Craig Mackinlay (South Thanet) (Con)

- Hansard -

Copy Link

-

It is always a pleasure to serve on one of your Committees, Mr Hollobone. Usually, pieces of delegated legislation do not create a great deal of interest, but this is one that I am most excited about, as the Minister will be pleased to hear, because this is a topic that I have been discussing in various quarters for some years.

I am concerned about the internet of things—what is actually happening within the clever software and products? Frankly, they go beyond my full understanding and, I am sure, beyond that of many in the room. If I understand it correctly, the whole concept of the statutory instrument is for consumers to have some certainty that the products they are buying are safe as regards their data security and that they will not be hacked through cyber-activity.

The regulations will apply to a multitude of goods. Those goods are expanding exponentially, whether that is the clever fridge that—if one is lucky enough to buy one—says when more milk is needed, or the Ring door camera telling the owner by text message or some app on their telephone that someone is at the door. If I put my hand in the air—I might even be able to make it happen—Siri starts talking to me. What is happening there? What is Siri listening to, and what is Siri listening to that it should not be listening to? One hopes that software from a known, big global brand has more security, surety and safety associated with it, and I hope our trust in some of these bigger organisations, such as Apple, is duly found.

One need only look on Amazon these days—I am not pointing out Amazon for any great reason—to see that the number of internet of things products available is truly vast. I would not even like to go through the whole gamut of what is available. There are speakers, baby cameras and even lightbulbs—I purchased one not too long ago. Obviously, a variety of watches from big brands is available—or smaller brands from China, available at a fraction of the price of the bigger brands but seemingly to the user doing all the same clever things. One wonders at times whether that cheapness is meant to encourage us to buy a product for good or ill.

I raised that very issue with National Trading Standards in the European Scrutiny Committee. Members might think, “Why on earth is the European Scrutiny Committee thinking about these things?” The hearing was on product standards related to Northern Ireland and border issues. Generally, National Trading Standards is interested in whether something will catch fire when we plug it in. Will it be physically safe and not burn the house down, scald someone or catch light? When I raised my concerns about the in-built software, National Trading Standards said it was a very interesting point, but had no great idea about what to do about it, so a few questions arise.

I note that in the SI there is a required statement of compliance by the manufacturer. The Minister referred to the National Cyber Security Centre. When a product arrives from China or elsewhere into the UK via our purchase from Amazon—not necessarily off the Amazon shelf but perhaps through one of the facilitating agents that it allows—I doubt that the National Cyber Security Centre or National Trading Standards entrench themselves in what it does behind the scenes. That is to say, in the clever software that drives it. Even if they did, it would be at a moment in time.

How often do we buy these products—even a phone? I note that my watch OS is on 9.6.2. It upgraded only last week it is already prodding me that it needs 9.6.3. One wonders, “Why couldn’t they get it right in the first place?” That happens regularly. It could be an innocuous product, such as the baby monitor that we can look at on a clever app on our phone. We merrily download those apps, but after a month or two they scurry off to the internet with all sorts of “agree here” boxes and 15 pages of terms and conditions. I am sure not one person in the room reads them before ticking the box and saying, “I accept all that—just give me the thing”. That item might have been safe when it crossed the border, if it was even tested to that point, which I doubt, but we have very little surety about what happens in the software upgrades. It just scurries off and does its software upgrades; we are all very familiar with that.

Last week, I entered the brave new world of lightbulbs. I had some lighting done and decided on an app that lets me put the lightbulb on from this room should I so wish. Amazing—really consumer friendly. Why did I decide on that app? The electrician who did some work in my home said, “I use this one and I rather like it. It has all the features and does all the bits that one wants it to do.” But do I know what is really happening? Do I know what data is being collected?

There was a report just last week that even something as basic as the Ring camera that tells us when someone is at the front door is scurrying off and sending out all sorts of data—our email address and whatever else we have provided to get it working. Sometimes there is an intrusiveness in the questions asked by some of these apps, and one wonders why they need that sort of information. Often, there is also the question, “Will you allow this app to track you across other websites?” One wonders whether this is just becoming a very grand data capture exercise. I have no concept of where the data goes—for whom, why or anything else. Have any Members in the room had an experience like this? I was discussing a colour of paint with my wife and, lo and behold, I picked up my iPad and Farrow and Ball and Dulux seemed to come up almost before I started writing in the search engine. One wonders what is going on in the background. I ask the Minister: are we likely to test the underlying software when it comes across the border, or simply to rely on self-certification and certificates of compliance?

I am pleased that my hon. Friend the Member for Windsor raised the point about Northern Ireland, because I want us to have very safe and good legislation so that consumers can be sure about the products that they buy. Perhaps the regulations will represent a greater degree of consumer safety than we currently have or had under the old EU legislation. I think that that was the Minister’s intent—for the measures to be world leading and fleet of foot. I think those were the words that he used. But where does that leave us? Products that can enter the EU or are in the EU market—in the Republic of Ireland, for instance—have free access into Northern Ireland. They then have pretty much free access—because we are a United Kingdom, and we should not forget that—into GB. Could we have a situation in which the safety of goods sourced or provided for the consumer in GB, and potentially NI if they can tick the boxes required under single market rules, is degraded when that route from the EU, through the Republic, into NI and into GB, which is allowed, occurs? Or are we going to accept, as we seem to have done, that if CE markings are acceptable in the EU, they are acceptable here?

I will close—I am sure to the great pleasure of many in the room—by saying that this is an expansive debate about serious things, as we connect ourselves to the internet. One wonders: when we buy cheap, are we buying dangerous?

Craig Mackinlay

- Hansard -

Copy Link

-

First time for everything.