help to increase their knowledge. It was a huge success. Corporate boards now have digital security in all its forms as a top priority. Compared to a few years ago, it would be as unacceptable if a CEO claimed that she did not understand its seriousness as it would be if she said that she did not understand the balance sheet. This has to be true in the public sector, too. Every new Minister should have the tools to ask the right questions when they start a new brief or run a new department; only then will we avoid such a situation as the mammoth failure to upgrade departmental software witnessed in the NHS.

Finally, I was very struck by research that I read about at the weekend, undertaken by Haifa University. Do random cyberattacks increase feelings of anxiety and panic? It is surprising to me that that was the first such study of the wider impact of cyberattacks; it is unsurprising that the results overwhelmingly showed that when an attack happens cortisol levels are raised and people immediately feel more anxious. Perhaps most interestingly, those feelings then led to a formation of more-militant political beliefs.

I end with that, as we are only at the beginning of understanding how these cyberthreats will affect us all. Noble Lords will have heard me talk before about the urgent need to increase skills in citizens who do not understand technology, but that is not enough. We must be relentless in encouraging digital understanding at all levels, for everyone. Only then will we be able to talk honestly about the threats that we face and make the right decisions, both individually and nationally, to keep us safe. I fervently believe in the power of an open internet to help in this endeavour. We cannot allow an already fearful public to become more fearful of technology. I urge the Minister to do what she can to tone down the alarmist rhetoric that comes from many parts of government and the media so that we can engage in a well-informed debate.