All 23 Debates between Matt Warman and Chi Onwurah

Wed 24th Feb 2021
Telecommunications Infrastructure (Leasehold Property) Bill
Commons Chamber

Consideration of Lords amendmentsPing Pong & Consideration of Lords amendments & Ping Pong & Ping Pong: House of Commons
Tue 26th Jan 2021
Tue 26th Jan 2021
Telecommunications (Security) Bill (Seventh sitting)
Public Bill Committees

Committee stage: 7th sitting & Committee Debate: 7th sitting: House of Commons
Tue 26th Jan 2021
Telecommunications (Security) Bill (Eighth sitting)
Public Bill Committees

Committee Debate: 8th sitting: House of Commons
Thu 21st Jan 2021
Telecommunications (Security) Bill (Sixth sitting)
Public Bill Committees

Committee stage: 6th sitting & Committee Debate: 6th sitting: House of Commons
Thu 21st Jan 2021
Telecommunications (Security) Bill (Fifth sitting)
Public Bill Committees

Committee stage: 5th sitting & Committee Debate: 5th sitting: House of Commons
Tue 19th Jan 2021
Telecommunications (Security) Bill (Third sitting)
Public Bill Committees

Committee Debate: 3rd sitting: House of Commons
Thu 14th Jan 2021
Telecommunications (Security) Bill (Second sitting)
Public Bill Committees

Committee stage: 2nd sitting & Committee stage & Committee Debate: 2nd sitting: House of Commons
Thu 14th Jan 2021
Telecommunications (Security) Bill (First sitting)
Public Bill Committees

Committee stage: 1st sitting & Committee Debate: 1st sitting: House of Commons
Tue 24th Nov 2020
Tue 10th Mar 2020
Telecommunications Infrastructure (Leasehold Property) Bill
Commons Chamber

Report stage & 3rd reading & 3rd reading & 3rd reading: House of Commons & Report stage & Report stage: House of Commons & Report stage & 3rd reading
Thu 13th Feb 2020
Tue 11th Feb 2020
Telecommunications Infrastructure (Leasehold Property) Bill (First sitting)
Public Bill Committees

Committee stage: 1st sitting & Committee Debate: 1st sitting: House of Commons & Committee Debate: 1st sitting: House of Commons
Wed 22nd Jan 2020
Telecommunications Infrastructure (Leasehold Property) Bill
Commons Chamber

2nd reading & 2nd reading: House of Commons & 2nd reading & 2nd reading: House of Commons & 2nd reading & Programme motion
Thu 17th Oct 2019

Oral Answers to Questions

Debate between Matt Warman and Chi Onwurah
Thursday 16th September 2021

(2 years, 6 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Matt Warman Portrait Matt Warman
- Parliament Live - Hansard - -

My hon. Friend is very kind; I hope that is not the kiss of death. He is right that, in areas such as Wales in particular, the power of levelling up through digital infrastructure is key. We have recently made positive announcements with the Welsh Government. We look forward to making more, and I know that Montgomeryshire will be a key part of delivering that mission.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Parliament Live - Hansard - - - Excerpts

I congratulate the Minister on retaining his position and welcome the new Secretary of State to hers. The Minister’s is a wide-ranging and critical role, not least because we need our broadband. Parliament, our businesses, our students, our economy and our social lives depend on it—but it is another broken promise. Full fibre by 2025 was the Prime Minister’s pledge, and the 2020 Budget set aside £5 billion to deliver it. Will the Minister confirm that only £1.2 billion of that £5 billion is planned to be spent by 2025 and that, far from full fibre, we will not even get affordable broadband? According to Ofcom, more than 2 million households find it hard to afford broadband, yet the Government are slashing broadband price controls, slashing the broadband budget, slashing universal credit support, and slashing gigabit targets. When will we get the broadband we need?

Matt Warman Portrait Matt Warman
- Parliament Live - Hansard - -

I enjoyed the hon. Lady’s speech, Mr Speaker. The fact remains that this is a £5 billion commitment to—

Oral Answers to Questions

Debate between Matt Warman and Chi Onwurah
Thursday 18th March 2021

(3 years ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Matt Warman Portrait Matt Warman
- Hansard - -

I know just how keen my hon. Friend is to tackle broadband roll-out in the rural parts of his constituency as well as in the urban. As I mentioned, Project Gigabit will lay out a nationwide plan and it will do so in a way that promotes competition so that we get the best that the whole of the market can offer, including Openreach, but also other providers.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab) [V]
- Hansard - - - Excerpts

Our Parliament, our businesses, our students, our economy and our social lives all depend on broadband. In 2019, the Prime Minister promised full fibre for all by 2025, and the 2020 Budget set aside £5 billion for that. Can the Minister confirm that only £1.2 billion of that £5 billion is planned to be spent by 2025, and that today’s decision by Ofcom to remove pricing controls will deliver greater profits for BT while allowing Openreach to charge more in rural areas that are already broadband-poorer? When will the country as a whole get the broadband infrastructure we so desperately need?

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady knows that the Government will spend the £5 billion that has been committed as soon as possible and as quickly as the industry can get the cable into the ground. She also knows that the important balance to strike is between a competitive market that makes sure that we get everyone, from Openreach to Gigaclear to CityFibre, involved, and ensuring that those businesses can make a fair return. That is the balance that Ofcom has sought to strike today.

Telecommunications Infrastructure (Leasehold Property) Bill

Debate between Matt Warman and Chi Onwurah
Matt Warman Portrait Matt Warman
- Hansard - -

Members will be aware, none the less, that despite the importance of that connectivity, there are barriers facing infrastructure deployment, and there is no panacea. But there are steps and then strides and then leaps in the right direction, and this Bill is an important one of those steps.

We expect these provisions, which will affect some 10 million people in the UK who live in flats and apartments, to make a real difference to the vital roll-out of better broadband to which the Government remain totally committed. I trust that Members will have seen that a consultation on further potential changes to the electronic communications code has now been published. We will carefully consider whether further legislative changes are necessary as a result of what we learn from that consultation. Crucially, these measures will take into account the interests of those needing greater connectivity, balancing the interests of landowners as well. Just as with the Bill, that balance is crucial to ensuring that we continue to bridge the digital divide.

The House is here to debate three Lords amendments. I will deal with Lords amendment 1 first. The purpose of Lord Clement-Jones’s amendment on Report in the other place was to clarify that people who rent their flat can make use of the policy in the Bill. Earlier this year, when the Bill made its way through this House, hon. Members felt similarly to Lord Clement-Jones, and that sentiment was subsequently shared in the other place. It remains the case that the Bill has always applied to people living in a flat under the terms of any lease. The most common form of tenancy in the UK, assured shorthold, is a lease, and it has never been our intention to provide otherwise. However, we are aware of the strength of feeling, and while, as drafted, Lords amendment 1 would create an inconsistency with the rest of the electronic communications code, the amendment I am moving clarifies that people who occupy a property under a lease are able to make use of this policy, and it does so in a way that avoids legal ambiguity by clarifying the definition of the lease in the electronic communications code to ensure that that definition includes, for example, any tenancy.

I also encourage the House to agree with Lords amendment 2, tabled in the name of the Minister, Baroness Barran, on Third Reading in the other place in the light of concerns that have been raised there—and, indeed, here—regarding anti-competitive behaviour. It protects competition in the market and ensures that those installing infrastructure do not do so in a way that would prevent a subsequent operator from installing their own apparatus.

I now turn to the main business, which is really in Lords amendment 3. This amendment would add a new clause to the Bill requiring the Secretary of State to commission a review of the impact of the Bill on the electronic communications code, including an assessment of whether the code is sufficient to support 1 gigabit broadband roll-out to every premises by 2025, and further requiring that separate assessments be made of whether the code should be amended to introduce a number of rights, which I will come on to in a minute.

I am grateful to members of the other place for bringing forward the amendment, which the Government understand aims to provide transparency, but those good intentions would none the less introduce some impractical and unnecessary measures to the code that fall outside the purpose of the Bill and, indeed, the code itself. The code is a framework for regulating agreements between landowners and telecoms operators for the installation and maintenance of communications equipment on public and private land. The code is technology-neutral. It is simply not possible to judge whether the code supports access to 1 gigabit broadband because it is not designed to facilitate solely gigabit-capable connections; it is about access to land to facilitate installation, maintenance and upgrading.

That said, while it is logical to assume that, with the market currently deploying those connections, the provisions in this Bill will be used for deployments of those connections, they may equally be used for superfast, ultrafast or other services. The only basis on which to judge the code is to examine the availability of all types of connections. That is why Ofcom, the independent regulator, publishes its annual “Connected Nations” report, which provides a wealth of information on fixed and mobile connections. Should Ofcom raise questions, the Government continue to provide answers in the House and the other place. The report shows progress in 4G and 5G.

Furthermore, there are also other established means of scrutiny through Select Committees. In the past three months, there have been a number of reports from various Select Committees. Hon. Members can rest assured that the Department’s feet are being firmly and regularly held to the fire. Ministers, of course, always relish that process.

The amendment moves on to matters relating to the powers of gas, water and electricity suppliers. The Government recognise that further changes to the code may be required if it is to support the achievement of our coverage and connectivity targets effectively. Shortly before the Bill’s Third Reading in the other place, the Government published a further consultation on possible changes. I encourage Members to respond to that consultation. I am sure they will appreciate and understand the importance of respecting a person’s right to enjoy their property peacefully, so any intervention that seeks to interfere with property rights must be proportionate and justified. The new consultation seeks those reports until 24 March.

Additional permitted development rights are a planning matter and an issue not for this Bill or the electronic communications code. I am sure that many Members know that telecoms operators are afforded significantly more flexibility in how they install their infrastructure. That includes, for example, permitted development rights and exemptions from a number of requirements to request planning permission. That is why my Department continues to work very closely with colleagues in the Ministry of Housing, Communities and Local Government. In August 2019, we launched a joint consultation with MHCLG regarding potential reform of permitted development rights. The Government published our response in July 2020, and, subject to a technical consultation, we will take forward proposed reforms. We expect to publish that consultation in spring this year.

Encouraging telecommunications operators to undertake infrastructure works alongside other works was another issue raised. It relates to the co-ordination of streetworks to promote greater collaboration between telecoms providers, local authorities and the suppliers of gas, water and electricity. My Department has worked closely with the Department for Transport on a number of areas of mutual interest, and it will continue to do so.

In 2020, the Government released a new street manager digital service—the largest update to streetworks in a generation—that has already helped to simplify and improve the planning and co-ordination of works throughout England. That is vital for the deployment of broadband. I hope that hon. Members recognise that streetworks are a transport issue, and not a matter for this Bill or the electronic communications code. It should be noted, furthermore, that roads are a devolved matter and therefore should not be considered in legislation that relates to the reserved matter of telecoms, as this Bill does.

Although we absolutely appreciate and understand that this is a well-intentioned amendment, it is, as I have outlined, none the less impractical. It seeks details on matters outside the code’s competence to provide, such as gigabit connections, and improved planning and streetworks. I hope hon. Members are none the less reassured by the recent publication of the Government consultation, which seeks responses on whether further changes are required to the electronic communications code. I also hope they trust that the Government stand ready to look at the evidence that is made available and act where the need to act is demonstrated. We are hopeful that, once the responses are received and considered, we will have an even more informed idea about the way forward to support the delivery of connectivity and the role that the Government should play in relation to that. I ask the House to disagree with amendment 3.

I thank all hon. Members who are down to contribute for taking an interest in this vital issue. Parliamentary scrutiny is an important part of our commitment to rolling out the broadband that all our constituents deserve across the country. I look forward to hearing the subsequent debate.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab) [V]
- Hansard - - - Excerpts

I begin by thanking colleagues in the other place who have worked so hard to improve the Bill—and for longer than many would have expected, as the Government delayed the Bill until they thought they could resolve their Back Benchers’ concerns on the human rights amendment. That continues to ping-pong as part of the Trade Bill, but I hope we can now move quickly and decisively to resolve the matters of telecoms infrastructure.

The pandemic has shown us how important good fast stable broadband is, with so many people currently depending on it to work from home and stay in contact with friends and family. It is just over a year since I stood at the Dispatch Box for the Second Reading of the Bill and argued that broadband was a vital utility. The pandemic has proved that beyond doubt. I join the Minister in paying tribute to the infrastructure providers who have supported our connectivity at this difficult time, while recognising how much still needs to be done to close the digital divide. I am pleased that the Lords amendments we will be discussing today reflect the issues that Labour has been raising consistently at every stage of the Bill.

The first amendment removes ambiguity over the definition of a lessee and expands the scope of the Bill to be more inclusive with regard to tenants. The amendment would ensure that introductory or probationary tenancies in local authority housing, flexible or joint tenancies and demoted tenancies were all covered. Labour first raised this as amendment 2 on Report, and the Liberal Democrats tabled an amendment in the Lords. This has been replaced by the Government amendment in lieu, with parts (a) and (b) making technical changes to avoid contradictions between this Bill and the Communications Act 2003. We welcome that, but we are concerned that the Government missed this issue, leaving it for others to raise. The interests of tenants as well as those of leaseholders must be kept in mind.

The Government’s amendment, Lords amendment 2, is based on Labour’s amendment 3 on Report. Labour is the party of business, and we are keen to remove barriers to competition and interoperability, and to encourage a competitive market. However, we feel that the Government’s changes to this amendment mean that it does not go far enough.

As the Bill stands, one operator can technically “capture” a building, locking the residents into its service. The Government amendment seeks to ensure that this cannot happen, and the option for diversification is left open. However, it does not encourage deployment and inter- operability. Labour is pleased that the Government have offered concessions on competitiveness and inter- operability, so we will not oppose this amendment as we consider it a gesture in the right direction. However, UK businesses and consumers deserve more than gestures. They need real action to promote competition, and the Bill was a chance for the Government to do that.

Finally, Lords amendment 3 is Labour’s new clause. This has been designed to provide accountability and transparency via a review of the impact of the Bill and the sufficiency of the electronic communications code to support gigabit roll-out. Labour believes that this is vital to ensure that the mechanisms in the Bill are robust and well resourced enough to ensure that legislation does not fail when it makes contact with reality. We do not want to be back here with further legislation after more wasted years for our telecoms infrastructure. This amendment provides the mechanisms to empower the Government to meet and assess their roll-out targets. The Government tell us that the Bill is just about freeholders, but it is clearly part of a larger puzzle. Indeed, the noble Lord Parkinson confirmed that, stating that the Bill was

“one discrete instrument in the Government’s overall strategy”—[Official Report, House of Lords, 2 June 2020; Vol. 803, c. 1331.]

We must know, first, what that strategy is and, secondly, how this Bill is contributing positively or negatively to the telecoms landscape. The Minister said that this would undermine technology neutrality, which is somewhat rich, given that the gigabit ambition was a technologically neutral downgrading of the Prime Minister’s original fibre ambitions.

Telecommunications (Security) Bill (Eighth sitting)

Debate between Matt Warman and Chi Onwurah
Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

It is a pleasure to be back under your chairmanship, Mr McCabe.

I will try to rattle through these as quickly as I can. Clauses 18 to 23 cover monitoring and enforcement, and further provisions relating to non-disclosure and information requirements. Clause 18 gives the Secretary of State the power to give Ofcom a monitoring direction, requiring the regulator to obtain information relating to a public telecoms provider’s compliance with a designated vendor direction and to provide that information in a report to the Secretary of State.

The clause also includes requirements about the form of such reports and the procedures around their provision, but it does not create any new powers for Ofcom, which already has them under section 135 of the Communications Act 2003. The provisions in the clause are an integral part of the compliance regime. The power to give a monitoring direction to Ofcom is necessary to ensure that the Secretary of State has the ability to require it to provide the information needed to assess compliance with designated vendor directions.

Clause 19 provides Ofcom with the power to give inspection notices to public communications providers. The provisions will apply only where the Secretary of State has given Ofcom a monitoring direction. Inspection notices enable Ofcom to gather information from communications providers in relation to their compliance with a direction. The notices are a tool for Ofcom to give effect to its obligations under a monitoring direction.

Clause 19 also sets out the new duties that inspection notices can impose, the types of information that they can be used to obtain and how the duties in an inspection notice will be enforced. Ofcom may only give inspection notices in order to obtain information relating to whether a provider has complied or is complying with a direction. The notice power cannot be used to obtain information relating to whether a provider has complied or is complying with a direction. The notice power cannot be used to obtain information relating to how a provider is preparing to comply with a direction. Ofcom can instead use its other information-gathering powers under section 135 of the Communications Act 2003 to obtain such information.

Clause 20 provides the Secretary of State with the powers necessary to enforce compliance with designated vendor directions, as well as with any requirement for a public communications provider to prepare a plan setting out the steps it intends to take to comply. It is the Secretary of State’s responsibility to issue directions where necessary in the interest of national security. Clause 20 is essential to ensure that the Secretary of State can carry out this role effectively and enforce compliance with any directions issued. New sections 105Z18 to 105Z21 will be inserted into the Communications Act 2003 for this purpose. The provisions set out the process that the Secretary of State will follow in instances where an assessment is made that a public communications provider is not acting in compliance with the direction or with the requirement to provide a plan. The process encompasses giving a contravention notice, enforcing it and imposing penalties for non-compliance. The clause is essential in ensuring that the Secretary of State can carry out the role effectively and deters and penalises instances of non-compliance.

Clause 21 provides the Secretary of State with the power to give urgent enforcement directions. Provisions to enable urgent enforcement are needed in cases where the Secretary of State considers that urgent action is necessary to protect national security or to prevent significant harm to the security of a public electronic communications network, service or facility.

Clause 22 creates a power for the Secretary of State to impose a requirement on public communications providers or vendors not to disclose certain types of information without permission. The provisions are necessary to prevent the unauthorised disclosure of information, which would be contrary to the interest of national security.

Finally, clause 23 creates a power for the Secretary of State to require information from a public communications provider or any other person who may have information relevant to the exercise of the Secretary of State’s functions under clauses 18 to 21. For example, the Secretary of State can require information on a provider’s planned use of such goods or information relating to how a network is provided. It can also include information about the proposed supply of goods or services. The ability to gather such information would ensure that the Secretary of State is able to make well-informed decisions when considering whether to issue designation notices and designated vendor directions. Information obtained through the use of this power can also be used to support the monitoring of compliance, with directions supplementing information gathered by Ofcom through its information-gathering and inspection notice powers.

To summarise, new sections 105Z18 to 105Z21 together establish the power and processes that outline how the designated vendor regime will be monitored and enforced. The provisions in clause 22 are needed to manage the disclosure of information, the unauthorised disclosure of which may be contrary to national security, and clause 23 will ensure that the Secretary of State is able to obtain the information necessary to make assessments to determine whether to give a notice or direction and to assess compliance.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

It is a pleasure to serve under your chairmanship once again, Mr McCabe. I will not detain the Committee long with a consideration of the clauses, and I thank the Minister for so ably setting out what the clauses aim to achieve. Indeed, we on this side recognise the importance and the necessity of clauses 18 to 23 in establishing the process and ensuring the powers to obtain information and enforce direction as part of that process.

We only reiterate a small number of important points to draw attention once again to the breadth of the powers, which enable the Secretary of State to require information to an almost unlimited extent. Given the breadth of the powers, the information and progress on the telecommunications diversification strategy is, once again, notable by its absence. Given the breadth of the requirements, it is notable that there is nothing on progress on the diversification strategy. Nor, if my memory serves me correctly, does the impact assessment reflect the potential costs to either the network operators or Ofcom in exercising these powers. The clauses do not set out the impact and they emphasise once again the importance of Ofcom having the appropriate resources to enable it to carry out the requirements effectively. I hope that the Minister will bear those limitations in mind in his ongoing review of the Bill.

Question put and agreed to.

Clause 18 accordingly ordered to stand part of the Bill.

Clauses 19 to 23 ordered to stand part of the Bill.

Clause 24

Further amendment concerning penalties

Question proposed, That the clause stand part of the Bill.

None Portrait The Chair
- Hansard -

With this it will be convenient to discuss clause 25 stand part.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

As always, my right hon. Friend raises a good point. Having worked for a quango, I had clear insight into the line between independence and dependence, and into the importance of the political will of the Government, regardless of supposed independence. Equally, I saw how any regulator or supposedly independent organisation can be used as a shield for Ministers who do not want to take responsibility.

My right hon. Friend also raises a good point about the hollowing out of capacity in Government Departments. A consequence of 10 years of austerity and cuts is that DCMS and other Departments do not have the capability, capacity or resources that they previously might have enjoyed. I will point out to the Minister the example of the Government’s misinformation unit. It has no full-time employees and is supposed to exist using resources already in the Department—for something as critical now, with the vaccine roll-out, as disinformation.

My right hon. Friend is right to emphasise that given the relationship between the Government and Ofcom, which is an independent regulator, and given the increase in responsibilities that the Bill represents at a time when other responsibilities are also being added to Ofcom, the Minister cannot have it both ways. He cannot have no visibility when it comes to Ofcom’s resources and capacity while giving it yet more responsibility. In fact, this seems to be responsibility without accountability. I hope the Minister will take on board the suggestions in new clauses 3 and 7.

Matt Warman Portrait Matt Warman
- Hansard - -

I thank the hon. Lady for her contributions. To address her central point, it would not be possible for Ofcom to meet the duties Government have tasked it with without addressing the foundational issue of security. It is important that we bear in mind that that is not an exhaustive list, but security will always be a foundational point.

The new clauses would require the Secretary of State to lay a report before Parliament within 12 months of Royal Assent. New clause 3 would require Ofcom to publish an annual report on the adequacy of its budget, resourcing and staffing levels in particular.

As the Committee is aware, the Bill gives Ofcom significant new responsibilities. Ofcom’s budget is approved by its independent board and must be within a limit set by the Government. Clearly, given the enhanced security role that Ofcom will undertake, it will need to increase its resources and skills to meet these new demands. As such, the budget limit set by the Government will be adjusted to allow Ofcom to carry out its new functions effectively. This is of a piece with the direction of travel we are going in. In 2012, Ofcom had 735 employees. Last year, it had 937 employees, so as its remit has expanded, so has its headcount. That will continue to be reflected in the level of resourcing that it will be given.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

The reality is that the relationship between Government Departments and regulators is very often incredibly close, but independence is an important part of regulation. Although the right hon. Gentleman makes a reasonable point about the optimal size for in-house expertise versus external expertise, it is getting the balance right between Ofcom, the National Cyber Security Centre and DCMS that this Government and the reporting measures we already have are fundamentally committed to providing.

The right hon. Gentleman talked about Ofcom’s resourcing. Ofcom will not be making decisions on national security matters, as we have said repeatedly, but it will to be responsible for the regulation around these issues. As the right hon. Gentleman said, the Intelligence and Security Committee has shown great interest in how Ofcom is preparing for its new role.

As for the point about disclosure and resources, I would be happy to write to the ISC to provide further details in the appropriate forum about Ofcom resourcing and security arrangements. This could include information that cannot be provided publicly, including information about staffing, IT arrangements and security clearances of the sort that we have discussed. I hope that Opposition Members understand that that is the appropriate forum to provide reassurance and to satisfy the legitimate requirements of public scrutiny on this issue.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I give way to the hon. Lady.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for giving way and for the tone of his response to the different points we made. I will leave the reassurance about writing to the ISC to my right hon. Friend the Member for North Durham. Does the Minister recognise that that does not address the issue of Ofcom’s resources and reporting more generally, particularly lower down the pipeline, when it comes to national security? We have emphasised again and again the breadth of powers. The Minister has said that Ofcom will have the discretion, for example, to require an audit of all operators’ equipment—an asset register audit. It will take significant resource to understand the audit when it comes back. There are significant resource requirements involved that do not necessarily require security clearance but are nevertheless essential to effective security, and the Minister does not really seem to be offering reassurance on those.

Matt Warman Portrait Matt Warman
- Hansard - -

I would say that there is a sensible place to put some of that information, which is the communication to the ISC that I have offered, and there is a sensible place to put other information, which is the annual reporting that already exists. Hopefully the hon. Lady can find some comfort in the fact that both the information that cannot be shared publicly and the information that can will be subject to an appropriate level of parliamentary and public scrutiny.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

As the hon. Lady said, we have addressed various issues relating to the new clause in previous debates. It is important to stress that Ofcom has the resources that it needs. She talked about its ability to face the future, but in our evidence sessions, we talked to Simon Saunders, the director of emerging technology. I know she does not wish to suggest that Ofcom does not do this already, but demonstrably it is already proactively engaged in horizon scanning.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Speaking as someone who was head of technology at Ofcom, I am aware that it engages in horizon scanning. I am sure the Minister will come on to this, but while there might be horizon scanning to understand how markets evolve and what level of competition may be seen in new markets in the future, the new clause deals specifically with horizon scanning for security and security threats. I am sure the Minister will focus on that.

Matt Warman Portrait Matt Warman
- Hansard - -

It is important to say that we have amended section 3 of the Communications Act 2003, to which the hon. Lady alluded, so that Ofcom must have regard to the desirability of ensuring the security and availability of networks and services, so that should be incorporated into the horizon scanning work.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

This is an important point. I do not think the 2003 Act has been amended, since I had it reprinted a week ago. We were talking about the principal duties. Under section 3, Ofcom has about two and a half pages of duties that it needs to carry out, but only two principal duties. Those principal duties do not mention security.

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady is right, but as of 31 December 2020, section 3(4) states:

“OFCOM must also have regard, in performing those duties, to such of the following as appear to them to be relevant in the circumstances…the desirability of ensuring the security and availability of public electronic communications networks and public electronic communication services”.

It is absolutely there, but I fear we are getting into a somewhat semantic argument.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

The Minister is generous in supporting this back and forth in debate. I will close by pointing out that the duty to which he refers is one of 13 duties, so it can hardly be considered a priority. To put it more fairly, to ensure that it is a principal priority, it would need to be elevated.

Matt Warman Portrait Matt Warman
- Hansard - -

I think an organisation of 937 people can cope with 13 priorities. On one level, however the hon. Lady makes a reasonable point, and it is not one that we disagree with. Security has to be absolutely central to the work that Ofcom will do.

I will not restate the points I have made about how seriously we take the Intelligence and Security Committee and how seriously we will continue to take it. We will continue to write to the Committee on topics of interest as they arise and we are happy to continue to co-operate in the way that I have done; however, as I said in the debate on amendment 9, the primary focus of the ISC is to oversee the work of the security and intelligence agencies, and its remit is defined in the Justice and Security Act 2013. Amending the Bill to require regular reporting to the ISC, as proposed by the new clause, would risk the statutory basis of the ISC being set out across a range of different pieces of legislation.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

That may well be the case, but the right hon. Gentleman is not going to win it here—that is the important point to make. It is right not to try to address this issue in the new clause, but the Government will continue to take very seriously the work of the ISC, as he would expect.

Additionally, the new clause is designed to require Ofcom to provide annual reports to the ISC, which would, as the right hon. Gentleman knows, be particularly unusual in the context of the work of the Committee, as Ofcom will not be making judgments about the interests of national security under the Bill, or as part of its wider function. Ofcom’s role as regulator seems not to be something that comes under the purview of the ISC, even if I understand the broader point. As I said earlier, however, the NCSC is very much under the purview of the ISC, and there are plenty of opportunities for the Committee to interrogate the work of that excellent agency. I am sure the Committee will continue to take up such opportunities with vigour, but as I have said before, it would not be right to seek to reframe the remit of the ISC through the new clause. I ask the Opposition to withdraw it.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his comments and for engaging so readily in debate. I have to say that we feel very strongly about the new clause, both for parliamentary scrutiny and for ensuring that Ofcom is looking forward and assessing future threats. With bated breath, I wish to test the will of the Committee on the new clause.

Question put, That the clause be read a Second time.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

On a point of order, Mr McCabe. I put on the record my gratitude, and that of my right hon. Friend the Member for North Durham and my hon. Friend the Member for City of Chester, to you and your colleague, Mr Hollobone, for the way in which you have expertly chaired proceedings in the Committee. I also sincerely thank all House staff who have supported our work here, including those representing Hansard, and particularly the Clerks, who have been absolutely invaluable in setting out our desires to improve the Bill in clear and orderly amendments and new clauses.

I also thank all members of the Committee from both sides of the House. This detailed, technical Bill is critical for our national security, coming at a time of national crisis, when we are braving—all of us: staff and Members—a pandemic in order to be here. We have had an orderly and constructive debate.

Matt Warman Portrait Matt Warman
- Hansard - -

Further to that point of order, Mr McCabe. What fun we have had! It is a pleasure to come to this point in the Bill’s passage. I echo the hon. Lady’s thanks to the House staff and to yourself, Mr McCabe, and Mr Hollobone. I also reiterate her point that this is a crucial Bill—one that I am glad enjoys cross-party support. I look forward to debating its further stages in the House.

Bill, as amended, to be reported.

Telecommunications (Security) Bill (Seventh sitting)

Debate between Matt Warman and Chi Onwurah
Committee stage & Committee Debate: 7th sitting: House of Commons
Tuesday 26th January 2021

(3 years, 2 months ago)

Public Bill Committees
Read Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 26 January 2021 - (26 Jan 2021)
Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

It is a pleasure to be back under your chairmanship, Mr Hollobone. As we discussed during the debate on amendments to this clause in our previous sitting, clause 6 inserts proposed new sections 105N to R, providing Ofcom with strengthened powers to assess whether providers of public electronic communications networks and services are complying with their security duty. These powers are vital to enable Ofcom to fulfil its expanded and more active role, giving it the tools to monitor and assess providers’ compliance with the new telecoms security framework and providing the basis for commencing any enforcement action.

Proposed new section 105O provides the power to give assessment notices to a provider. Assessment notices may impose a duty on a provider to do a number of different things, which I will briefly summarise. First, providers can be required to carry out, or arrange for another person to carry out, technical testing in relation to their network or service. Secondly, they can be required to make staff available to be interviewed, enabling Ofcom to gain insights into how a provider’s security practices and policies are implemented.

Thirdly, providers can be required to allow an Ofcom employee or an assessor authorised by Ofcom to enter their premises to view documents or equipment. I recognise that that is a significant power, but it is necessary. It is subject to certain restrictions to protect legally privileged information and to limit entry to non-domestic premises only. To provide clarity for telecoms providers, Ofcom will also publish guidance setting out how and when it will use the power. Importantly, providers have a right of appeal.

The powers of assessment set out in the clause are key to enabling Ofcom to carry out the effective and extensive monitoring and assessment of providers’ security practices that is necessary.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

It is a pleasure to serve under your chairmanship, Mr Hollobone, and to come back to this important Bill. I thank the Minister for writing to me and reassuring me on certain matters relevant to the clause. We accept the need for Ofcom to have powers to require information from vendors, but we would like a specific requirement whereby Ofcom can ask vendors for information on the diversity of their supply chains. I will leave further discussion on that for our new clauses. I will support this clause.

Question put and agreed to.

Clause 6 accordingly ordered to stand part of the Bill.

Clause 7

Powers of OFCOM to enforce compliance with security duties

Question proposed, That the clause stand part of the Bill.

None Portrait The Chair
- Hansard -

With this it will be convenient to discuss the following:

Clause 8 stand part.

Clause 9 stand part.

Clause 10 stand part.

Matt Warman Portrait Matt Warman
- Hansard - -

I will seek to move relatively rapidly through these four clauses.

Clause 7 provides Ofcom with enforcement powers in relation to providers’ security duties. The Bill gives Ofcom new powers to impose tough financial penalties on providers who breach their security duties. The penalties range to a maximum fine of 10% of a provider’s annual turnover, which is in line with the maximum fines available for breaching other regulatory requirements. For continuing contraventions, Ofcom can levy a daily penalty of up to £100,000. Penalties that are generally lower than that but still significant will also apply for contravening information requirements, which are subject to a maximum penalty of £10 million or, for a continuing contravention, a penalty of up to £50,000 per day. These penalties ensure that there will be a real financial deterrent to poor security practices. I should also say that, in the most serious cases, or in cases where a provider repeatedly contravenes its security duties, Ofcom would be able to use existing powers to suspend or restrict the provider’s entitlements to provide a network or service. Clearly, that is a step that we hope the regulator will never need to take.

The clause also gives Ofcom an important new power to take action where security is being compromised or is at imminent risk of being compromised. Proposed new sections 105U and 105V of the Communications Act 2003 would enable Ofcom to direct a provider to take interim steps to secure its network or service while Ofcom investigates or pursues further action. This power recognises that contravention of a security duty could result in a security compromise that causes real damage to users of that network or service. Where Ofcom uses that power, it will be required to commence and complete the enforcement process as soon as is reasonably practicable. The clause gives Ofcom the tools it needs to effectively enforce compliance with the new security framework.

Clause 8 sets out the position for bringing civil claims against providers who breach their security duties, which is a matter we touched on in earlier debates. It enables providers to be held accountable not just by Ofcom but by service users, such as members of the public, in cases where loss or damage is sustained by those users as the result of a breach of a duty. Providers owe a duty to any person who may be affected by a contravention of their security duties to take security measures, to comply with specific security duties in any regulations and to inform users of security compromises.

This clause allows any affected person to take legal action should providers breach those security duties. However, any affected person can bring legal proceedings against a provider only with the consent of Ofcom, which may be subject to conditions relating to the conduct of the legal action. This reflects the existing position in the Communications Act 2003 and ensures that providers face legal action only in appropriate circumstances. The clause also makes providers responsible to their users, providing another source of accountability. It allows users to bring legal claims for any losses they have suffered, which is only fair and reasonable.

Clause 9 addresses the interaction between provisions in the Bill and other legislation, specifically national security, law enforcement and prisons legislation. The security duties created by the Bill do not conflict with duties imposed on communications providers by other legislation via these clauses. Equally, we do not want the Bill to affect adversely the important work carried out by our law enforcement agencies, criminal justice authorities and intelligence agencies. The clause gives that clarity to providers about their responsibilities.

Finally, clause 10 requires that Ofcom publish a statement of policy about how it will fulfil its general duty and use specific powers to ensure that providers comply with their security duties. This will provide welcome clarity to industry about the expected use of important new powers. I beg to move that these clauses stand part of the Bill.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I will not detain the Committee long, as we are cracking on through the clauses. I will only emphasise that these clauses give Ofcom broad powers—very broad powers—and measures of enforcement, as well as placing duties on the network operators to all users of their network services. We support these broad powers, but it is incumbent on the Minister and indeed on the Committee to consider whether those powers will receive sufficient scrutiny, and sufficient oversight and input from our security services. We anticipate debating those particular questions in more detail later today. In the meantime, we will not stand in the way of these clauses standing part of the Bill.

Question put and agreed to.

Clause 7 accordingly ordered to stand part of the Bill.

Clauses 8 to 10 ordered to stand part of the Bill.

Clause 11

Reporting on matters related to security

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I welcome the spirit of the amendment. I think that the hon. Lady and I share the same ambition. I know that she wants to have the proper debate later, so we look forward to that.

Clause 11 inserts into the Communications Act 2003 proposed new section 105Z, which deals with Ofcom’s reports on security. It requires Ofcom to produce such reports within two years of the Bill receiving Royal Assent and every 12 months thereafter. As the hon. Lady said, amendment 14 is similar to the amendment to clause 6 that we discussed previously. Ultimately, when considering Ofcom’s role and specifically its reporting function, we should note that proposed new section 105Z(2) requires Ofcom security reports to include such information and advice as Ofcom considers may best assist the Secretary of State in the formulation of policy on telecoms security. That could go beyond the list in proposed new subsection (4) to include other relevant information, such as that related to diversification. The Secretary of State can also direct Ofcom to include information that goes beyond that list.

As the Committee and, indeed, Ofcom will be well aware, the Government have recently published a targeted diversification strategy, which will deliver lasting and meaningful change in the 5G supply chain and pave the way for a vibrant, innovative and dynamic supply market. We heard widespread support for the strategy from witnesses during the oral evidence sessions. The strategy demonstrates our commitment to building a healthy supply market and is backed by a £250 million initial investment.

We have publicly announced that the Government will be funding the creation of a UK telecoms lab to research and test new ways of increasing security and interoperability, and we are already partnering with Ofcom and Digital Catapult to fund the industry-facing test facility SONIC—the SmartRAN Open Network Interoperability Centre. Both of those will play a key part in our investment in diversification and demonstrate Ofcom’s existing part in it.

As already mentioned, amendment 14 would require Ofcom to include in its security reports

“an assessment of the impact on security of”

any

“changes to the diversity of the supply chain for network equipment”.

As that requirement is already essentially covered by Ofcom’s existing powers, the amendment is not necessary. The inclusion of any such information is already within Ofcom’s discretion, but I am sure that we will discuss it more later on, as the hon. Lady said.

Clause 12 expands Ofcom’s information-gathering powers for the purposes of its security functions and enhances its ability to share the information with the Government. It enables Ofcom to require a provider to produce, generate, collect or retain security information, and then to analyse that information. Any information sought using this power must always be proportionate to how Ofcom will use it.

Clause 13 makes provision in connection with the standard of review applied by the Competition Appeal Tribunal in appeals against certain of Ofcom’s security-related decisions. Ofcom’s regulatory decisions are subject to a right of appeal to the tribunal, and that will also be the case for most of Ofcom’s decisions relating to the exercise of its regulatory powers conferred by the Bill. This clause makes provision to ensure that the tribunal is not required to modify its approach in appeals against relevant security decisions, and should instead apply ordinary judicial review principles.

I hope that I have sufficiently explained to the Committee why amendment 14 is unnecessary and why clauses 11 to 13 as drafted should stand part of the Bill.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his comments. Although we agree on many things in many areas, I think that in this case he is trying to have his cake and eat it, inasmuch as he is saying that amendment 14 is not necessary because Ofcom already has the powers, but he is reluctant or is refusing to specify that those powers will be used for the objective of reporting on the progress of diversification of the supply chain. It was good to hear the Minister reiterate the importance of diversification of the supply chain, but I remain confused about whether he agrees with the evidence and, indeed, with his own Secretary of State that diversification of the supply chain is a prerequisite of the security of our networks and, indeed, our national security—that is what we are discussing with regard to our telecoms networks. If diversification is a prerequisite, why is the Minister so reluctant to refer to it? If he is so confident in the plan to diversify our supply chains, why is he so reluctant to insert any requirements to report on the progress of that diversification?

I listened intently: the Minister said that Ofcom has the powers to report on whatever it considers to be relevant to security. During the evidence session, we heard from Ofcom itself, very clearly and repeatedly, that it is not for Ofcom to make decisions on national security. It will not make national security decisions. That is not within its remit and responsibilities; the witnesses from Ofcom stated that repeatedly and clearly. I would be happy to read from Hansard if that point is in question. Given that Ofcom will not make security decisions and that the diversification of the supply chain is essential for security, I am at a loss to understand why the Minister will not accept a reference to reporting on the progress of diversification. Although, unfortunately, the pandemic means that we are not at full strength on the Opposition side of the Committee, I wish to test the will of the Committee on the amendment.

Question put, That the amendment be made.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I listen with interest to the points that the hon. Lady makes, and to the assertion that she is a member of the party of national security. I welcome her to this side of the House, if that is the case. [Interruption.] Thank you, but no.

As the hon. Lady says, clause 14 is a review clause requiring the impact and effectiveness of clauses 1 to 13 to be reviewed at least every five years by the Secretary of State. The review report must be published and laid before Parliament, but it is by no means the only source of parliament scrutiny, as she knows. Her amendment would increase the frequency of these reports to every year for the first five years after the Bill is passed and then every five years thereafter.

Increasing the frequency of the reports would bring its own challenges for a number of reasons. First, the framework is considerably different from the previous security regime in the Communications Act 2003. It seems to me that we will not be able fully to assess the impact and effectiveness of the new security regime instituted by clauses 1 to 13 until all parts of the framework, including secondary legislation, codes of practice and other things, have been in place for a reasonable period of time. The code of practice that will provide guidance on the detailed security measures that telecoms could take is intended to set clear implementation timelines. Some measures may require significant operational change, as we heard in the evidence sessions for telecoms providers, and we are aware that that may be costly. For that reason, we cannot reasonably expect all changes to be implemented instantly or, indeed, all necessarily at the same time.

There is a further practical difficulty with the amendment. If the first report is to be produced 12 months after Royal Assent, it will require the review to be undertaken well in advance of that deadline. That means that the report will represent an incomplete picture of the Bill’s impact, even at its very first production. Some measures will not even have been implemented by telecoms providers.

My hon. Friend the Member for Hyndburn was exactly right that the current requirement for publishing reports is at least—rather than at most—every five years. We have been deliberate in our choice of this timeframe because five years is the reasonable point by which we expect the majority of telecoms providers to have implemented most, if not all, changes. It is therefore considered appropriate to require a report on the impact and effectiveness of the framework by that time. I recognise that five years is a long time. That does not mean that the framework will be free from scrutiny in the intervening period. As clause 11(3) sets out, the Bill amends section 134B of the Communications Act so that Ofcom’s regular infrastructure reports will include information on public telecoms providers’ compliance with the new security framework. Ofcom publishes the reports annually, rendering the amendment unnecessary.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

On a point of clarification, I have the impression that the Minister anticipates that the first report under the Bill would only happen once all the requirements had been implemented. I think that that implies that it would only happen once a high-risk vendor, specifically Huawei, had been removed from the network.

Matt Warman Portrait Matt Warman
- Hansard - -

No is the short answer, because while this is a progress report, five years from 2021 is 2026—the deadline is 2027, even at the most extreme end, which is not where we anticipate it will end up—and it would be before the point that she identifies.

The infrastructure reports from Ofcom will help to provide Parliament and the public with a view on how telecoms providers are progressing with compliance with the new framework. As I alluded to earlier, they are not the only means of parliamentary scrutiny. We have the Intelligence and Security Committee and we have Select Committees. I suspect that there might be one or two debates on this matter over the next five years as well. To pretend that this is the only method of parliamentary scrutiny is not accurate.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

If the Minister will give way briefly, he may find it saves time. To clarify: for the first report we will not necessarily have to wait until all the provisions of delegated legislation associated with the Bill are in place. As for the infrastructure reports that Ofcom publishes, to which he refers as a form of alternative scrutiny, will they, might they or will they not reflect progress in the diversification of the supply chain?

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady asks me to predict what is in a report that has not been written yet by an organisation that is not a Government Department. I agree with the principle of what she is saying. This is an important aspect and one would reasonably expect it to be reflected in the reports that we have talked about. It is, however, important overall to say that Ofcom’s own regular infrastructure reports will, as I have said, include information on public telecoms providers’ compliance with the new security framework, which is the broadest interpretation and gives a huge amount of latitude for the sorts of information that she seeks. I hope that those infrastructure reports will help to provide Parliament with the kind of scrutiny that she seeks, and the public with the kind of scrutiny that we all seek. [Interruption.] For those reasons I hope that she will withdraw the amendment.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank my right hon. Friend the Member for North Durham for an exciting intervention from his phone, and I thank the Minister for his comments. As I think I have said, I spent six years working for Ofcom with the Communications Act 2003 on my desk. I know the importance that our independent regulator places on the words of the Minister during such debates as this. As he has indicated that the reports would do well to include reference to everything that appertains to security, including the diversification of supply chain, I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

Clause 14 ordered to stand part of the Bill.

Clause 15

Designated vendor directions

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Thank you for the clarification, Mr Hollobone. I see that we are discussing whether clauses 15 and 16 stand part. I support those clauses and look forward to the Minister’s response to the amendment.

Matt Warman Portrait Matt Warman
- Hansard - -

I pre-emptively covered a lot of the hon. Lady’s questions, but I will say two brief things. She talked about consolidation in the cloud sector. While the Bill is very much a national security Bill, the National Security and Investment Bill would cover consolidation in that sort of sector, rather than this one. Obviously they do work together.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

The point I am making—clearly, I did not make it effectively—is that that sector is becoming this sector. The cloud sector is becoming the telecoms sector. The reason we need this Bill in addition to the National Security and Investment Bill is to address the security concerns of the telecoms sector specifically. The cloud sector is becoming part of the telecoms sector, yet the Bill does not address those concerns.

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady is not wrong, obviously, in the sense that there is a potential conversation to be had about when a cloud provider is a telecoms provider and vice versa, if I can put it like that, although it is not the most elegant way of doing so. However, the point is that the reason we have comprehensive coverage of the landscape is because we have both the National Security and Investment Bill, which she debated recently, and this Bill. The broad powers that she described are intended to provide precisely that sort of coverage.

Similarly, the hon. Lady referred to the length of the list in clause 16 of matters that can be taken into consideration. That relates to the point I made previously, namely that the sorts of issues that she is talking about, such as data flows, are already covered in the long list. The list is as long as it is because it is intended to look to the future. Therefore, being prescriptive in the way that she describes is fundamentally unnecessary. We are not excluding what she wants to be on the list. A matter is already very much there if it is pertinent to national security. For that reason, I do not think there is a compelling case to add that single topic to the list, both because it is already there and because if we start going down that route, we could make the case for adding a host of other things that are already covered but that people might want to be mentioned specifically.

As I said earlier on the convergence of the two sectors, the point is that we have comprehensive coverage through both Bills. It will be for the NCSC, Ofcom and the Government to make a judgment as to whether any consolidation in a sector poses a national security risk.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Thank you, Mr Hollobone. It is sometimes confusing to know exactly what is being discussed at what point. With that, I ask the Minister to respond to our concerns about the scrutiny of the powers in the clause.

Matt Warman Portrait Matt Warman
- Hansard - -

I welcome the second salvo in the campaign to address this matter by the right hon. Member for North Durham. He said it would be an ongoing campaign.

This group of amendments would require the Secretary of State to provide information relating to a designated vendor direction or designation notice to the ISC. The amendments would require the Secretary of State to do this only where directions and designation notices had not been laid before Parliament, whether in full or in part, as a result of the national security exemptions in clause 17. It will not surprise the right hon. Member for North Durham or other Opposition Members that some of these short remarks will overlap with the conversation that we had earlier on a similar matter.

Amendment 20 would require designated vendor directions or designation notices to be provided to the ISC. Amendments 22 to 25 would require the Secretary of State also to provide the ISC with copies of any notifications of contraventions, confirmation decisions and so on. Although I recognise some Members’ desire for the ISC to play a greater role in the oversight of national security decision making across government, including in relation to this Bill, the amendments would, as the right hon. Member for North Durham knows, extend the ISC’s role in an unprecedented way. None the less, I thank his welcome for my unprecedented appearance.

As I said in the debate on amendment 9, the ISC’s primary focus is to oversee the work of the security and intelligence agencies. Its remit is clearly defined in the Justice and Security Act 2013, and the accompanying statutory memorandum of understanding, to which the right hon. Gentleman referred. I do not think he thinks it is my place to take a view on that role, and I do not think this Bill is the place to have that debate.

Telecommunications (Security) Bill (Seventh sitting)

Debate between Matt Warman and Chi Onwurah
Tuesday 26th January 2021

(3 years, 2 months ago)

Public Bill Committees
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

It is a pleasure to be back under your chairmanship, Mr Hollobone. As we discussed during the debate on amendments to this clause in our previous sitting, clause 6 inserts proposed new sections 105N to R, providing Ofcom with strengthened powers to assess whether providers of public electronic communications networks and services are complying with their security duty. These powers are vital to enable Ofcom to fulfil its expanded and more active role, giving it the tools to monitor and assess providers’ compliance with the new telecoms security framework and providing the basis for commencing any enforcement action.

Proposed new section 105O provides the power to give assessment notices to a provider. Assessment notices may impose a duty on a provider to do a number of different things, which I will briefly summarise. First, providers can be required to carry out, or arrange for another person to carry out, technical testing in relation to their network or service. Secondly, they can be required to make staff available to be interviewed, enabling Ofcom to gain insights into how a provider’s security practices and policies are implemented.

Thirdly, providers can be required to allow an Ofcom employee or an assessor authorised by Ofcom to enter their premises to view documents or equipment. I recognise that that is a significant power, but it is necessary. It is subject to certain restrictions to protect legally privileged information and to limit entry to non-domestic premises only. To provide clarity for telecoms providers, Ofcom will also publish guidance setting out how and when it will use the power. Importantly, providers have a right of appeal.

The powers of assessment set out in the clause are key to enabling Ofcom to carry out the effective and extensive monitoring and assessment of providers’ security practices that is necessary.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

It is a pleasure to serve under your chairmanship, Mr Hollobone, and to come back to this important Bill. I thank the Minister for writing to me and reassuring me on certain matters relevant to the clause. We accept the need for Ofcom to have powers to require information from vendors, but we would like a specific requirement whereby Ofcom can ask vendors for information on the diversity of their supply chains. I will leave further discussion on that for our new clauses. I will support this clause.

Question put and agreed to.

Clause 6 accordingly ordered to stand part of the Bill.

Clause 7

Powers of OFCOM to enforce compliance with security duties

Question proposed, That the clause stand part of the Bill.

None Portrait The Chair
- Hansard -

With this it will be convenient to discuss the following:

Clause 8 stand part.

Clause 9 stand part.

Clause 10 stand part.

Matt Warman Portrait Matt Warman
- Hansard - -

I will seek to move relatively rapidly through these four clauses.

Clause 7 provides Ofcom with enforcement powers in relation to providers’ security duties. The Bill gives Ofcom new powers to impose tough financial penalties on providers who breach their security duties. The penalties range to a maximum fine of 10% of a provider’s annual turnover, which is in line with the maximum fines available for breaching other regulatory requirements. For continuing contraventions, Ofcom can levy a daily penalty of up to £100,000. Penalties that are generally lower than that but still significant will also apply for contravening information requirements, which are subject to a maximum penalty of £10 million or, for a continuing contravention, a penalty of up to £50,000 per day. These penalties ensure that there will be a real financial deterrent to poor security practices. I should also say that, in the most serious cases, or in cases where a provider repeatedly contravenes its security duties, Ofcom would be able to use existing powers to suspend or restrict the provider’s entitlements to provide a network or service. Clearly, that is a step that we hope the regulator will never need to take.

The clause also gives Ofcom an important new power to take action where security is being compromised or is at imminent risk of being compromised. Proposed new sections 105U and 105V of the Communications Act 2003 would enable Ofcom to direct a provider to take interim steps to secure its network or service while Ofcom investigates or pursues further action. This power recognises that contravention of a security duty could result in a security compromise that causes real damage to users of that network or service. Where Ofcom uses that power, it will be required to commence and complete the enforcement process as soon as is reasonably practicable. The clause gives Ofcom the tools it needs to effectively enforce compliance with the new security framework.

Clause 8 sets out the position for bringing civil claims against providers who breach their security duties, which is a matter we touched on in earlier debates. It enables providers to be held accountable not just by Ofcom but by service users, such as members of the public, in cases where loss or damage is sustained by those users as the result of a breach of a duty. Providers owe a duty to any person who may be affected by a contravention of their security duties to take security measures, to comply with specific security duties in any regulations and to inform users of security compromises.

This clause allows any affected person to take legal action should providers breach those security duties. However, any affected person can bring legal proceedings against a provider only with the consent of Ofcom, which may be subject to conditions relating to the conduct of the legal action. This reflects the existing position in the Communications Act 2003 and ensures that providers face legal action only in appropriate circumstances. The clause also makes providers responsible to their users, providing another source of accountability. It allows users to bring legal claims for any losses they have suffered, which is only fair and reasonable.

Clause 9 addresses the interaction between provisions in the Bill and other legislation, specifically national security, law enforcement and prisons legislation. The security duties created by the Bill do not conflict with duties imposed on communications providers by other legislation via these clauses. Equally, we do not want the Bill to affect adversely the important work carried out by our law enforcement agencies, criminal justice authorities and intelligence agencies. The clause gives that clarity to providers about their responsibilities.

Finally, clause 10 requires that Ofcom publish a statement of policy about how it will fulfil its general duty and use specific powers to ensure that providers comply with their security duties. This will provide welcome clarity to industry about the expected use of important new powers. I beg to move that these clauses stand part of the Bill.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I will not detain the Committee long, as we are cracking on through the clauses. I will only emphasise that these clauses give Ofcom broad powers—very broad powers—and measures of enforcement, as well as placing duties on the network operators to all users of their network services. We support these broad powers, but it is incumbent on the Minister and indeed on the Committee to consider whether those powers will receive sufficient scrutiny, and sufficient oversight and input from our security services. We anticipate debating those particular questions in more detail later today. In the meantime, we will not stand in the way of these clauses standing part of the Bill.

Question put and agreed to.

Clause 7 accordingly ordered to stand part of the Bill.

Clauses 8 to 10 ordered to stand part of the Bill.

Clause 11

Reporting on matters related to security

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

We start this debate where we ended our sitting on Thursday, on the diversity of the supply chain. But this is not groundhog day; this is a very different aspect of the diversity of the supply chain. I hope the Minister has noticed that there are three themes to our amendment: national security, diversity of the supply chain and appropriate scrutiny. Those are our key concerns about the Bill as it stands.

We wish to see the Bill debated as speedily as possible. For the record, I reiterate my concern that, in the midst of a pandemic lockdown, where the advice is to stay at home, the Leader of the House requires that Members of Parliament should congregate in one room for several hours. With that in mind, we are cracking on as quickly as possible, and we have made significant progress only this morning. However, we feel strongly that, given the speed at which we are providing the appropriate scrutiny, more time should be devoted to debating the Bill on the Floor of the House. We are cracking on in order to protect, as far as we can, the public health of Members of Parliament, staff, House officials and Clerks, who are doing an amazing job in the midst of a pandemic.

Clause 11 makes provision for reporting by Ofcom on security matters. That includes a duty to provide an annual security report to the Secretary of State. Amendment 14, in my name and those of my right hon. and hon. Friends, requires that network supply chain diversification is included in Ofcom’s report on security. As I said, we anticipate having a broader debate this afternoon on the importance of the diversification of the supply chain to security, as part of the debates on our new clauses, so I will only summarise our key points and concerns now.

This amendment follows amendment 13, which sought to give Ofcom the power to request reports from operators on their supply and the progress of their supply chain diversification. We support steps to remove high-risk vendors from the UK networks, but they must go hand in hand with credible measures to diversify the supply chain. I am afraid it remains the fact that we have no reference to the diversification of the supply chain in the Bill, despite the fact that, as I will briefly outline, both the Secretary of State and experts during our evidence sessions emphasised that we could not have network security without effective diversification.

We cannot have a robust and secure network with only two service providers. Supply chain diversification is absolutely vital to protecting our national security. If a vulnerability exists in one vendor or service provider, that intrusion may be limited to that one vendor or service provider alone. A diversity of suppliers in the supply chain limits the exposure of vital information. This amendment ensures that network supply chain diversification is addressed in Ofcom’s report on security. My key question to the Minister is, how can Ofcom report on security if it is not reporting on supply chain diversification?

The Minister may well say that Ofcom has the power to report on supply chain diversification and to request information on supply chain diversification. As I have said on a number of occasions, the powers in the Bill are broad. That is why effective scrutiny requires some specification of what will be reported upon.

The security report to the Secretary of State should be made as

“soon as practicable after the end of each reporting period”

and

“must contain… information and advice… to assist the Secretary of State in the formulation of policy”.

It must also include the extent to which providers have complied with security duties. That is as an example of some of what may be included in the security report. Given that the Secretary of State has said on a number of occasions that supply chain diversification goes hand in hand with the security of the network, it is essential that supply chain diversification is specifically mentioned in the Bill, so that we can have accurate and detailed reports from Ofcom on key aspects of network security.

The amendment will help provide the Secretary of State with the information to update Parliament on the progress of the Government’s diversification strategy, depending on Ofcom’s findings. The Secretary of State has promised to give Parliament such updates, so this is an enabling amendment to ensure that the Secretary of State has the information he needs to provide the reporting that he has committed to.

In support of the amendment, I would like to cite one of the witnesses in our evidence sessions. Dr Alexi Drew, from Kings College, London, was asked whether it was possible to have a secure network without a diverse supply chain, and answered:

“That is a great question that comes with a very simple answer: no. The worst-case scenario for creating a risk in this sense is when monopoly meets supply chain—insecure supply chain in this case. Arguably, the reason why SolarWinds was so successful is that it provided the same service to so many different organisations and departments in the United States. Therefore, if you access one—SolarWinds—you access almost all. That is the risk.”—[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 87, Q110.]

That is a risk that, I am sorry to say, the Bill currently does not sufficiently address. I hope that, by accepting this amendment, the Minister will recognise that we are, as always, seeking to improve the Bill and to ensure that it provides a credible and effective means to secure our networks.

With regard to clauses 11, 12 and 13 stand part, we recognise the importance of providing Ofcom with the appropriate powers to request information, but also to share information related to security. In that respect, these provisions are ones that we can support.

Matt Warman Portrait Matt Warman
- Hansard - -

I welcome the spirit of the amendment. I think that the hon. Lady and I share the same ambition. I know that she wants to have the proper debate later, so we look forward to that.

Clause 11 inserts into the Communications Act 2003 proposed new section 105Z, which deals with Ofcom’s reports on security. It requires Ofcom to produce such reports within two years of the Bill receiving Royal Assent and every 12 months thereafter. As the hon. Lady said, amendment 14 is similar to the amendment to clause 6 that we discussed previously. Ultimately, when considering Ofcom’s role and specifically its reporting function, we should note that proposed new section 105Z(2) requires Ofcom security reports to include such information and advice as Ofcom considers may best assist the Secretary of State in the formulation of policy on telecoms security. That could go beyond the list in proposed new subsection (4) to include other relevant information, such as that related to diversification. The Secretary of State can also direct Ofcom to include information that goes beyond that list.

As the Committee and, indeed, Ofcom will be well aware, the Government have recently published a targeted diversification strategy, which will deliver lasting and meaningful change in the 5G supply chain and pave the way for a vibrant, innovative and dynamic supply market. We heard widespread support for the strategy from witnesses during the oral evidence sessions. The strategy demonstrates our commitment to building a healthy supply market and is backed by a £250 million initial investment.

We have publicly announced that the Government will be funding the creation of a UK telecoms lab to research and test new ways of increasing security and interoperability, and we are already partnering with Ofcom and Digital Catapult to fund the industry-facing test facility SONIC—the SmartRAN Open Network Interoperability Centre. Both of those will play a key part in our investment in diversification and demonstrate Ofcom’s existing part in it.

As already mentioned, amendment 14 would require Ofcom to include in its security reports

“an assessment of the impact on security of”

any

“changes to the diversity of the supply chain for network equipment”.

As that requirement is already essentially covered by Ofcom’s existing powers, the amendment is not necessary. The inclusion of any such information is already within Ofcom’s discretion, but I am sure that we will discuss it more later on, as the hon. Lady said.

Clause 12 expands Ofcom’s information-gathering powers for the purposes of its security functions and enhances its ability to share the information with the Government. It enables Ofcom to require a provider to produce, generate, collect or retain security information, and then to analyse that information. Any information sought using this power must always be proportionate to how Ofcom will use it.

Clause 13 makes provision in connection with the standard of review applied by the Competition Appeal Tribunal in appeals against certain of Ofcom’s security-related decisions. Ofcom’s regulatory decisions are subject to a right of appeal to the tribunal, and that will also be the case for most of Ofcom’s decisions relating to the exercise of its regulatory powers conferred by the Bill. This clause makes provision to ensure that the tribunal is not required to modify its approach in appeals against relevant security decisions, and should instead apply ordinary judicial review principles.

I hope that I have sufficiently explained to the Committee why amendment 14 is unnecessary and why clauses 11 to 13 as drafted should stand part of the Bill.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his comments. Although we agree on many things in many areas, I think that in this case he is trying to have his cake and eat it, inasmuch as he is saying that amendment 14 is not necessary because Ofcom already has the powers, but he is reluctant or is refusing to specify that those powers will be used for the objective of reporting on the progress of diversification of the supply chain. It was good to hear the Minister reiterate the importance of diversification of the supply chain, but I remain confused about whether he agrees with the evidence and, indeed, with his own Secretary of State that diversification of the supply chain is a prerequisite of the security of our networks and, indeed, our national security—that is what we are discussing with regard to our telecoms networks. If diversification is a prerequisite, why is the Minister so reluctant to refer to it? If he is so confident in the plan to diversify our supply chains, why is he so reluctant to insert any requirements to report on the progress of that diversification?

I listened intently: the Minister said that Ofcom has the powers to report on whatever it considers to be relevant to security. During the evidence session, we heard from Ofcom itself, very clearly and repeatedly, that it is not for Ofcom to make decisions on national security. It will not make national security decisions. That is not within its remit and responsibilities; the witnesses from Ofcom stated that repeatedly and clearly. I would be happy to read from Hansard if that point is in question. Given that Ofcom will not make security decisions and that the diversification of the supply chain is essential for security, I am at a loss to understand why the Minister will not accept a reference to reporting on the progress of diversification. Although, unfortunately, the pandemic means that we are not at full strength on the Opposition side of the Committee, I wish to test the will of the Committee on the amendment.

Question put, That the amendment be made.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I listen with interest to the points that the hon. Lady makes, and to the assertion that she is a member of the party of national security. I welcome her to this side of the House, if that is the case. [Interruption.] Thank you, but no.

As the hon. Lady says, clause 14 is a review clause requiring the impact and effectiveness of clauses 1 to 13 to be reviewed at least every five years by the Secretary of State. The review report must be published and laid before Parliament, but it is by no means the only source of parliament scrutiny, as she knows. Her amendment would increase the frequency of these reports to every year for the first five years after the Bill is passed and then every five years thereafter.

Increasing the frequency of the reports would bring its own challenges for a number of reasons. First, the framework is considerably different from the previous security regime in the Communications Act 2003. It seems to me that we will not be able fully to assess the impact and effectiveness of the new security regime instituted by clauses 1 to 13 until all parts of the framework, including secondary legislation, codes of practice and other things, have been in place for a reasonable period of time. The code of practice that will provide guidance on the detailed security measures that telecoms could take is intended to set clear implementation timelines. Some measures may require significant operational change, as we heard in the evidence sessions for telecoms providers, and we are aware that that may be costly. For that reason, we cannot reasonably expect all changes to be implemented instantly or, indeed, all necessarily at the same time.

There is a further practical difficulty with the amendment. If the first report is to be produced 12 months after Royal Assent, it will require the review to be undertaken well in advance of that deadline. That means that the report will represent an incomplete picture of the Bill’s impact, even at its very first production. Some measures will not even have been implemented by telecoms providers.

My hon. Friend the Member for Hyndburn was exactly right that the current requirement for publishing reports is at least—rather than at most—every five years. We have been deliberate in our choice of this timeframe because five years is the reasonable point by which we expect the majority of telecoms providers to have implemented most, if not all, changes. It is therefore considered appropriate to require a report on the impact and effectiveness of the framework by that time. I recognise that five years is a long time. That does not mean that the framework will be free from scrutiny in the intervening period. As clause 11(3) sets out, the Bill amends section 134B of the Communications Act so that Ofcom’s regular infrastructure reports will include information on public telecoms providers’ compliance with the new security framework. Ofcom publishes the reports annually, rendering the amendment unnecessary.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

On a point of clarification, I have the impression that the Minister anticipates that the first report under the Bill would only happen once all the requirements had been implemented. I think that that implies that it would only happen once a high-risk vendor, specifically Huawei, had been removed from the network.

Matt Warman Portrait Matt Warman
- Hansard - -

No is the short answer, because while this is a progress report, five years from 2021 is 2026—the deadline is 2027, even at the most extreme end, which is not where we anticipate it will end up—and it would be before the point that she identifies.

The infrastructure reports from Ofcom will help to provide Parliament and the public with a view on how telecoms providers are progressing with compliance with the new framework. As I alluded to earlier, they are not the only means of parliamentary scrutiny. We have the Intelligence and Security Committee and we have Select Committees. I suspect that there might be one or two debates on this matter over the next five years as well. To pretend that this is the only method of parliamentary scrutiny is not accurate.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

If the Minister will give way briefly, he may find it saves time. To clarify: for the first report we will not necessarily have to wait until all the provisions of delegated legislation associated with the Bill are in place. As for the infrastructure reports that Ofcom publishes, to which he refers as a form of alternative scrutiny, will they, might they or will they not reflect progress in the diversification of the supply chain?

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady asks me to predict what is in a report that has not been written yet by an organisation that is not a Government Department. I agree with the principle of what she is saying. This is an important aspect and one would reasonably expect it to be reflected in the reports that we have talked about. It is, however, important overall to say that Ofcom’s own regular infrastructure reports will, as I have said, include information on public telecoms providers’ compliance with the new security framework, which is the broadest interpretation and gives a huge amount of latitude for the sorts of information that she seeks. I hope that those infrastructure reports will help to provide Parliament with the kind of scrutiny that she seeks, and the public with the kind of scrutiny that we all seek. [Interruption.] For those reasons I hope that she will withdraw the amendment.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank my right hon. Friend the Member for North Durham for an exciting intervention from his phone, and I thank the Minister for his comments. As I think I have said, I spent six years working for Ofcom with the Communications Act 2003 on my desk. I know the importance that our independent regulator places on the words of the Minister during such debates as this. As he has indicated that the reports would do well to include reference to everything that appertains to security, including the diversification of supply chain, I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

Clause 14 ordered to stand part of the Bill.

Clause 15

Designated vendor directions

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Thank you for the clarification, Mr Hollobone. I see that we are discussing whether clauses 15 and 16 stand part. I support those clauses and look forward to the Minister’s response to the amendment.

Matt Warman Portrait Matt Warman
- Hansard - -

I pre-emptively covered a lot of the hon. Lady’s questions, but I will say two brief things. She talked about consolidation in the cloud sector. While the Bill is very much a national security Bill, the National Security and Investment Bill would cover consolidation in that sort of sector, rather than this one. Obviously they do work together.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

The point I am making—clearly, I did not make it effectively—is that that sector is becoming this sector. The cloud sector is becoming the telecoms sector. The reason we need this Bill in addition to the National Security and Investment Bill is to address the security concerns of the telecoms sector specifically. The cloud sector is becoming part of the telecoms sector, yet the Bill does not address those concerns.

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady is not wrong, obviously, in the sense that there is a potential conversation to be had about when a cloud provider is a telecoms provider and vice versa, if I can put it like that, although it is not the most elegant way of doing so. However, the point is that the reason we have comprehensive coverage of the landscape is because we have both the National Security and Investment Bill, which she debated recently, and this Bill. The broad powers that she described are intended to provide precisely that sort of coverage.

Similarly, the hon. Lady referred to the length of the list in clause 16 of matters that can be taken into consideration. That relates to the point I made previously, namely that the sorts of issues that she is talking about, such as data flows, are already covered in the long list. The list is as long as it is because it is intended to look to the future. Therefore, being prescriptive in the way that she describes is fundamentally unnecessary. We are not excluding what she wants to be on the list. A matter is already very much there if it is pertinent to national security. For that reason, I do not think there is a compelling case to add that single topic to the list, both because it is already there and because if we start going down that route, we could make the case for adding a host of other things that are already covered but that people might want to be mentioned specifically.

As I said earlier on the convergence of the two sectors, the point is that we have comprehensive coverage through both Bills. It will be for the NCSC, Ofcom and the Government to make a judgment as to whether any consolidation in a sector poses a national security risk.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Thank you, Mr Hollobone. It is sometimes confusing to know exactly what is being discussed at what point. With that, I ask the Minister to respond to our concerns about the scrutiny of the powers in the clause.

Matt Warman Portrait Matt Warman
- Hansard - -

I welcome the second salvo in the campaign to address this matter by the right hon. Member for North Durham. He said it would be an ongoing campaign.

This group of amendments would require the Secretary of State to provide information relating to a designated vendor direction or designation notice to the ISC. The amendments would require the Secretary of State to do this only where directions and designation notices had not been laid before Parliament, whether in full or in part, as a result of the national security exemptions in clause 17. It will not surprise the right hon. Member for North Durham or other Opposition Members that some of these short remarks will overlap with the conversation that we had earlier on a similar matter.

Amendment 20 would require designated vendor directions or designation notices to be provided to the ISC. Amendments 22 to 25 would require the Secretary of State also to provide the ISC with copies of any notifications of contraventions, confirmation decisions and so on. Although I recognise some Members’ desire for the ISC to play a greater role in the oversight of national security decision making across government, including in relation to this Bill, the amendments would, as the right hon. Member for North Durham knows, extend the ISC’s role in an unprecedented way. None the less, I thank his welcome for my unprecedented appearance.

As I said in the debate on amendment 9, the ISC’s primary focus is to oversee the work of the security and intelligence agencies. Its remit is clearly defined in the Justice and Security Act 2013, and the accompanying statutory memorandum of understanding, to which the right hon. Gentleman referred. I do not think he thinks it is my place to take a view on that role, and I do not think this Bill is the place to have that debate.

Telecommunications (Security) Bill (Eighth sitting)

Debate between Matt Warman and Chi Onwurah
Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

It is a pleasure to be back under your chairmanship, Mr McCabe.

I will try to rattle through these as quickly as I can. Clauses 18 to 23 cover monitoring and enforcement, and further provisions relating to non-disclosure and information requirements. Clause 18 gives the Secretary of State the power to give Ofcom a monitoring direction, requiring the regulator to obtain information relating to a public telecoms provider’s compliance with a designated vendor direction and to provide that information in a report to the Secretary of State.

The clause also includes requirements about the form of such reports and the procedures around their provision, but it does not create any new powers for Ofcom, which already has them under section 135 of the Communications Act 2003. The provisions in the clause are an integral part of the compliance regime. The power to give a monitoring direction to Ofcom is necessary to ensure that the Secretary of State has the ability to require it to provide the information needed to assess compliance with designated vendor directions.

Clause 19 provides Ofcom with the power to give inspection notices to public communications providers. The provisions will apply only where the Secretary of State has given Ofcom a monitoring direction. Inspection notices enable Ofcom to gather information from communications providers in relation to their compliance with a direction. The notices are a tool for Ofcom to give effect to its obligations under a monitoring direction.

Clause 19 also sets out the new duties that inspection notices can impose, the types of information that they can be used to obtain and how the duties in an inspection notice will be enforced. Ofcom may only give inspection notices in order to obtain information relating to whether a provider has complied or is complying with a direction. The notice power cannot be used to obtain information relating to whether a provider has complied or is complying with a direction. The notice power cannot be used to obtain information relating to how a provider is preparing to comply with a direction. Ofcom can instead use its other information-gathering powers under section 135 of the Communications Act 2003 to obtain such information.

Clause 20 provides the Secretary of State with the powers necessary to enforce compliance with designated vendor directions, as well as with any requirement for a public communications provider to prepare a plan setting out the steps it intends to take to comply. It is the Secretary of State’s responsibility to issue directions where necessary in the interest of national security. Clause 20 is essential to ensure that the Secretary of State can carry out this role effectively and enforce compliance with any directions issued. New sections 105Z18 to 105Z21 will be inserted into the Communications Act 2003 for this purpose. The provisions set out the process that the Secretary of State will follow in instances where an assessment is made that a public communications provider is not acting in compliance with the direction or with the requirement to provide a plan. The process encompasses giving a contravention notice, enforcing it and imposing penalties for non-compliance. The clause is essential in ensuring that the Secretary of State can carry out the role effectively and deters and penalises instances of non-compliance.

Clause 21 provides the Secretary of State with the power to give urgent enforcement directions. Provisions to enable urgent enforcement are needed in cases where the Secretary of State considers that urgent action is necessary to protect national security or to prevent significant harm to the security of a public electronic communications network, service or facility.

Clause 22 creates a power for the Secretary of State to impose a requirement on public communications providers or vendors not to disclose certain types of information without permission. The provisions are necessary to prevent the unauthorised disclosure of information, which would be contrary to the interest of national security.

Finally, clause 23 creates a power for the Secretary of State to require information from a public communications provider or any other person who may have information relevant to the exercise of the Secretary of State’s functions under new sections 105Z1 to 105Z26. For example, the Secretary of State can require information on a provider’s planned use of such goods or information relating to how a network is provided. It can also include information about the proposed supply of goods or services. The ability to gather such information would ensure that the Secretary of State is able to make well-informed decisions when considering whether to issue designation notices and designated vendor directions. Information obtained through the use of this power can also be used to support the monitoring of compliance, with directions supplementing information gathered by Ofcom through its information-gathering and inspection notice powers.

To summarise, new sections 105Z18 to 105Z21 together establish the power and processes that outline how the designated vendor regime will be monitored and enforced. The provisions in clause 22 are needed to manage the disclosure of information, the unauthorised disclosure of which may be contrary to national security, and clause 23 will ensure that the Secretary of State is able to obtain the information necessary to make assessments to determine whether to give a notice or direction and to assess compliance.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

It is a pleasure to serve under your chairmanship once again, Mr McCabe. I will not detain the Committee long with a consideration of the clauses, and I thank the Minister for so ably setting out what the clauses aim to achieve. Indeed, we on this side recognise the importance and the necessity of clauses 18 to 23 in establishing the process and ensuring the powers to obtain information and enforce direction as part of that process.

We only reiterate a small number of important points to draw attention once again to the breadth of the powers, which enable the Secretary of State to require information to an almost unlimited extent. Given the breadth of the powers, the information and progress on the telecommunications diversification strategy is, once again, notable by its absence. Given the breadth of the requirements, it is notable that there is nothing on progress on the diversification strategy. Nor, if my memory serves me correctly, does the impact assessment reflect the potential costs to either the network operators or Ofcom in exercising these powers. The clauses do not set out the impact and they emphasise once again the importance of Ofcom having the appropriate resources to enable it to carry out the requirements effectively. I hope that the Minister will bear those limitations in mind in his ongoing review of the Bill.

Question put and agreed to.

Clause 18 accordingly ordered to stand part of the Bill.

Clauses 19 to 23 ordered to stand part of the Bill.

Clause 24

Further amendment concerning penalties

Question proposed, That the clause stand part of the Bill.

None Portrait The Chair
- Hansard -

With this it will be convenient to discuss clause 25 stand part.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

As always, my right hon. Friend raises a good point. Having worked for a quango, I had clear insight into the line between independence and dependence, and into the importance of the political will of the Government, regardless of supposed independence. Equally, I saw how any regulator or supposedly independent organisation can be used as a shield for Ministers who do not want to take responsibility.

My right hon. Friend also raises a good point about the hollowing out of capacity in Government Departments. A consequence of 10 years of austerity and cuts is that DCMS and other Departments do not have the capability, capacity or resources that they previously might have enjoyed. I will point out to the Minister the example of the Government’s misinformation unit. It has no full-time employees and is supposed to exist using resources already in the Department—for something as critical now, with the vaccine roll-out, as disinformation.

My right hon. Friend is right to emphasise that given the relationship between the Government and Ofcom, which is an independent regulator, and given the increase in responsibilities that the Bill represents at a time when other responsibilities are also being added to Ofcom, the Minister cannot have it both ways. He cannot have no visibility when it comes to Ofcom’s resources and capacity while giving it yet more responsibility. In fact, this seems to be responsibility without accountability. I hope the Minister will take on board the suggestions in new clauses 3 and 7.

Matt Warman Portrait Matt Warman
- Hansard - -

I thank the hon. Lady for her contributions. To address her central point, it would not be possible for Ofcom to meet the duties Government have tasked it with without addressing the foundational issue of security. It is important that we bear in mind that that is not an exhaustive list, but security will always be a foundational point.

The new clauses would require the Secretary of State to lay a report before Parliament within 12 months of Royal Assent. New clause 3 would require Ofcom to publish an annual report on the adequacy of its budget, resourcing and staffing levels in particular.

As the Committee is aware, the Bill gives Ofcom significant new responsibilities. Ofcom’s budget is approved by its independent board and must be within a limit set by the Government. Clearly, given the enhanced security role that Ofcom will undertake, it will need to increase its resources and skills to meet these new demands. As such, the budget limit set by the Government will be adjusted to allow Ofcom to carry out its new functions effectively. This is of a piece with the direction of travel we are going in. In 2012, Ofcom had 735 employees. Last year, it had 937 employees, so as its remit has expanded, so has its headcount. That will continue to be reflected in the level of resourcing that it will be given.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

The reality is that the relationship between Government Departments and regulators is very often incredibly close, but independence is an important part of regulation. Although the right hon. Gentleman makes a reasonable point about the optimal size for in-house expertise versus external expertise, it is getting the balance right between Ofcom, the National Cyber Security Centre and DCMS that this Government and the reporting measures we already have are fundamentally committed to providing.

The right hon. Gentleman talked about Ofcom’s resourcing. Ofcom will not be making decisions on national security matters, as we have said repeatedly, but it will to be responsible for the regulation around these issues. As the right hon. Gentleman said, the Intelligence and Security Committee has shown great interest in how Ofcom is preparing for its new role.

As for the point about disclosure and resources, I would be happy to write to the ISC to provide further details in the appropriate forum about Ofcom resourcing and security arrangements. This could include information that cannot be provided publicly, including information about staffing, IT arrangements and security clearances of the sort that we have discussed. I hope that Opposition Members understand that that is the appropriate forum to provide reassurance and to satisfy the legitimate requirements of public scrutiny on this issue.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I give way to the hon. Lady.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for giving way and for the tone of his response to the different points we made. I will leave the reassurance about writing to the ISC to my right hon. Friend the Member for North Durham. Does the Minister recognise that that does not address the issue of Ofcom’s resources and reporting more generally, particularly lower down the pipeline, when it comes to national security? We have emphasised again and again the breadth of powers. The Minister has said that Ofcom will have the discretion, for example, to require an audit of all operators’ equipment—an asset register audit. It will take significant resource to understand the audit when it comes back. There are significant resource requirements involved that do not necessarily require security clearance but are nevertheless essential to effective security, and the Minister does not really seem to be offering reassurance on those.

Matt Warman Portrait Matt Warman
- Hansard - -

I would say that there is a sensible place to put some of that information, which is the communication to the ISC that I have offered, and there is a sensible place to put other information, which is the annual reporting that already exists. Hopefully the hon. Lady can find some comfort in the fact that both the information that cannot be shared publicly and the information that can will be subject to an appropriate level of parliamentary and public scrutiny.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

As the hon. Lady said, we have addressed various issues relating to the new clause in previous debates. It is important to stress that Ofcom has the resources that it needs. She talked about its ability to face the future, but in our evidence sessions, we talked to Simon Saunders, the director of emerging technology. I know she does not wish to suggest that Ofcom does not do this already, but demonstrably it is already proactively engaged in horizon scanning.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Speaking as someone who was head of technology at Ofcom, I am aware that it engages in horizon scanning. I am sure the Minister will come on to this, but while there might be horizon scanning to understand how markets evolve and what level of competition may be seen in new markets in the future, the new clause deals specifically with horizon scanning for security and security threats. I am sure the Minister will focus on that.

Matt Warman Portrait Matt Warman
- Hansard - -

It is important to say that we have amended section 3 of the Communications Act 2003, to which the hon. Lady alluded, so that Ofcom must have regard to the desirability of ensuring the security and availability of networks and services, so that should be incorporated into the horizon scanning work.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

This is an important point. I do not think the 2003 Act has been amended, since I had it reprinted a week ago. We were talking about the principal duties. Under section 3, Ofcom has about two and a half pages of duties that it needs to carry out, but only two principal duties. Those principal duties do not mention security.

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady is right, but as of 31 December 2020, section 3(4) states:

“OFCOM must also have regard, in performing those duties, to such of the following as appear to them to be relevant in the circumstances…the desirability of ensuring the security and availability of public electronic communications networks and public electronic communication services”.

It is absolutely there, but I fear we are getting into a somewhat semantic argument.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

The Minister is generous in supporting this back and forth in debate. I will close by pointing out that the duty to which he refers is one of 13 duties, so it can hardly be considered a priority. To put it more fairly, to ensure that it is a principal priority, it would need to be elevated.

Matt Warman Portrait Matt Warman
- Hansard - -

I think an organisation of 937 people can cope with 13 priorities. On one level, however the hon. Lady makes a reasonable point, and it is not one that we disagree with. Security has to be absolutely central to the work that Ofcom will do.

I will not restate the points I have made about how seriously we take the Intelligence and Security Committee and how seriously we will continue to take it. We will continue to write to the Committee on topics of interest as they arise and we are happy to continue to co-operate in the way that I have done; however, as I said in the debate on amendment 9, the primary focus of the ISC is to oversee the work of the security and intelligence agencies, and its remit is defined in the Justice and Security Act 2013. Amending the Bill to require regular reporting to the ISC, as proposed by the new clause, would risk the statutory basis of the ISC being set out across a range of different pieces of legislation.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

That may well be the case, but the right hon. Gentleman is not going to win it here—that is the important point to make. It is right not to try to address this issue in the new clause, but the Government will continue to take very seriously the work of the ISC, as he would expect.

Additionally, the new clause is designed to require Ofcom to provide annual reports to the ISC, which would, as the right hon. Gentleman knows, be particularly unusual in the context of the work of the Committee, as Ofcom will not be making judgments about the interests of national security under the Bill, or as part of its wider function. Ofcom’s role as regulator seems not to be something that comes under the purview of the ISC, even if I understand the broader point. As I said earlier, however, the NCSC is very much under the purview of the ISC, and there are plenty of opportunities for the Committee to interrogate the work of that excellent agency. I am sure the Committee will continue to take up such opportunities with vigour, but as I have said before, it would not be right to seek to reframe the remit of the ISC through the new clause. I ask the Opposition to withdraw it.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his comments and for engaging so readily in debate. I have to say that we feel very strongly about the new clause, both for parliamentary scrutiny and for ensuring that Ofcom is looking forward and assessing future threats. With bated breath, I wish to test the will of the Committee on the new clause.

Question put, That the clause be read a Second time.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

On a point of order, Mr McCabe. I put on the record my gratitude, and that of my right hon. Friend the Member for North Durham and my hon. Friend the Member for City of Chester, to you and your colleague, Mr Hollobone, for the way in which you have expertly chaired proceedings in the Committee. I also sincerely thank all House staff who have supported our work here, including those representing Hansard, and particularly the Clerks, who have been absolutely invaluable in setting out our desires to improve the Bill in clear and orderly amendments and new clauses.

I also thank all members of the Committee from both sides of the House. This detailed, technical Bill is critical for our national security, coming at a time of national crisis, when we are braving—all of us: staff and Members—a pandemic in order to be here. We have had an orderly and constructive debate.

Matt Warman Portrait Matt Warman
- Hansard - -

Further to that point of order, Mr McCabe. What fun we have had! It is a pleasure to come to this point in the Bill’s passage. I echo the hon. Lady’s thanks to the House staff and to yourself, Mr McCabe, and Mr Hollobone. I also reiterate her point that this is a crucial Bill—one that I am glad enjoys cross-party support. I look forward to debating its further stages in the House.

Bill, as amended, to be reported.

Telecommunications (Security) Bill (Sixth sitting)

Debate between Matt Warman and Chi Onwurah
Committee stage & Committee Debate: 6th sitting: House of Commons
Thursday 21st January 2021

(3 years, 2 months ago)

Public Bill Committees
Read Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 21 January 2021 - (21 Jan 2021)
Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

It is a pleasure to serve under your chairmanship, Mr McCabe.

We are redefining UK telecoms security, but I worry that we are also redefining the aspiration of the hon. Member for Newcastle upon Tyne Central to crack on, so I will try to be brief. The good news that I can deliver, briefly, is how the aspirations of both the hon. Lady and the right hon. Member for North Durham are met in the legislation, and how we envisage those aspirations’ being implemented.As the Committee is aware, the Government have published an early draft of the security regulations. Certain draft requirements are relevant to the aims that we have talked about today. If hon. Members look at regulation 3(3)(a), with which they will be familiar if they are insomniacs, they will see a duty for network providers

“to identify, record and reduce the risks of security compromises to which the entire network and each particular function… of the network may be exposed”.

That is already there and key to the issues that hon. Members have been talking about.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I had looked at those requirements. I appreciate that they are drafts, but they talk about identifying issues. They do not say “audit”.

Matt Warman Portrait Matt Warman
- Hansard - -

I think this would be impossible to identify without carrying out some kind of audit. There is a danger of a semantic argument, but I understand the point the hon. Lady is making. We want people to be in the position to make the kind of identifications that we are requiring. I do not see how they could do that without the records to which she refers, in terms of both the existing kit and future kit that they might put into their network.

Matt Warman Portrait Matt Warman
- Hansard - -

The regulation that I cited is an example of the Government not relying on assumptions. It is an example of us publishing, in advance, exactly the sort of material that demonstrates that this is not assumptions, and that it is there in black and white. That is an important distinction and it demonstrates the cross-party consensus that we have had thus far. We continue to be on the same page in terms of the level of detail required.

The evidence sessions with industry demonstrated that national providers already maintain some asset registers. Witnesses were clear that those registers are maintained and updated as technologies are updated. That is an important part of the existing landscape, but our regulations will ensure this kind of best practice is extended across public telecoms providers.

In addition, the Bill contains measures with regard to the use of particular vendors’ equipment. Inspection notices under clause 19 enable Ofcom to carry out surveys of a specific network or service where Ofcom receives a monitoring direction from the Secretary of State to gather information on a provider’s compliance with a designated vendor direction. Alongside that, clause 23 enables the Secretary of State to require the provision of information about the use of goods, services or facilities supplied, provided or made available by a particular person. That could be used to require information about a provider’s use of a particular vendor’s equipment.

Taken together, the issues that have been raised are not only entirely legitimate, in the view of the Government, but are addressed in black and white already, both in the Bill itself and in the drafts that we have published. We are ensuring that “hardware of interest,” whatever that might be, is subject to proper oversight and monitoring. That objective does not need the approach that might come as a consequence of this amendment, because it is already there. For that reason, I welcome the probing nature of the amendment. I hope that my answer has satisfied some of the concerns, and I look forward to doing so further in future answers.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

It is a pleasure to serve under your chairmanship, Mr McCabe, and I thank the Minister for his comments. I also thank my right hon. Friend the Member for North Durham and my hon. Friend the Member for City of Chester for their comments. This amendment is probing, so we will not push it to a Division. I would like to say two things to the Minister. Although it is true that the providers were confident that they had an asset anywhere their equipment was, other experts who gave testimony in the evidence sessions were not. My experience of networks is that there are multiple systems and this information is not easily accessible or searchable.

I am reassured by the Minister saying that his view is that these requirements could not be met without there having been some kind of audit, to have that information ready. I ask him to write to me, if possible, stating which provisions in the requirements set that out. I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

Question proposed, That the clause stand part of the Bill.

Matt Warman Portrait Matt Warman
- Hansard - -

It is good to reach this landmark point. I do not propose to go over all the ground we have covered, because we have already covered a large chunk of this in discussing the amendments.

As I mentioned, proposed new section 105A means that telecoms providers will need to take appropriate action to ensure adequate security standards and limit the damage caused by any breaches. To support that duty, the proposed new section will create a new definition of “security compromise”. The definition is purposely broad. It includes anything that compromises the availability, performance or functionality of a network or service, or that compromises the confidentiality of the signals conveyed by it. That addresses some of the points made by the right hon. Member for North Durham a moment ago. This is a comprehensive approach that will help to ensure providers protect their networks and services properly in the future.

Earlier, I mentioned law enforcement and national security. This part of the Bill excludes certain conduct that is required or authorised under national security legislation or for law enforcement from the definition of “security compromise” in subsections (3) and (4). Those subsections also clarify the fact that, for example, disruption of the use of unauthorised mobile phones in prisons would not be a security compromise.

Proposed new section 105B will give powers to the Secretary of State to make regulations imposing duties to take specific security measures. The power will enable more detailed requirements to be imposed on providers, further to the overarching duty set out in proposed new section 105A(1). This will give greater clarity to providers about the measures that they must take. It will also allow the legal framework to be adapted as new threats arise and technology changes.

These security requirements deliver on our commitment in the telecoms supply chain review to place targeted, actionable and proportionate requirements on a statutory footing. Taken together, the new overarching security duty and requirements will, in secondary legislation, make clear what the Government expect of public telecoms providers. The provisions in the clause are crucial for improving the security of our telecoms infrastructure.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

As the Minister says, reaching the end of consideration of clause 1 is a landmark. We are cracking on at a slower pace than anticipated, but it is important that we have rehearsed a number of the arguments that you will hear, Mr McCabe, throughout our detailed scrutiny of the Bill.

Those arguments relate to our concerns with regard to national security, which Labour prioritises, yet we do not see that priority recognised consistently in the Bill; the effective plan to diversify supply chains on which it depends, but which it does not mention; and the scrutiny of the sweeping powers that the Bill will give to the Secretary of State and Ofcom. Those issues all arise in the clause, although we welcome the Bill and the increased duties. Will the Minister clarify the relationship between proposed new section 105A and proposed new section 105B? If he cannot do so now, perhaps he will write to me.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

We are one thirtieth of the way there. The clause will place a duty on providers to take measures in response to security compromises through proposed new section 105C. When managing security, providers should seek to reduce the risk of security compromises occurring under their duty in proposed new section 105A. As security threats and attacks evolve, it will never be possible for providers to reduce that risk to zero. Therefore, should a security compromise occur, it is crucial that providers take swift and effective action to mitigate its effects. Taking action quickly will also help to mitigate the risk of any further incidents.

Mirroring the approach taken in clause 1, the new duty in proposed new section 105C is overarching and sets out a general duty on providers. It is supported by proposed new section 105D, which will provide the Secretary of State with powers to make regulations requiring providers to take specific measures in response to security compromises of a description specified in regulations. Although it will clearly not be possible to anticipate every security compromise that might occur and to set out how providers should respond, this will enable more detailed provision to be made in appropriate cases. Measures can be specified in the regulations only where the Secretary of State considers those measures appropriate and proportionate.

In practice, the first set of requirements will be contained in a single set of regulations made under the powers of proposed new sections 105B and 105D. A draft of the regulations has already been made available to members of the Committee, and published on gov.uk. Regulations made using this power will give providers clarity about the measures that they need to take, and having those measures set out in secondary legislation has the benefit of allowing the regulations to be reviewed as technology and security threats change over time.

In summary, this duty on providers is an integral part of the new framework, which will ensure providers take control of the security of their networks and services at a time when the UK stands on the cusp of a 5G and full fibre revolution. We must keep those technologies secure to enjoy their full benefit, and the clause is essential to doing that.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

We are cracking on: clause 2 is taking but a few minutes. The Opposition recognise the critical importance of our network providers taking responsibility for the security of their networks, and that there can never be a zero-risk network. Given that network communications are ever present in almost every aspect of our life and of our nation’s economy and security, it is right and appropriate that the Bill should put requirements in place, both on the operators and in response to specific security compromises.

I should like to have better understood how we would expect network operators to respond to a compromise such as the SolarWinds one, for example, but I expect that the clause will at least place the right duties on network operators, and I am content that it should stand part of the Bill.

Question put and agreed to.

Clause 2 accordingly ordered to stand part of the Bill.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I rise to support my right hon. Friend’s excellent comments and to add a couple of points on amendment 10, which would require the Secretary of State to consult the National Cyber Security Centre before issuing a code of practice about security matters. My right hon. Friend spoke ably about the amendment’s intent to ensure security input on national security measures. That sounds basic, so I hope the Minister will explain why he feels it is unnecessary to make that explicit in the Bill. My right hon. Friend suggested that perhaps it should go without saying, but as we heard in the evidence sessions and have already discussed, the evolving security landscape and the change that the Bill represents, through the new powers for the Secretary of State and Ofcom, make it particularly important to set that out expressly.

The Bill looks at many issues to ensure the security of our networks from supply chains to requirements on network providers as well as raising technical issues, and Ofcom will need to do a lot specifically, so it is important to have a specific reference to the security function of the National Cyber Security Centre.

It came across clearly in the evidence sessions that Ofcom will not be making national security judgments. Lindsey Fussell said:

“It is important to say that, across the scope of the whole Bill, it is not Ofcom’s role to make national security judgments. That is really important. Clearly, that is the Government’s and the Secretary of State’s role, taking advice from the NCSC and the intelligence agencies.”—[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 89, Q113.]

In introducing the code of practice, it is essential to ensure that security input and expertise. I do not see why the Minister would object to including such a requirement in the Bill. Unfortunately, we are not always as joined up as we would like to be. There are numerous examples of issues that could have been prevented, had agencies of Government done what might have been expected of them and talked to teach other. As the Bill involves network operations and deep technical and security issues, a requirement to consult the NCSC is particularly important, and that is what the amendment would achieve.

Matt Warman Portrait Matt Warman
- Hansard - -

I apologise in advance, having said that we should crack on, for detaining the Committee for a few minutes on this group of amendments. They relate to clauses 3 and 4, which deal with the codes of practice for security measures and informing others of security compromises. Ultimately, the new telecoms framework comprises three layers. There are strengthened overarching security duties set out in the Bill, there are specific security requirements in secondary legislation, and there are detailed technical security measures in codes of practice. Clause 3 deals with the final layer of the new security framework. Specifically, it provides the Secretary of State with the power to issue and revise the codes of practice and sets out the legal effects of any published codes of practice.

Clause 4 addresses what would happen should there be a security compromise. It puts in place a process for users to be informed of significant risks of a security compromise. The clause also places a duty on public telecoms providers to inform Ofcom of any security compromises with significant impacts, and it creates the power for Ofcom to inform other persons in turn, including users.

I turn now to amendment 5, which seeks to ensure that the NCSC is also informed of security compromises. From a drafting point of view, the NCSC is part of GCHQ, and I take the amendment to refer to GCHQ in that sense. Within the new telecoms framework, the Department for Digital, Culture, Media, and Sport will set the policy direction, Ofcom will regulate and the NCSC will provide technical and security advice. As the UK is an world-leading national authority on cyber-security, we expect the NSCS to share its expertise with Ofcom in order to support the implementation of a new telecoms security framework.

For that reason, the Government absolutely agree that it is crucial that the NCSC receives information about telecoms providers’ security. That is why such information-sharing provisions already exist. Under section 19 of the Counter-Terrorism Act 2008, Ofcom or the Secretary of State is able to share with the NCSC any information that would support the NCSC in carrying out its functions. That would of course include the passing on of details of security incidents. Under new section 105L of the Communications Act 2003, which this Bill inserts, Ofcom must report all serious security incidents to the Secretary and State and can pass on information about less serious incidents as well. On receiving such information, the Secretary of State can then share the information with the NCSC, as I have set out. Although these probing amendments are well-intentioned, it is obvious that the provisions are already there.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his response to the amendments. He is focusing on the fact that it is possible for information to be shared, but it is not required. I understand that the Bill as drafted, and preceding best practice, means that it is possible for information to be shared. My concern is that it is not required.

Matt Warman Portrait Matt Warman
- Hansard - -

I understand the hon. Lady’s point, and I will come to something that I think will address it in a moment. Before I do, I will speak to amendments 6 and 10, as they would be functionally identical amendments to new section 105F in clause 3.

New section 105F sets out the process for issuing a code of practice. It requires a statutory consultation on a draft code of practice with the providers to whom the code would apply, Ofcom and other persons such as the Secretary of State considers appropriate. The amendments would apply an additional requirement to formally consult the NCSC when publishing a draft code of practice. I can reassure the Committee that we will continue to work closely with technical experts at the NCSC, as we have done over a number of years.

The telecoms supply chain review demonstrated the Department’s capability to work with our intelligence and security experts to produce sound recommendations, backed by the extensive and detailed security analysis that I know Members of all parties would like to see. That initiated the next phase of the collaborative work that culminated in the introduction of the Bill, and the codes of practice continue that theme. The purpose of such codes is to provide technical security guidance on the detailed measures that certain public telecoms providers should take to meet their legal obligations.

We have already been clear that NCSC guidance will form the basis of an initial DCMS-issued code of practice. The NCSC has already developed a set of technical measures that is in the process of being tested with the industry, and those technical measures have been refined and improved over the last two years. The NCSC will continue to update the measures to reflect any changes in the landscape of threats, as the right hon. Member for North Durham described, and the relationship between the work of the DCMS and that of the NCSC means that such changes would be reflected in the code of practice. Alongside the DCMS and Ofcom, the NCSC will play a key role in advising public telecoms providers on how to implement detailed codes of practice.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I will not detain the Committee very long either, as we agree about the importance of codes of practice. I will not say that I am entirely reassured to hear of the statement being issued by Ofcom and the NCSC on how they will work together, but I certainly think that it is a positive development, and I hope we will be able to see it before the Bill progresses to the House.

On the codes of practice, as my right hon. Friend the Member for North Durham set out, it is important that the sector should understand the standard to which it will be held. I have some concerns about the tiering system, because, as was made clear by a number of witnesses during the evidence sittings, all networks are joined up and we are only as secure as the weakest link. At the same time, it is important to have a proportional burden on new entrants as we indeed hope to diversify the supply chain.

I understand, although perhaps the Minister can clarify the point, that the codes of practice will not refer to the diversification of the supply chain, despite the fact that having a secure network—we shall debate this in more detail—is dependent on having a diverse supply chain. I have made the point a number of times, and will make it repeatedly, that the lack of linkage between the diversification strategy, implementation and the security of our networks is an ongoing cause for concern. However, having made those comments, I do not object to the clause.

Question put and agreed to.

Clause 3 accordingly ordered to stand part of the Bill.

Clause 4

Informing others of security compromises

Question proposed, That the clause stand part of the Bill.

Matt Warman Portrait Matt Warman
- Hansard - -

As with clause 3, I have already spoken to clause 4, addressing an amendment on this issue. It will be crucial that we ensure that the Government, Ofcom, public telecoms providers and their customers have the information that they need to understand when security compromises have occurred, and then use the knowledge to prevent compromises in the future. New section 105J requires that providers inform their users of significant risks of security compromises and actions that they can take to avoid or mitigate any adverse consequences.

We want to ensure that this is done in a transparent and open way, so the clause specifies that telecoms users should be notified in clear and plain language, and given a named contact they can get in touch with if they have any further questions. Giving users that information will help to ensure that, where possible, they can take swift action to protect themselves and raise broader awareness.

New section 105K requires security compromises to be reported to Ofcom. That information will provide Ofcom with insight into the security of individual telecoms providers and security risks across the landscape, enabling us to target its regulatory action more effectively. The Bill also requires that providers report pre-positioning attacks on the network. These are attacks that do not affect the network or service at the time but allow access that could result in further security compromises. These attacks pose real risks but too often remain invisible to a regulator.

Finally, under new section 105L, Ofcom is required to share information about serious security compromises with the Government. It may also share information on less serious compromises if, for example, it would help the Government with developing telecoms policy and future regulation.

The clause explains how Ofcom can share information about security compromise with other groups and organisations, and the Bill allows information sharing at Ofcom’s discretion with overseas regulators, other providers, telecoms users and, where appropriate, the wider public. It allows Ofcom to advise network and service users of the measures that they should take to prevent, remedy or mitigate the effects of the security compromises, to direct providers to give such advice themselves.

The clause ensures that the regulator has access to the information that it needs, and will help to ensure that the entire industry is aware of new and evolving risks and can respond accordingly—be that a customer changing their password or an operator tightening its defences against a new attacker.

Matt Warman Portrait Matt Warman
- Hansard - -

I will pretend I have not finished, and give way to the hon. Lady.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister, as always, for graciously giving way. I will make this point later, but I want to give the Minister the opportunity to consider how the requirement for Ofcom to notify users might work with the Information Commissioner’s requirement on data controllers to also notify users when there is a data hack.

Matt Warman Portrait Matt Warman
- Hansard - -

Obviously, there could be an overlap in those notification requirements, but our expectation would not be that anyone would receive multiple notifications. That is why there is an emphasis on the nature of communications being clear and obvious to laypeople.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

We are cracking on at such a pace that I lost my place somewhat. I had forgotten that we are now discussing clause 4. My apologies, Mr McCabe.

My right hon. Friend the Member for North Durham has already addressed some of the points that I wanted to make, but let me say that we welcome the duty being placed on providers to report security incidents. I have long campaigned, in relation to cases such as the TalkTalk incident, to make that duty clearer and more comprehensive regarding the information that needs to be shared with users and those who are affected, and for them to have some kind of right of redress, which is effectively part of the Bill.

I welcome the requirement in clause 4 to inform others of security compromises, but will the Minister provide more clarity? There is some indication of the range of actors that the providers and Ofcom must inform, but I do not feel that there is an understanding of the level of information that will be shared with different actors. For example, if the public are to be informed of a security breach, compared with the requirement from the Information Commissioner’s Office, which, as I said, actually goes far enough, what level of information might be shared with other actors, such as other networks? My right hon. Friend talked about who else might be informed. It is also clear that the sharing of information will probably need to evolve over time, as the nature of compromises and their potential reach changes. I wonder how these requirements might be adapted to reflect that.

I will just say a little about the sharing of information with overseas regulators. If that is clearly set out in the Bill, I am unable to find it. Presumably, such data sharing will still have to conform with the requirements of our data protection legislation. Will it also reflect international data-sharing gateways for criminal prosecution purposes?

Those are just some general comments. We welcome the clause.

Matt Warman Portrait Matt Warman
- Hansard - -

I will reply briefly. On the point about compensation, essentially new section 105W of the Communications Act 2003, which is inserted by clause 8, covers the civil liability point, which I think opens the door that the right hon. Member for North Durham seeks to open. Then there are the notifications to industry of what is essentially best practice and recent threats. Of course, as he implied, there is a balance to be struck with the existing work of all those involved, but ultimately it would feed into the codes of practice, so there is both an informal and a formal mechanism, if I can put it like that.

On the hon. Lady’s final point about the international sharing of information, it would depend on the nature of the information, as she implied. Some of it would pertain to national security, and some of it would pertain to the kind of criminality that she has spoken about about, where there are existing provisions as well. In that sense, of course, it is all covered by our own data protection regime, which has the sorts of carve-outs I have just described but operates in that holistic framework.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

As I said in response to the hon. Lady, there is obviously a potential overlap. The focus of this Bill is on clarity of communication to the consumer, but I am very happy to write to the right hon. Gentleman or the Committee with further details of that potential overlap.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

The Minister is being incredibly generous with his time. To clarify what we are hoping to receive, as he has indicated, we would not want the ICO to be sending out notifications to 2 million people who had been affected by a hack, and Ofcom to be doing that as well. We would expect there to be co-ordination in that regard, and we would just like to see that set out.

Matt Warman Portrait Matt Warman
- Hansard - -

I am very happy to do so. I think it is obvious that clarity of communication would be incompatible with duplication.

Question put and agreed to.

Clause 4 accordingly ordered to stand part of the Bill.

Clause 5

General duty of OFCOM to ensure compliance with security duties

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I rise simply to support the excellent speech made by my hon. Friend the Member for City of Chester. I thank him for his very kind words. In the amendment, he makes an important contribution in ensuring that Ofcom knows what it needs to know and in putting the onus more firmly on the network providers. I simply ask the Minister to respond to the points that my hon. Friend made in his concluding remarks about being forward-looking.

A challenge for us as a nation in securing our networks during such fast-paced technological change is looking backwards to the problems we have had rather than forwards to the evolving and new threats. During the evidence sessions, we were accused of fetishising 5G as if that was the only security challenge, because of the visible problem with Huawei, and that we were not looking more broadly. I admired Ofcom during my time there because it was set up to be a forward-looking regulator. To achieve that aim, when it comes to the sweeping new requirements around security that are placed on it under the Bill, it needs to be able to see what changes are happening and are likely to influence future evolving threats. To do that effectively, amendment 11 requires the network providers to notify Ofcom of planned or actual changes.

It is worth remembering that—I made this point earlier—if BT had been required to notify Ofcom or another body of changes to its network as Huawei moved to a greater and more dominant position in its network, that might have rung alarm bells more generally. We have also already mentioned the shift that we are seeing on the importance of software and software configuration and services in controlling the network. Requiring providers to notify Ofcom of planned or actual changes to the network would make that evolution more easily visible and therefore provide Ofcom with greater visibility of how all our networks are evolving and what new threats may arise as a consequence.

Matt Warman Portrait Matt Warman
- Hansard - -

The amendment would add to the general duty in clause 5 that places on Ofcom the duty to ensure that providers comply with their security duties. The duty as written in the Bill makes clear Ofcom’s increasing role. The duties imposed on public telecoms providers in the Bill are legally binding, so as the Bill is written providers should not be taking decisions that would prevent them from complying with those duties in the future. If they were not to comply, they would be in breach of their legal duties and liable for enforcement action, including the imposition of the significant penalties set out in the Bill.

The underlying purpose of the amendment—that Ofcom should take a proactive role in regulating the regime—is already core to what is in the Bill and the Government absolutely agree with the principle that the hon. Member for City of Chester set out. We need to ensure that Ofcom has the tools to be forward-looking so that, in a world of fast-changing technologies and threats, it can understand where operators are taking their networks and how that will affect their security. That is an absolutely essential part of the Bill.

Matt Warman Portrait Matt Warman
- Hansard - -

I think the Bill is perfectly drafted down to every comma and punctuation mark. To be slightly more serious, what we have sought to do in the drafting is to strike the balance between proportionate regulations and the overarching requirements for national security. That is the balance that we have struck and it is exactly for that reason that we already do in the Bill what the hon. Member for City of Chester and the shadow Minister seek with the amendment.

In section 135 of the Communications Act 2003, as amended by clause 12, Ofcom is already allowed to require information from providers about the future development of networks and services that could have an impact on the security of the network or service they are providing. That would enable Ofcom, for instance, to assess the security risks arising from the deployment of a new technology or from the proposed deployment of a new technology. For those reasons, I hope that the hon. Members are reassured not just that the Bill does what they seek, but that previous drafts of the Communications Act already did so.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for giving way; in doing so, he shortens what I will say later. I think the Minister is saying that Ofcom has the power to require information, which is true, but the amendment is about providers proactively giving that information. Ofcom cannot request information about a change to the networks that it does not know is happening. I am hoping that perhaps what the Minister is implying is that he would expect Ofcom regularly to review what was changing in the networks and therefore make those requests for further information. Could he clarify that point?

Matt Warman Portrait Matt Warman
- Hansard - -

The sort of horizon scanning that the hon. Lady describes is core to all essential regulation, and the relationship that Ofcom has with those whom it regulates promotes the ability to have such conversations. But as I said, the key point is that an operator that proposes knowingly to introduce a risk into its network would clearly not be complying with the statutory provisions of the Bill. That is the essential nub of the issue.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I enjoyed the semantic gymnastics by the hon. Member for City of Chester as he tried to expand the scope of the Bill, but I shall try to stick to what is in it. There is a lot of consensus across parties, so I shall resist the temptation of saying that £50,000 is a demonstration that Labour is willing to put a price on national security, which this party will never do, but I understand the points that he makes on both fronts.

The clause provides Ofcom with strengthened powers, including powers to give assessment notices to a provider, that are vital to enable it to fulfil its expanded and more active role. Assessment notices are an important new power in the regime that will give Ofcom tools to assess fully a provider’s security and the extent to which it complies with its security duties. It is Ofcom’s intention that when assessing a provider’s compliance, its first port of call would be to use its information-gathering powers under section 135 of the Communications Act 2003. Ofcom would then use its power to give an assessment notice if it wanted to check the veracity of the information or to follow up a security concern. While Ofcom will therefore use its powers in a targeted and proportionate way, it is also the case that a provider with good security practices would expect to be subject to a lighter-touch assessment. Providers’ duty to bear the costs of assessments will therefore have an incentivising effect.

The amendment would insert a new subsection into new section 105N, limiting the costs that Ofcom could incur in carrying out an assessment. Fundamentally, a hard cap of any sort will always be an arbitrary number which will potentially put an additional hurdle in place. It might be necessary for some of those tests to require genuinely extensive assessment—penetration testing, or red teaming, as exercises are sometimes called, where penetration tests mimic the action that an attacker might take to access the network. Those attacking actions may of course be from sophisticated sources, and the costs of mimicking them in an entirely legitimate way could be substantial; but it is right, in the interest of national security, that Ofcom does not reduce the quality of its testing. We would not seek to limit that either, notwithstanding its independence.

I can offer the Committee some reassurance, however, that Ofcom’s assessment costs will not be excessive. It has a general duty to act proportionately and to follow other principles representing regulatory best practice. Finally, a provider’s duty is to pay only such costs as are reasonably incurred by Ofcom in an assessment, so there is a balance there.

As to the proposed new subsection that would limit those able to carry out assessments to Ofcom or a UK Government agency, the assessments, as the hon. Member for City of Chester knows, may be complex and need specialist skills. Methods such as penetration testing might need specific technical skills and we should not limit Ofcom in that way. However, we should also bear in mind, as the hon. Member for Newcastle upon Tyne Central mentioned, that the independence and expertise of Ofcom is the greatest bulwark against such entirely unfounded but legitimate concerns as those raised by the hon. Member for City of Chester, about who might be appointed by this or any Government to carry out a task in the national interest. None of us would want—and I do not suggest that the hon. Gentleman is doing this—to get into the business of questioning Ofcom’s independence in performing the tasks in question.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I am somewhat concerned at the implication of what the Minister says. We cannot put a price on national security, and Ofcom has a role. In an evidence session, Ofcom’s representatives said that although its role excludes any question of its making security decisions, it would ensure compliance, yet now the Minister seems to be saying that Ofcom will not have the skills to ensure compliance. I agree that there are specialised skills. Penetration testing, for example, is a specialised skill, but I would argue that it is a skill that Ofcom should take on as part of this new remit. I say again to the Minister that the skills needed to ensure compliance should be within Ofcom’s remit, or should be better defined.

Matt Warman Portrait Matt Warman
- Hansard - -

Ofcom itself is best placed to exercise discretion as to whether it should carry out those assessments in-house, or whether it should have the flexible capacity to have the capability brought in as necessary. Ultimately, I do not think that anyone would wish to prevent Ofcom from having the ability to do what it thinks necessary by forcing it to use in-house staff only, because we cannot predict the future, as Members on both sides of the Committee have highlighted. Although the cause that the hon. Member for City of Chester is pursuing is a noble one, its unintended consequence would be to constrain Ofcom in both the expertise that it has at its fingertips and the costs that it might incur. We would not want to limit Ofcom’s discretion to make those decisions as an independent organisation.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Actually, the amendment would not limit Ofcom’s discretion to bring in additional resources or skills. It would limit Ofcom’s discretion to Government agencies or organisations within the public sector, which, on matters of national security, we should be able to do.

Matt Warman Portrait Matt Warman
- Hansard - -

If the hon. Lady were right, the only people from whom we would have heard evidence over the last few days would have been public sector employees. She knows just as well as I do that the cyber-security sector is a vast mesh of public and private expertise, which is inevitable given that we have private networks offering communications services. Although I understand her point, and I am all for Ofcom having as much expertise as it needs to do its job properly in-house, I simply do not think that we should constrain what it can access in the way that the amendment would.

On this, I think we probably agree on far more than we would perhaps like to admit, but the reason that this is a probing amendment, as the hon. Member for City of Chester said, is because imposing artificial constraints would not be beneficial to Ofcom’s work. We understand what he said, however, and in broad terms, the Government agree.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I will go very briefly over the diversification strategy, which is essentially a £250-million initial tranche of investment to diversify the UK network, with a focus, to a certain extent, on open RAN, as the hon. Lady said. On the information that she would require, I agree with her so comprehensively that the provision is already in the Bill. Section 135 of the Communications Act 2003, as amended by clause 12—she is right that the provision is not in this clause—provides Ofcom with the power to gather information on diversification where Ofcom considers the information necessary for the purpose of carrying out its functions. Clause 12 specifically provides that such information can include information concerning future developments of a public electronic communications network or public electronic communications service that could impact on security. As I said, I agree with her so comprehensively that we had already foreseen the issue and the provision is already in clause 12. The addition of it to this clause would not change that fact. I hope that that provides—

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for those comments. He says that the provision is already in clause 12. This is obviously down to my lack of studying, and I thought that I had studied every line of the Bill, but where specifically does clause 12 refer to diversification of supply chains?

Matt Warman Portrait Matt Warman
- Hansard - -

The approach that we have adopted across the Bill is that powers such as those in clause 12 are more than wide enough to cover exactly what is needed. What I am essentially saying, I suppose, is that the legal interpretation of clause 12 absolutely does what the hon. Lady seeks, because it is an absolutely essential part of one of the purposes of the Bill. That is why I hope she can take the necessary comfort to withdraw her amendment.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I am very happy to write to the hon. Lady to clarify why it is our belief that the Bill does that. What I would say is that the kind of specificity that she seeks would have the unintended consequence of narrowing what we do, rather than retaining the broad powers that we have in the Bill. As has been the case so often today, we do not disagree on the intent that she is seeking to obtain, and that is why the Bill is drafted as it is. As I say, I am very happy to write to her to try to clarify some of that.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

We all agree that the Minister is someone whom we like and who has the best intentions. On that basis, and on the basis that we can table further amendments at this stage or on Report if his letter of reassurance should not be sufficiently reassuring, I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

Ordered, That further consideration be now adjourned. —(Maria Caulfield.)

Telecommunications (Security) Bill (Fifth sitting)

Debate between Matt Warman and Chi Onwurah
Committee stage & Committee Debate: 5th sitting: House of Commons
Thursday 21st January 2021

(3 years, 2 months ago)

Public Bill Committees
Read Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 21 January 2021 - (21 Jan 2021)
Matt Warman Portrait Matt Warman
- Hansard - -

I simply say that, as the right hon. Gentleman knows, the NCSC and others already work very closely with the networks. What he seems to be talking about, in some ways, is a very day-to-day way of talking about security concerns. That happens a lot already, and what the codes of practice and other documents will do is set up the framework by which that is formalised. As he knows, that process of very quick action being taken as soon as something is spotted, both by the networks themselves and by our agencies, is already well established, and the Bill gives considerably greater force to it.

As the right hon. Gentleman knows, the Bill is aimed at ensuring that providers take responsibility for the security of their networks and services in a way that has not happened, in legislative terms, in the past, and it then provides the Government with the powers that we need to enforce that. In so far as any supply chain components give rise to risks to the security of a network or service, new section 105A already requires providers to take appropriate action and proportionate measures to identify those risks. I appreciate that this is a probing amendment, but in a sense what the right hon. Gentleman is seeking to do through it is already there, and it will be enforced in the documents, such as the code of practice, that I have mentioned.

Furthermore, the addition of the presence of a supply chain component as a security compromise would not be consistent with the security framework’s definition of a security compromise, but I do not think that we need to get into too much detail about that in the context of a probing amendment. The concept of a security compromise is used in other provisions in the Bill, and it is important that we are consistent.

More fundamentally, the right hon. Gentleman’s amendment would put the onus on providers, rather than the Government, to determine a national security risk, but, as he implied, it is absolutely down to the NCSC and, ultimately, the Government and agencies to make that definition. Placing the responsibility for determining what does and does not constitute a threat to national security on the shoulders of all individual providers is not the right thing to do, and I think, to be fair, the right hon. Gentleman is not really suggesting that it is, either.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for the way in which he is addressing these important proposals. I think that his concern is that this amendment would put the responsibility on the providers rather than the National Cyber Security Centre, and I understand that, but can he say a little about the following matter, because it is the providers that know their networks? The National Cyber Security Centre is excellent, and we have huge admiration for it, but in terms of the supply chains, changes to the supply chain and new components evolving, how does he envisage that, day to day, working effectively without an amendment of this kind to put this requirement on the providers?

Matt Warman Portrait Matt Warman
- Hansard - -

As I have said, new section 105A partly provides the legal basis that the right hon. Gentleman seeks, but in practice no one is suggesting—the Secretary of State talked about this on the Floor of the House—that it is solely the name on the box of a piece of kit that defines international security status. We are not naive to the possibility of the supply chain being another vector of attack. That would be reflected in codes of practice and elsewhere around the legislation.

Public telecoms providers can and should consider the security of the resilience of their networks and services throughout the supply chain in a sensible and proportionate way. National security considerations are inevitably much broader than the issues that can be addressed solely by private companies. I think that is reflected in the distinction drawn up in this Bill.

The amendment would have implications for Ofcom’s monitoring and enforcement of providers’ compliance. The Bill includes provisions for Ofcom to collect information on behalf of the Secretary of State in narrow and specific areas related to national security, but this amendment would require Ofcom more actively to take some of the compliance judgments. In the evidence session the right hon. Gentleman was keen to see that it was not asked to make those judgments.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

In so far as codes of practice will be published by Ofcom, the answer to the right hon. Gentleman’s question is yes. The more nuanced answer is that it is a co-production between Ofcom, the Government, NCSC and others.

To conclude, the Government are immensely sympathetic to the issues that the right hon. Gentleman and the hon. Lady seek to probe, but we take the view that this amendment would do something that is, ultimately, already covered in the Bill. I hope that, in that spirit, she will withdraw the amendment.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his response. I am concerned that there is not greater clarity on the role of the supply chain components and the supply chain more generally. We will come to that in further amendments. Given where we are and how we got here, we must take a forward-looking approach to future risks and vectors for risks. This amendment is important in probing that, but I do not seek to put it to a vote. I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I will not detain the Committee long, given that my right hon. Friend the Member for North Durham made such excellent points. I will add one point of consideration, which again, his modesty may have forbidden him from making.

The amendment goes to the heart of our concerns about the scrutiny of the provisions in the Bill. I say again for the record that we support the wide-ranging powers that the Bill gives the Secretary of State, but those powers must come with appropriate scrutiny, not because scrutiny is a “nice to have” or, as my right hon. Friend said, because the ISC needs further work, but because scrutiny of the provisions is essential to the good working of the legislation in practice.

Considering specifically the impact of the requirement to remove Huawei at this stage in our 5G roll-out—the economic impact, the cost to the providers and the cost to our economy—we recognise that it is the right thing to do, but we must also recognise the cost of doing it. Back in 2013, the ISC was one of the first parliamentary organisations to raise the issues around Huawei. I truly urge the Minister to accept this constructive amendment to support the appropriate provision of scrutiny.

My other point is more about the working of the clause, which gives the Secretary of State the power to make regulations that require providers to take specified security measures. As we know, the telecoms security framework and telecoms security requirement, to which all providers must adhere, will be set out in delegated legislation. In his response, will the Minister give us some idea of why the Secretary of State might need to set out additional specified requirements that are not in the draft of the TSR that he has published? Is the intention of the clause to enable him to set out additional specified requirements, or is it to enable him to highlight particular specified requirements that he does not think the providers are meeting quickly enough? In either case, does that not suggest that there are particular security concerns, either about providers or about the circumstances, that require these specific security measures? To come back to my first point, does that not highlight for those concerns to receive parliamentary scrutiny, with the appropriate clearance, which is to say that of the Intelligence and Security Committee?

Matt Warman Portrait Matt Warman
- Hansard - -

I start by acknowledging the incredibly important work that the ISC does. Its role in overseeing the work of the UK intelligence community is vital to maintaining public trust, as the right hon. Member for North Durham described, and its members make important contributions to public debates on national security matters of all kinds. The right hon. Gentleman has done that for a number of years. Because he is a member of the ISC, he will know that I have proactively engaged with it on the substance of the Bill. I did so enthusiastically—if any Minister can ever regard a Select Committee appearance enthusiastically—and in recognition of the interest that I knew that Committee would have in the Bill. I will be writing again to the ISC on a number of matters raised in the Bill, and I have instructed officials from my Department to continue to engage with the ISC as the Bill proceeds through Parliament, building on the work that it has already done and on the transparency that we have already demonstrated by publishing the draft of the security framework regulations on 13 January, copies of which have been provided to the members of the ISC and a number of other interested Committees. I hope that all that demonstrates the Department’s commitment to working constructively with the ISC, despite the fact that, as the right hon. Gentleman said, DDCMS does not normally fall within the ISC’s formal remit.

It is none the less important to acknowledge that the ISC is not the only legitimate avenue to scrutinise this framework. We fully intend to make use of all the appropriate parliamentary procedures.

The regulations and the explanatory memorandum accompanying them will all be there for the ISC to scrutinise. There is also further guidance to providers in connection with the measures specified in the regulations that can be provided in the code of practice, which must be published, with a copy laid before Parliament. Also, beyond the usual arrangements for secondary legislation, new section 105Z of the Communications Act 2003 provides for Ofcom to produce security reports. Clause 11 of the Bill enables those reports to be published by the Secretary of State, and clause 13 provides for a review of the effectiveness of the framework, including any regulations, after five years.

It is in that context that I point to the enthusiasm with which we have engaged with the ISC. We will continue to do so and ultimately—this is perhaps the reason why the right hon. Gentleman described this process as an ongoing campaign, rather than something that we should address piecemeal—the ISC is clearly defined in the Justice and Security Act 2013. I do not think it would be right to address the memorandum of understanding that he referred during our consideration of the Bill. We should not go at it in piecemeal fashion. The role of the ISC as set out in that MOU is to oversee the work of the security agencies, to provide oversight of certain intelligence or security matters within Government. Ultimately, if the right hon. Gentleman wants to change the MOU, that is a broader issue for him to take up. I note that he is not the only Member of this House to have made that point, but it is not my place to take a view on the role of the ISC; that should be for the ISC itself.

I am confident that we will continue to engage with the ISC; I personally will certainly do so. I know that the DCMS Committee will continue to take an interest, and I will simply say that we will co-operate as fully as possible. I will set out more in the letter I mentioned, and I look forward to the future salvos in the right hon. Gentleman’s campaign.

Telecommunications (Security) Bill (Third sitting)

Debate between Matt Warman and Chi Onwurah
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q I see that William wants to come in. I just want to say that we have also been told that there was a major difference between fixed and mobile architecture when it came to security issues. You seem to be saying that there may be differences, but there are security issues within fixed networks as well as within our mobile networks.

Emily Taylor: Generally, our standard of security across the board is not as high as it should be.

Professor Webb: I realise that Chi had also asked me how the UK can strengthen its ability to provide diversified supply chains, and I did not address that.

I want to pick up on something Emily said as well. I think she is absolutely right—the UK has a great number of really excellent engineers, both in universities and in leading consultancy-type organisations. Here in Cambridge there is a plethora of wonderful consultancies and start-up companies. In my experience, the biggest problem is actually finance. To try to raise the finance to get a start-up company off the ground, particularly one that sells to operators who have huge purchasing power and tend to squeeze all their vendors—quite naturally—is very difficult in the UK. It is much easier in the US. Addressing the ability to provide finance for those kinds of entities and, to Emily’s point, allowing them to exist for many years rather than to be bought as part of that financial process would help more than anything else, for the UK to grow its own major players in this space.

Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

Q Thank you for your comments so far. You will have seen in the diversification strategy that we completely agree with the points you have made around standards and the importance of international co-operation, so I will not go further into that. But it is interesting that a lot of what you have talked about is the diversification strategy rather than the Bill itself. In terms of where we have put increased duties on Ofcom, for instance, where do you feel that there should be more in legislation, rather than in the diversification strategy itself? It seems that tying our hands is not what you are asking us to do, but there is obviously a balance there, isn’t there?

Professor Webb: Yes, I think there is a balance. I do not have strong views on that. The legislation appears to be sufficient and flexible in this space. I think the issue is the way it is implemented, and particularly the downstream actions of the Government and of Ofcom might need a bit more care.

Emily Taylor: The legislation is creating a framework, and a lot of that will be filled out through statutory instrument and the codes of practice that are envisioned. I imagine the codes of practice will reflect the TSRs to a large degree. Thinking particularly about how the legislation might impact on the wish and the essential need to diversify, it imposes very high levels of liability for providers, and almost unlimited duties on everybody for the smallest infractions. That is William Webb’s point about proportionality.

As the measures come to life through secondary legislation, codes of practice and the actions of Ofcom, it is going to be very important that there are checks and balances. I am not sure whether the Committee is hearing from any civil society groups, but I am sure they would be worried about the very wide discretion for the Secretary of State. There is a lot of concentration of power in the Secretary of State and, perhaps, insufficient safeguards, as things are currently drafted.

Also, on the provisions that relate to the identity of the supplier—the nationality—rather than the qualities of security, which I think are the more relevant points, of course identity and nationality can be relevant, but there may need to be more of a look there to ensure that we are on the right side of potential risks of discrimination.

Telecommunications (Security) Bill (Second sitting)

Debate between Matt Warman and Chi Onwurah
Committee stage & Committee Debate: 2nd sitting: House of Commons
Thursday 14th January 2021

(3 years, 2 months ago)

Public Bill Committees
Read Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 14 January 2021 - (14 Jan 2021)
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q You seem to be saying, then, that you are in a position to compete with Nokia and Ericsson as of today. Is that what you are saying?

Chris Jackson: We would not compete with Nokia and Ericsson in terms of standard RAN, but the whole idea is that we would look to bring open RAN technology. That is the direction that NEC is supporting. If you ask me whether we could step in today and provide that capability, we believe yes, we could.

Matt Warman Portrait Matt Warman
- Hansard - -

Q Again, I thank both NEC and Mavenir for the productive conversations that we have had already about getting involved in UK networks. Obviously, one of the things that was in the diversification strategy is the project with NEC—the NeutrORAN project that we have talked about a little bit today already; and I hope we could do, if possible, something similar in the future with Mavenir. What is striking about the NEC project—it is genuinely significant for UK networks —is that it is a £1.6 million initial jolt of funding. First, Chris—but I am very interested in Mavenir’s perspective as well—will you say a little about how Government can best target the funding? One of the things that we learnt in our previous discussions with you was that this is not solely about the scale of the funding but about the targeting, the way in which we do it and how we get the best value for taxpayers. Chris, will you say a little about that, then we can hear from Mavenir about what the equivalent sort of things might be?

Chris Jackson: First of all, thank you very much indeed, Minister, for support in that particular trial. We believe that this is very important, because it has given us the opportunity to showcase 4G and 5G open RAN capability with multi vendors, and we are doing it in supporting the share of your network, which we know is an important KPI for the UK Government, in terms of increasing that capability across the UK. They want to ensure that the investment is targeted at areas within the UK—where the UK will receive the most benefit—and, more importantly, or as importantly, an opportunity for a trial that brings multiple companies together. So, although NEC is leading this particular trial, we are working with a number of other companies to bring this overall solution together. That is exactly what open RAN is trying to embrace, and that is the way forward. We would be delighted to work with Mavenir; we are already involved with Mavenir as well. That is not a hurdle or obstacle for us.

Stefano Cantarelli: There are several angles. The first one is the neutral hosting. I would like to draw attention to the fact that we have already done work with British Telecom, two years back, on neutral hosting, so that has now been talked about for a long time. Also, you might have noticed in the market that companies—the one that comes to mind is Vilicom—have been doing this type of thing, where they deploy Mavenir infrastructure to provide neutral hosting capabilities. So, we are fully supportive and believe that this kind of funding is particularly important.

We understand that that there is some interesting funding. We are in discussion with DCMS. We are discussing some projects that we believe will boost a lot of the innovation in this space. For example, we are trying to get funding for our R&D activities for open source software that could boost the availability of radio units. We say that the radio unit is hardware, but in reality there is of course a bit of software on top. This type of software, which is mainly interfaced towards the rest of the software and the control of the operation and maintenance activities, is not differentiated for each radio unit; it is just standard. By having an open source like that, you can fundamentally get the radio vendors to focus on their IPR for analogue development and being able to produce a radio unit with different frequencies, as Pardeep said before, which we believe could boost the market. That type of funding is particularly useful, because it is aimed at boosting the market and giving availability in the open RAN of these radio units.

I would also like to add that most of the frequencies that are used today in the UK are available in our view for open RAN, so I do not see that as a problem. But that type of investment is particularly important—in R&D—so the trial that you have funded in the first round of the 5G Create programmes is particularly useful to get learning and experience. As I said, in the SONIC, we are particularly active, although that is not a 5G Create programme but a different one. We believe that in the second round, you can focus on funding some R&D specifically to boost the ecosystem of the open RAN.

Matt Warman Portrait Matt Warman
- Hansard - -

Thank you.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q I wholeheartedly agree with that last comment about the importance of competition, particularly in the supply chain. That is my experience as well, in terms of building out networks. I am just struggling to understand why Vodafone, Three and O2 said earlier that there were only two full-service suppliers in the UK, when Mavenir is saying to me that you could supply a 2G, 3G, 4G or 5G network within a year. I am struggling to understand how that works. Is it a question of the network operators not being prepared to commission you? Is it an issue of price, complexity or management? Why are you not considered a full supplier by the existing network operators in the UK?

Stefano Cantarelli: Let me just address that initially before anyone else. We are a supplier in other places in the network, so they consider us a reliable supplier. We supply voice services, messaging services and everything else. You mentioned the initial deployment of open RAN by Vodafone this morning. That relates to us, because we are the supplier that it has deployed and is continuing to deploy. We are actually deploying sites for it.

I think that you have to look at two aspects when you are on an operator’s side. I am speaking from experience. It is not just about the technology; it is also about your processes and how you are able to move forward and change your mindset. I think that operators have a lot of complexity. We sympathise with them, of course—it is not an easy environment—but there are a couple of mindsets that they need to over-pass, if you let me use that word.

First, the world is changing. It is not hardware and software together; it is software and hardware disaggregated, and that of course requires some different capabilities. It is the same as when we passed from circuit voice to packet voice. Some people here may not get the example completely, but it is just a different point of view. That does not mean that it is more complex or whatever; it is just a different point of view, and you need to change. We know that change is not an easy thing. That is the first aspect that we need to take into consideration.

The second aspect is that, despite the technology that is available, you still need to consider the in-life service that you need to swap over. You have to consider that you did some planning or design based on certain principles that were available before, and you need to rethink how you are going to do that. For example, most of the 5G deployed today just uses additional frequencies on the existing sites that they have deployed with 4G, 3G and 2G. This is not what I consider full 5G, with all the characteristics of low latencies and so on. You need to start to think about the densification of sites. The Government can help a lot—with policies, by helping to define new capabilities, and by allowing the operators to change their architecture by enabling them to get more sites, and get permits more easily to build new sites.

These sites will not be like sites today; on these sites, there will be lot of carriers, a lot of technologies, and a lot of frequencies. As Pardeep said, a site today is probably just a radio unit that connects, through an internet connection—not necessarily just fibre—to a software data centre. These things are more important, and they are the reason why, although operators are in the middle of that transformation, it is taking a bit of time.

Telecommunications (Security) Bill (First sitting)

Debate between Matt Warman and Chi Onwurah
Committee stage & Committee Debate: 1st sitting: House of Commons
Thursday 14th January 2021

(3 years, 2 months ago)

Public Bill Committees
Read Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 14 January 2021 - (14 Jan 2021)
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q I ask these questions on behalf of Catherine West. Vodafone runs networks across Europe, and so does Three, whose owner is headquartered in Hong Kong, and O2, which is owned by Telefónica. Does the Bill duplicate or reflect legislation that you have seen elsewhere in your operations? What international comparisons are you aware of? Also, we have talked about standards being a key part of international collaboration. How many people, or what presence, do you have on international standards bodies?

Derek McManus: Basically, we have not seen anything directly like the UK legislation, although various forms of it can be seen internationally. The second question was on standards. We operate in 23 countries, and as you can imagine, their standards are key to us. We hold a lot of expertise, from a Telefónica group point of view, that the UK team is able to rely on and work with to ensure that we are at the very edge of developing the right standard.

Andrea Donà: As the Government plan to take a lead in enhancing the minimum security requirements, and in diversifying their telecoms strategy, we as a global company are happy to support the standard setting, and to advise on the practical implementation of the additional security requirements.

Patrick Binchy: I refer to Derek’s answer. We have a very similar position with regard to the UK legislation: we have not seen quite the same in the other countries. On standards, we play an active role, and we have a number of UK staff who act actively in standards setting.

Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

Q Thank you to all of you for your engagement today and with the Government up to this point. Given the time, I have one, simple question. The Bill is setting up a new telecoms security framework to enhance network security. How confident are you that you will be able to comply with that in full, and what else would you like to see from the Government to enable you to do that?

Andrea Donà: We need the clarification that I mentioned of what is, and what is not, in scope, so that we have absolute clarity from the word go. We all work together to understand the profile of that implementation. It cannot be a big bang—everything complying from day one. We obviously need to do a detailed risk assessment of the areas that we need to work on immediately on the Bill’s coming into force, and of what can afford to be done at a secondary stage, based on the risk assessment and the risk management analysis of the various assets in our network.

Derek McManus: As I said in my opening remarks, collaboration to date on getting the Bill to this stage has been positive. We should continue that. My request is for flexibility to help us execute effectively, while balancing the other demands on the industry.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q Do you not think resilience is part of security? Is a network secure if it is not resilient?

Alex Towers: I think they overlap and that is one of our questions about the drafting of the Bill. There is clearly a relationship between those two things, and the concern about the timeframes for the removal of Huawei, for example, has been partly about ensuring that we have operational resilience during what is going to be a very complicated engineering programme to take out all its kit without losing resilience, in the sense of outages and blackouts for customers. Some of the Bill’s provisions talk about outages, but there is a difference between outages for operational maintenance and updating of kit and outages because of a security issue or attack. It is going to be quite important to pull those threads apart a little bit.

Howard Watson: On the vendor point, to summarise the approach that we are taking, we stopped purchase at the end of December, we will stop deployment in September of this year, we get down to 35% by two years hence from the end of next week, and then we have it removed from the mobile network by December 2027. I think that timeframe works well for us with introducing effectively a third supplier into our mobile network in terms of that 2027 point. It certainly helps mitigate any future steps in terms of a two-to-one.

I would not bank on it taking a full eight years to have an open RAN opportunity. As we heard from Andrea, colleagues at Vodafone have already started deployment . The real challenge there is about being able to use open RAN in dense urban areas where the technology works at its hardest, shall we say.

On your final question about research, we are in the top five investors in R&D in the UK—we invest in excess of £500 million a year across both research and development. In fact, the only companies that research more than us in the UK are the pharmaceuticals. I have 280 researchers based in the BT labs at Adastral Park near Ipswich and they, plus a standards organisation —we also draw in from engineers across my organisation—remain really actively involved in the standards bodies. I welcome what colleagues from the other operators say and think it is really important that we maintain that as a UK presence and as a European presence to ensure that we are not lost in the middle of any risk of divergence between the US and eastern and Asian countries and China. I would implore us all to work hard to ensure that that does not happen.

Matt Warman Portrait Matt Warman
- Hansard - -

Q Thank you to BT for your engagement thus far. I have two questions. The first is the same question I asked the other operators and is about the telecoms security framework. How confident are you that you will be able to comply with all the strictures in that? Secondly, to develop one of the questions that you have just answered, 2027 is very much a deadline and not a target. It is important that we hear more about your ability to meet that target. How taxing is that? How do you plan to make sure that everything you do can encourage the presence of a third—or more—vendor over the time we have between now and then?

Howard Watson: Let me take the final part of that question first, Minister. We are very much aware that that is a deadline, not a target, but we welcome the fact that the deadline is 2027. I have given evidence previously and have talked with Government significantly about the real risks to the availability of service if we pull that date forward.

We have a lot of infrastructure. That deadline allows us to plan carefully how we can switch off a site, if we have to, to replace it and swap it out, so that the spike has overlapping coverage from adjacent sites. Were we to be required to bring those timescales forward, we would be talking about mobile blackouts in the UK, which clearly we all want to avoid, given the increasing dependence of UK citizens on networks. We have a plan that gets us to that. The 35% by 28 January 2023, just two years away, is a little bit more challenging, but we have a plan to get us there. The pandemic is making that challenging, but right now we are on track for that too. I think that answers the second question.

In answer to your first question, the ambition that we have, and what will become requirements across the TSRs, will put the UK ahead of the pack, in being a safe place for people to work and run businesses, secure in the knowledge that we have a high level of protection against cyber-threats. We welcome that, particularly in the environment in which we are now operating.

We have remaining questions—we raised some of those in our written evidence—about the sequence by which the requirements will be applied. We think it is critically important that there is a strong baseline level of compliance that applies to everybody who operates a network in the UK. We do not want to have entry points through weak links across our environment.

Alex Towers: A large majority of what is in the TSRs reflects current best practice and we are already complying with it. There are some places where there is a stretch for us to do more, which is good. The key point, I suppose, concerns Howard’s point about making sure that the baseline for all operators is higher and strong enough, given that these are inter-connected network, as you have already heard this morning. The whole edifice is only as strong as its weakest point. We are concerned about the idea that the code of practice might not apply to some operators, for example. That is the sort of detail that we will begin to see debated further as the Bill goes through.

Broadband Rollout: Devon and Somerset

Debate between Matt Warman and Chi Onwurah
Wednesday 2nd December 2020

(3 years, 3 months ago)

Westminster Hall
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.

Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Matt Warman Portrait Matt Warman
- Hansard - -

My hon. Friend is absolutely right. A crucial part of the future programme will be much greater communication with Members of Parliament, which is important up to a point, but also with the public. One of the most important things we can do is say to people, as he said, yes, the whole procurement will take several years, but there will be many shovels in the ground and many connections made well before the end of that period. We need to give people as much transparency as we possibly can, so that the entirely legitimate criticism that my hon. Friend made of the previous contract is not the case for the future contract.

It was right that CDS gave Gigaclear the opportunity to make things work, because it could speed things up, but we are where we are. It also important from a national perspective to say that Gigaclear has delivered in large swathes of the country: in Oxfordshire, Berkshire, Essex, Herefordshire and Gloucestershire. There are many problems, given the situation we are in today, but part of this is that we cannot lay them all at the door of any one entity.

On the new procurement, while some may think it easier to award the contracts to a larger supplier, the fair and open process across six lots was intended to promote speed and competition. When my hon. Friend gets his Christmas present, I hope he will be able to greet that, and we will give him some of the transparency that we have talked about.

I thank CDS for working with DCMS as closely as it has. That is why we have got to the position of doing six procurements in ten months or thereabouts, taking the people of Devon and Somerset to a significantly better place. The overall delivery, in stages between 2021 and 2024, and 2024 and 2025, is the right approach but it needs to be as transparent as possible, and should go as fast as possible. It should be communicated as quickly as possible. I have made that point to DCMS and CDS because, once awarded, these new contracts will deliver the balance of the connectivity that should have been delivered by Gigaclear. It is worth remembering the UK Government target of 95% for superfast coverage. The latest figures in my hon. Friend’s constituency show that 84.35% of his constituents have superfast connectivity —slightly up from the figures that he has given. The bad news is that the other two constituencies that he mentioned have gone up slightly faster. Tiverton and Homerton now has the lowest connectivity in Devon and Somerset, and I know that he is not going to let up until that is at a significantly higher level. We will pick up the superfast connections with these remaining procurements, we will be more transparent and we will go as fast as we possibly can.

It is also important to talk about the forthcoming UK gigabit programme that my hon. Friend mentioned and be absolutely clear that this remains a £5 billion programme with a 100% target. The judgment of industry and the Government is that the initial phasing of the spending reflects the maximum that can be delivered in the period up to 2025, but we will continue to work with industry so that if we can go any faster at all, then we will. If we can exceed that 85%, then we will. It is not an 85% maximum—it is a 100% ambition and we will go as far and as fast as we can.

My hon. Friend the Member for North Devon (Selaine Saxby) mentioned vouchers. They will be a key part, but not the only part by any means, of that future procurement, because it is horses for courses, as we know. Some communities are able to work together, but in some areas that is simply not the right approach. A host of different approaches will inform how we spend that £5 billion because that is how we will make it go as fast as possible and how, with an eye on value for money, we will manage to make sure that we spend it as quickly as possible. I know what matters to hon. Members in the Chamber is getting those connections done as quickly as possible. In the period to 2025, we will focus that funding, wherever possible, on premises that do not have access to superfast broadband. That means that the focus will be disproportionally on constituencies such as Somerton and Frome, and Tiverton and Homerton, where an 80-something per cent. of people have it. I obviously cannot make promises about any individual connection, although I am glad that my hon. Friend the Member for Totnes (Anthony Mangnall) has recently been upgraded and I have hopes for my hon. Friend the Member for Somerton and Frome, but it is important that the Government are clear that we will focus the £5 billion gigabit programme on getting as many people connected as possible. We will focus on those who need it most, and we will continue to work with the industry to refine the programme and maximise coverage.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for the good-natured way in which he is addressing our concerns, but I want to ask him about the commitment to universal gigabit broadband. Does it remain, and if so when will it be achieved?

Matt Warman Portrait Matt Warman
- Hansard - -

As I said, we think we will get to 85% or thereabouts by 2025. We will go as fast as we possibly can and we will get to 100% as quickly as we possibly can. I know the hon. Lady wants me to put a date on that, but the point is that we will go as fast as we possibly can. We will talk more about what the phasing looks like as we talk more about the gigabit programme. We will release some details this side of Christmas and some more in the new year. If the hon. Lady will be slightly patient, we will be able to release some more details. One of the key factors for the gigabit programme has to be providing people with transparency about what happens when.

I thank my hon. Friend the Member for Tiverton and Honiton for securing this debate. It is a hugely important issue for everyone across Devon and Somerset. I understand and share the frustration. I would be very happy to have another one of these debates, but I really hope we will not need one.

5G Network

Debate between Matt Warman and Chi Onwurah
Tuesday 24th November 2020

(3 years, 4 months ago)

Westminster Hall
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.

Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

It is a pleasure to serve with you in the Chair, Ms Eagle. I pay tribute to my right hon. Friend the Member for Vale of Glamorgan (Alun Cairns) for securing a debate on a genuinely important topic, which would have perhaps attracted a significantly bigger crowd on other days—I take that as a sign that the Government are going in the right direction in lots of ways. It is none the less a critical topic for the Government, and it has been my focus for the last few months, to say the least.

I begin by paying tribute to the work of the Catapult and Dr Andy Sellars, already mentioned by my right hon. Friend and others. It is a £43.5 million Government project supported by UKRI, and it is important to say that £12 million from the Welsh Government is an important contribution. Some 1,500 people are already employed as part of the project and, as my right hon. Friend said, we expect thousands more to come as part of that investment. It is as though he read some of my speech, because he mentioned that we are already seeing clusters forming from the clusters. The close collaboration with the private sector in the north-east, Cambridge, Bristol and elsewhere shows that Britain is beginning to take the opportunity by the horns and make the best of it that we can. We do that in collaboration with our other international partners, but ultimately the opportunity is due to a wealth of expertise in this country, as the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) highlighted. That private sector collaboration will only continue to grow.

As my right hon. Friend highlighted, we have plenty more work to do. One of the things that we will seek to do through our diversification strategy is to shape the market and set the direction in a way that works genuinely with our private sector partners, because he is right to say that although there is much that we should leave to the market, we have to work collaboratively in the interests of national security, and we have to do it in way that ensures that we do not repeat the mistakes of the past. Ultimately, we are in the position that we are in with Huawei because of decades of wrong decisions, albeit with the best intentions.

My right hon. Friend also observed that not every Government project is as joined up as it could be. I can tell him that the diversification strategy will be one of the most joined-up Government projects he has yet seen—I do not know where that sets the bar in his expectations.

I am glad that we are having the debate, but I rather wish we were having it at this time tomorrow, because I will be able to say significantly more after the Chancellor has made his statement. To some extent, that will also tie in with the diversification strategy. As the Secretary of State has said, we will publish the diversification strategy alongside the Bill that so many colleagues have referred to. As the hon. Member for Newcastle upon Tyne Central knows, we have published the Bill today, so she will not have to wait long for her salvation. She mentioned the international angle, the need to put money behind it, the need to focus on standards and the need to focus on a specific institution, if not specifically a lab. In some form or another, those things will all be of great interest to her when she reads the diversification strategy, which she will be able to do in due course.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I appreciate the Minister’s comments and look forward, as always, to the publication of the Bill. Will the diversification strategy have the same legislative structure, content and meaning as the Telecommunications (Security) Bill? Will it have legislative power that is binding on the Government?

Matt Warman Portrait Matt Warman
- Hansard - -

It is a crucial complement to the Bill introduced by us today. We will be putting in place all the right incentives to ensure that the requirements being imposed by us through primary and secondary legislation can be met, or even beaten, within the timescale that we will be laying out. We cannot impose requirements on individual companies to make specific procurement decisions through legislation, but we can make sure that they are as secure as they need to be, and that the programme fits in a way that works for the market and for our national security. I know that the hon. Lady will take a close interest in both the primary and the secondary legislation, which will fill in some of that picture.

My right hon. Friend the Member for Vale of Glamorgan was right to imply that while we are now more dependent as we move away from Huawei, we have an opportunity to work both with the existing incumbents—primarily Nokia and Ericsson—and new incumbents. We are already working towards increasing the presence in our markets of those incumbents and, crucially, towards that Open RAN future of interoperability and far greater opportunities for our companies to thrive.

Matt Warman Portrait Matt Warman
- Hansard - -

My right hon. Friend is absolutely right. That is why the Government have been working as fast as they can on the 5G supply chain diversification strategy, which not only meets our short-term needs but prioritises the bold and ambitious approach that, as we both agree, makes it possible for our companies to make the most of their place in a global market, not just the UK. To reiterate what has already been said, that approach is built around supporting incumbents and attracting new suppliers, and also around accelerating the development and adoption of the Open RAN interoperable standards. They are all major opportunities, both nationally and internationally.

As discussed, the decision taken on high-risk vendors means that the UK is more resilient in respect of Nokia and Ericsson, and although 5G is now available in over 90 towns and cities with the support of those two companies, we need to seize the emerging opportunities to grow that number as rapidly as we can. That is why the Government are looking through a series of R&D interventions of the sort that the catapult has been so pivotal in accelerating.

Of course, we also want to bring new suppliers into the UK market. It is worth saying, as the hon. Member for Newcastle upon Tyne Central did, that the presence of the NEC global centre of excellence in the UK is not just an important sign of what is already there, but an important signal of the esteem in which the global supply chain holds the UK’s enthusiasm for adopting 5G.

I will take the opportunity to say that we have no intention whatsoever to delay the 2027 target for the majority of the UK population to be covered by 5G. It is already in 100 towns and cities, and the figure is increasing all the time. I also take the opportunity to point out that the chair of the taskforce mentioned by the hon. Lady, which is expert in both commercial and academic senses, is Lord Livingston of Parkhead. I am sure she knows that Parkhead is a part of Glasgow and is some way north of Bristol, but we are keen to focus on the diversity and expertise of that taskforce. Ultimately, we have prioritised expertise in the taskforce rather than the geographic location. She makes a fair point but, as I say, Glasgow is consistently north of Bristol.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Will the Minister give way?

Matt Warman Portrait Matt Warman
- Hansard - -

I think we have covered the geography of Glasgow.

We are working to remove the barriers for new market entrants, and the taskforce is a crucial part of that, but our ambition will not stop there. We will be keen to make sure that our global ambitions are a part of the work of both the taskforce and the diversification strategy, and that will persist well beyond the process that we go through with the Telecommunications (Security) Bill and with the diversification strategy.

My right hon. Friend the Member for Vale of Glamorgan noted our existing expertise and mentioned Open RAN, which will be hugely important in future. He will know that Vodafone has already launched a trial in Wales. That is the first, we think, of a significant improvement in the percentage of Open RAN, and we will seek to ensure that that persists. He also mentioned the potential of the low earth orbit satellite and OneWeb. It is important that we are open-minded when it comes to what technologies can be developed both through the Catapult and elsewhere. As the hon. Member for Newcastle upon Tyne Central said, we should not simply look at 5G when it comes to making sure we connect as much of the country as we possibly can.

I will address the comments made on behalf of the Scottish National party. The hon. Member for Aberdeen South (Stephen Flynn) is completely right that when we talk about 5G, it is important not to forget that significant parts of the country need a step change in their connectivity. The shared rural network, a £1 billion partnership between the UK Government and the mobile networks, will see 4G connectivity, particularly in Scotland, accelerate rapidly between now and 2025. That is hugely welcome, as he and others in this Chamber are keenly aware. Scotland is challenging geography to wire up, but it is crucial that we do so as rapidly as we can.

My hon. Friend the Member for Wakefield (Imran Ahmad Khan) was absolutely right to mention the opportunities for us in this project. We should see the next few years as a crucial opportunity to grow a really important UK market. The hon. Member for Newcastle upon Tyne Central said that she had never had the opportunity to work for a major British telecoms company. I say to her that the night is young.

If we get this right, opportunities will come in Britain and elsewhere. All of this will require investment, and the Government will put forward an initial funding package, to be set out in the spending review tomorrow, along with a boost to the Ofcom budget to reflect its enhanced security role under the Bill that we have laid today. The funding package will drive early progress and ensure that our diversification strategy not only bolsters the resilience and security of our digital infrastructure, but creates opportunities for competition, innovation and prosperity in all four nations. It is a huge opportunity that I hope we will be able to seize rapidly over the next few years, not just in 5G but through the UK’s gigabit programme as well.

This country already benefits hugely from the digital economy. This programme and this debate are part of doing that better. They are part of building back better, and I am confident that we will look back and say that we took a decision about Huawei that improved our national security and drove our ability to seize economic opportunities. I thank my right hon. Friend the Member for Vale of Glamorgan for securing the debate.

Draft Electronic Communications and Wireless Telegraphy (Amendment) (European Electronic Communications Code and Eu Exit) Regulations 2020

Debate between Matt Warman and Chi Onwurah
Tuesday 10th November 2020

(3 years, 4 months ago)

General Committees
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

It is a real pleasure to serve under your chairship, Dr Huq.

I thank the Minister for his opening remarks on this very important SI relating to our critically important telecoms sector. The UK telecoms industry contributes £32 billion to the economy, directly provides nearly a quarter of million jobs and has an impact on all of our lives, as we have really experienced during the pandemic. It is so important that we get regulation right for a sector that contributes so much to our economy, as well as to our work and social lives. I have to declare an interest, Dr Huq; before becoming an MP, I worked as head of telecoms technology at Ofcom, the communications regulator, where I literally spent six years with the Communications Act 2003 on my desk, as I worked on competition and investment in broadband networks. I could spend a lot of time discussing the provisions of the SI, but I will not detain the Committee longer than is necessary.

The framework that I worked with was a function of four EU directives, namely the framework, access, authorisation and universal service directives, all of which have been in effect in EU nations since 2002. Today’s SI implements aspects of the European electronic communications code, which I shall refer to as the EECC. That combined and revised the former four directives in line with the UK’s obligations under the withdrawal agreement, negotiated and signed by the Government.

As the Minister said, the EECC aims to promote infrastructure deployment and take-up of very high capacity networks through emphasising the necessity

‘to give appropriate incentives for investment in new very high capacity networks that support innovation in content-rich internet services and strengthen the international competitiveness of the Union’.

The EECC’s general objective in article 3 states that the national regulatory authority, in our case Ofcom, should

‘promote connectivity and access to, and take-up of, very high capacity networks, including fixed, mobile and wireless networks, by all citizens and businesses of the Union.’

Ofcom’s principle duty, as I am sure the Minister is aware, is to

‘further the interests of citizens and consumers, where appropriate by promoting competition.’

As I said, I had the 2003 Act on my desk, and consulted it regularly to understand what Parliament was aiming for when it set out that Act. What assessment has the Minister made of how the new duty with regard to investment will work alongside Ofcom’s existing duties? For example, how does investment and the citizen interest interact? I know that when Ofcom is looking at potential conflicts of interest, shall we say, between investment in networks and citizens’ rights and duties, it will want to refer to this debate as well as to the SI to understand what Parliament was driving at. Has the Minister assessed how the new duty will interplay with existing duties?

The EECC also aims to promote competition and to develop further the digital single market. During my six years at Ofcom, it was established that it is infrastructure competition, in which I am a great believer, as opposed to services competition that really drives investment, innovation and choice.

Matt Warman Portrait Matt Warman
- Hansard - -

indicated assent.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I see that the Minister is nodding, so that implies that he agrees that infrastructure competition is the aim.

The powers introduced by the EECC are designed to shift the market from reliance on access to the incumbent providers’ infrastructure, in our case Openreach, to an environment that can better support investment from both incumbents and new entrants to the market. To achieve that, article 67 sets out a recommendation for Ofcom to carry out market analysis, including provision to increase the maximum review cycle from three years, as it was when I worked there, to five years. Am I right in thinking that the intention is that that will promote competition by providing more time for network operators to earn returns on their investment, thus boosting investment and therefore competition? Is that effectively the only strategy to promote competition? Is that based on the belief that investment alone will lead to a greater and more competitive market? I am not sure that is the case. What guidance will be offered on how the returns on that investment should be regulated?

I am concerned that the emphasis on promoting investment incentivised by high returns may damage consumer interest, because it is the consumers who will be paying those returns, and citizens in the case of services from Government and so on. Can the Minister assure me that that will not be the case? That comes back to how the duty to promote investment will play with the duty to promote the interests of the consumers and citizens. Can he effectively say that the interests of the consumers and citizens will always take priority and be paramount, and that we do not seek to promote investment simply by ensuring excessive returns, so that companies invest in networks as opposed to other investments that may have higher returns, for example in financial services? I hope that we can hear about what consumer groups have said on that point.

I am pleased to see that end-to-end provisions of the code seek to protect consumers with wide-ranging consumer rights. As the Minister said, articles 98 to 116 provide protections against cybercrime, enhance user rights when switching internet access services, ensure minimum standards across member states, establish a universal service, which ensures the availability of broadband and voice communications, and ensure that all users have free access to the universal European 112 emergency services number.

Given that we have left the EU, and indeed the transition period ends on 31 December, am I right in thinking that the price cap for intra-EU calls will no longer be enjoyed by UK consumers, and that as we are no longer in the EU, there will be no price cap on calls to the EU from UK phones?

The terms of the SI do a lot, but as the Minister implied, the measure does not fully implement the EECC requirements. In July, the Government stated that they would ‘deprioritise’ aspects of the EECC, including key consumer and market issues due to the pandemic. Those issues include all obligations relating to number-independent interpersonal communication services—NI-ICS—the requirement for communications service providers not to discriminate against end-users access to telecoms on the basis of their nationality and provisions regarding Ofcom’s independence and powers to issue penalties. The Government have stated that some of these measures are already covered by existing law, but can the Minister confirm to me today that the deprioritisation of such obligations is not in breach of the withdrawal agreement? Does this divergence from European Union law constitute a statement from the Government that they are ruling out future participation in a digital single market? Will these deprioritised services become a priority once the pandemic is over, or are the Government ruling out adopting these measures completely?

As a result of the adoption of the EECC measures, Ofcom will be granted many new powers, which the Minister referred to, such as network forecasting, promoting gigabit-capable networks, co-operation and competition in hard-to-reach areas, easier switching for consumers and improved regulation of bundled contracts, and oversight of the pro-investment aims that the Government and the EECC have publicised. These measures were confirmed by the Government in July, but they did not tell us what further resources Ofcom would be provided with as it takes on these responsibilities. Has the Minister spoken with Ofcom about additional resources? Will he confirm today that Ofcom will be provided with what it needs to meet those obligations? How will Ofcom be measured against its duty to promote connectivity in gigabit-capable networks? Will that fall under the Minister’s direct oversight or will he leave it to the board? Will we have a report of some kind to Parliament?

In the UK, this SI is only part of the implementation of the EECC. We must also acknowledge Ofcom’s general conditions, which will be amended to reflect the obligations. In its statement of 27 October, Ofcom set out the end-user consumer protections and confirmed the UK’s intention to

“ban mobile providers from selling locked mobile devices”

by December 2021, to extend rules on accessibility for disabled customers by December 2021, to introduce new rules for bundles that include other services or equipment sold with a communication service by December 2021, to ensure better contract information and stronger termination rights by June 2022, and to introduce improved switching processes for broadband by December 2022. Will the Minister reaffirm that these plans will remain in place following the end of the transition period and will not be rolled back on, as it were?

I finish on a point raised with me by telecoms experts, representatives of the industry and business. This SI and the transposition into UK law are obligatory under the European Union (Withdrawal Agreement) Act 2020, but after 1 January 2021, once the transition period has ended, they will no longer be obligatory and could be overwritten. Will the Minister give a clear commitment that that will not happen? Will the Government set out an updated long-term digital strategy, providing stability and security in the sector?

The importance of working closely with our friends and partners in the European Union cannot overstated, particularly in telecommunications, for communication providers and in the burgeoning social media and application sectors. Our economy, businesses and consumer protections are reliant on our close relationship with the European Union, and our telecoms services benefit from access to European Union markets. While we might not be able to holiday in many places at the moment, we all look forward to the time when we will be making phone calls from France, Denmark or wherever. As we leave the transition period, our future remains uncertain, as the Government’s botched negotiations have left us somewhat in limbo. The Government have presided over 10 wasted years for UK telecoms infra- structure, whereas the previous Government—I will not labour this point—understood the importance of supporting investment and infrastructure competition, which led to the greatest expansion in infrastructure competition, with unbundled local loop.

The intentions behind this SI, and behind the EECC, are good and we will not oppose it, but the Government must take charge and upgrade our telecoms infrastructure, and provide reassurances on our consumer protections. I thank the Minister in advance for his answers. I know that I have asked a lot of questions. If he cannot answer them all today, I hope he will agree to write to me, because I am very interested to know the answers and it is in the interests of scrutinising this legislation that they should be responded to.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I am tempted to take up the offer made by the hon. Member for Newcastle upon Tyne Central and say that I will write to her on everything. I will not do that, but I shall try to rattle through a lot of what she asked.

In short, the regulations crystallise the existing factors, with which she is so familiar, that have to be taken into account when assessing whether a market has competition problems and would require Ofcom intervention. As she knows, that requires Ofcom to consider innovation, competition and future networks when imposing those conditions. Much of this is about crystallising in legislation the good practice that we already see in Ofcom.

The hon. Lady is right to say that longer review periods potentially promote greater certainty around the really significant investment in infrastructure that we are seeing and would like to see more of. There is an important balance as to making sure that we do not entrench monopolies, and that we get the right and fair degree of certainty for investors so that they can make a return, but she is right to ask: are consumers at the heart of everything that Government and Ofcom do? Of course they are, and they will continue to be so. It is in consumers’ interests to have sustainable companies making pragmatic investment decisions, but ultimately it is the consumer that has to be at the heart of all of this.

The hon. Lady asked briefly about mobile roaming. She is right that when we leave the European Union we will be under different rules. In theory that will leave companies able to make decisions on roaming that they are not currently able to make, but the Government will continue to engage intensively on that. We have no indication from companies—they themselves have said it publicly—that they have any intention of changing the landscape in the near future.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his approach in responding to my questions. Intra-EU phone calls are about making calls from one European country to another, and not necessarily about roaming. Will he also confirm that he has discussed that point, or will be discussing it, with providers in the UK so that we can retain that benefit if possible?

Matt Warman Portrait Matt Warman
- Hansard - -

Yes. The hon. Lady is absolutely right that that is also the case, and we continue to take an interest in exactly that. On that front, there are no indications of immediate changes either.

The hon. Lady mentioned what we call ‘over the top’ services—number-independent services that translate to calls via WhatsApp, Facebook Messenger and the like. As I said, we are not dealing with the matter immediately, but we are looking at the best way forward for those with Ofcom. Similarly, where issues have been deprioritised during the pandemic, that is not to suggest that they are not important. As I said in my opening remarks, the UK was key to the original negotiations and we would not seek to deprioritise them other than in the exceptional circumstances in which we find ourselves.

The hon. Lady asked about the resources for Ofcom. In close collaboration with Ofcom, we have asked what, if any, further resources it feels it needs; at this stage, the answer is that it is content with what it has. Obviously, we want it to be resourced properly, and we will make sure that it continues to be so.

The hon. Lady also asked about gigabit roll-out and that is something on which the Government work closely with Ofcom. It is ultimately my responsibility and that of Department for Digital, Culture, Media and Sport, and indeed a priority for this Government, to see that roll-out go as far and as fast as it possibly can. To that end, no, we will not be rolling back on any of the provisions in the draft regulations as soon as we end the transition period. We welcome the measures and are proud to have played a significant part in negotiating them with the EU, because we believe that they will drive forward important ambitions for this country and for all our citizens who, as we have heard, increasingly rely on digital connectivity.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

On Ofcom’s resources, and I have declared an interest, I am somewhat surprised that it will take on the additional powers and responsibilities under the SI without any additional resources. We know that at some point, when we get the online harms Bill—again at some point—Ofcom will be involved in the regulation of high risk vendors. A number of additional requirements are being placed upon it, so will the Minister discuss the need for additional resources in the round with other Ministers whose responsibilities come under Ofcom’s purview? I am quite convinced that Ofcom does not have the resources it needs to take up all those additional duties.

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady makes an entirely reasonable point that Ofcom will be taking on a number of additional duties in the future, and considering its resourcing needs in the round is absolutely vital, but on this relatively narrow point, Ofcom is content with the resources it has.

In response to the hon. Member for Bristol North-West, the draft regulations give us the powers to consider what a mobile USO might look like. We do not immediately intend to take that forward, but it is a statement of the obvious that more and more households, especially with the growth of 5G, will be able to rely on a mobile service rather than anything else. Given that the USO is really important, the draft regulations give us the power to go further but we are not announcing anything as yet, but the hon. Gentleman’s Select Committee may wish to take an interest, I suspect.

I commend the regulations to the Committee. They are an important step forward, and I am pleased to hear that the Opposition do not oppose them, because I think there is real consensus across the House on the value of digital connectivity. The Government’s ambition is unashamedly extraordinary in going as far as we possibly can with gigabit connectivity. The regulations allow us to continue to drive that forward at the fastest pace we possibly can, and I commend them to the Committee.

Question put and agreed to.

Telecommunications Infrastructure (Leasehold Property) Bill

Debate between Matt Warman and Chi Onwurah
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

We have had a very interesting and at times lively debate. On Third Reading, I would say that this Bill gives us baby steps towards rolling out the infrastructure that so many millions across this country are in desperate need of—full-fibre broadband infrastructure. This is no time for the Government to be patting themselves on the back. This is a mediocre Bill that, in addition, risks being derailed by the Government’s failure to take a longer-term view on our national networks, full-fibre, 5G and more. In terms of the Secretary of State’s responses, we will take forward the reassurances on tenants and hold the Government to account. Tenants should be able to access the provisions of this legislation. I fear that the Government do not understand the basis or need for competitive infrastructure, because the Bill does not support competitive access to multiple-dwelling units. We will hold the Government to account on that. We will also hold them to account on the assurances given on information and better dissemination of digital skills and digital guidance.

The big Huawei hole in which the Government find themselves has not been reconciled by today’s debate. The Secretary of State promised several things, including a new telecoms security Bill, but he could not give us any of the details. He promised a diversification strategy but, to be clear, that was the basis of the telecoms supply chain review report in July 2019, and we would hope that there would be some detail on what that strategy is. The Budget is tomorrow. Will we see funding for significant investment in the diversification of the supply chain that the Secretary of State promised?

Will we get greater clarity on what the diversification strategy is leading to? Is it leading to non-dependence on high-risk vendors within this Parliament or at some unspecified date in the future? We have heard little on the industrial strategy that will make diversification possible. Are we talking about UK capacity to deliver 5G and 6G in future networks, or are we talking about greater support for Japanese and Korean companies to enter our supply chain? Will the timetable for this diversification strategy be on the face of the telecoms security Bill?

Those questions all remain to be answered. It is an indictment of this Government’s support for our national security—and the clarity of that support for our national security—that at this stage so many Conservative Members feel it necessary to vote against their own Government, in order to press home the needs of our national security and, specifically, our technological capability in the key areas of 5G, 6G and future telecommunications. We are told that, in network design, it is always important to design in the possibility of breach, but the Government seem to be designing in breach of our entire network system.

Matt Warman Portrait Matt Warman
- Hansard - -

indicated dissent.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

The Minister shakes his head. In that case, I hope he will be able to say how we will ensure that we are not dependent on high-risk vendors before the end of this Parliament. Until we see a detailed plan, an industrial strategy and funding for all the different components of that, the Opposition will remain concerned that the Government are not prepared to make the interventions necessary to ensure that our national security is safeguarded.

Online Harms Legislation

Debate between Matt Warman and Chi Onwurah
Thursday 13th February 2020

(4 years, 1 month ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Urgent Questions are proposed each morning by backbench MPs, and up to two may be selected each day by the Speaker. Chosen Urgent Questions are announced 30 minutes before Parliament sits each day.

Each Urgent Question requires a Government Minister to give a response on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

Molly Russell was only 14 when she killed herself after viewing posts on Instagram. David Turnball was 75 when he lost his pension through an unregulated financial product that was prominently advertised by Google. Last year TikTok live-streamed a teenager’s suicide. Misinformation on the coronavirus is spreading on social media. An online abuse offence against a child is recorded every 16 minutes. When we talk about online harms, these are real people, real stories, real pain and real hurt.

Before becoming an MP, I was an engineer. I helped build out the internet. I am proud of my work, which enabled people to better communicate and connect, but it has been clear for years that the internet requires regulation. Tim Berners-Lee, the inventor of the internet, has said it; the National Society for the Prevention of Cruelty to Children has said it; and Facebook has said it.

This response on online harms is overdue, weak and ultimately ineffective. Social media companies will have a duty of care, which Ofcom will regulate—good. Tech companies always had a duty of care, in my opinion, but the first online suicide was over 10 years ago, and still victims await legislation. When will these proposals be law?

Instead of creating a new regulator, the Government have given responsibility to Ofcom. I like Ofcom—I used to work for it—but in the last ten years it has had the BBC, postal services and more added to its remit. What additional resource will it have? What powers of enforcement will it have? Companies will regulate complaints themselves, although we are told that it will be transparent—how? The transparency working group has been mentioned, so could we have some transparency on that?

New online harms are emerging. Just a few weeks ago the smart doorbell system Ring was hacked, putting children at risk. Algorithms, facial recognition and artificial intelligence are not addressed—why not? In a week’s time the European Union will announce measures for digital services regulation. Has the Minister spoken with the EU about alignment, and if not, why not?

Online harms cause untold damage in the real world. If the Minister cannot give clear answers to these questions, victims past and present will have lost out in another wasted year.

Matt Warman Portrait Matt Warman
- Hansard - -

I welcome the tone of the hon. Lady on this. These are hugely important issues that affect real people. We call them online harms, but they are profoundly real for the people affected. She is right that legislation is overdue; Parliament should have acted many years ago to address the issue. But the reality is that the duty of care that, in her opinion, social media companies have to their users will be put into law by this Parliament. That is progress, and I think we should welcome it.

We will bring forward the legislation in this Session. We will produce the full consultation response by the spring. We will be going as fast as possible. The hon. Lady wants us to go faster. I welcome the tone that she has struck, but I know that she would not want us to rush and then introduce half-formed legislation that would not work. If we committed to pre-legislative scrutiny, we would be introducing the legislation in the next Session, and that is too long a delay.

I will try to answer some of the many entirely legitimate questions that the hon. Lady asked. She is right that the NSPCC and Facebook have welcomed this. The industry is ready and ripe for regulation, and we should work together to deliver it. Like the Chair of the Select Committee, she asked what additional resources and enforcement powers Ofcom would have. We will ensure that Ofcom has the resources and the enforcement powers that it says are going to be the most effective. I hope that will be a transparent and open conversation.

The hon. Lady mentioned the internet of things, which is an important area. Harms that derive from being online are not limited to social media; they now extend to the doorbells she mentioned and a whole host of other things. She will know that this Government have already committed, through what we call “secure by design”, to legislate on that. I look forward to our bringing that forward by whatever vehicle as soon as we possibly can. That is why we have talked about it already.

The hon. Lady also mentioned the digital services regulation. Of course, we work in consultation with countries around the world. This is a global industry. Britain is taking the lead; it is right that an open and liberal democracy takes the lead on these difficult decisions. We will do this as fast as we possibly can. We will not be delayed by the activities of other countries, but we will work with them.

Oral Answers to Questions

Debate between Matt Warman and Chi Onwurah
Thursday 13th February 2020

(4 years, 1 month ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Matt Warman Portrait Matt Warman
- Hansard - -

It is precisely because of the needs of remote areas such as those in her constituency that we are investing £5 billion in gigabit-capable broadband. I know that, with her speaking up on behalf of her constituents, they will by no means be left behind.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

If only complacency built networks, we would have the fastest broadband in the world, but it does not, and neither does it keep our network secure. In June, the National Cyber Security Centre said that we had to act to mitigate the risk of high-risk vendors such as Huawei in our 5G and full-fibre networks. Since then, we have had more disturbing reports from our Five Eyes allies Canada and the US, while former Cabinet Ministers fall over themselves to criticise the Government, but we have had no legislation and not even a plan for legislation. Where is the plan to keep our networks safe?

Matt Warman Portrait Matt Warman
- Hansard - -

As the hon. Lady knows, the NCSC has published comprehensive guidance, which the networks are paying close attention to. The networks work closely with our agencies. We will bring forward legislation on this as quickly as we can, because national security will always be at the top of our priority list. That is why we have taken the decision we have taken.

Telecommunications Infrastructure (Leasehold Property) Bill (First sitting)

Debate between Matt Warman and Chi Onwurah
Committee stage & Committee Debate: 1st sitting: House of Commons
Tuesday 11th February 2020

(4 years, 1 month ago)

Public Bill Committees
Read Full debate Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 11 February 2020 - (11 Feb 2020)
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

My hon. Friend makes an excellent point, and her past experience in the IT sector leads her to understand and see the divides that exist—for example, people on lower incomes are less likely to use the internet and have access to broadband. There is also a real rural divide, with our rural telecoms infrastructure not enabling the kind of economic success stories of small businesses that she mentions. Unfortunately, the Bill does not address that. Indeed, many of the operators, such as TalkTalk, Mobile UK and Hyperoptic, have said that we need to upgrade our infrastructure, but the Bill does not address that.

In the last six months the Prime Minister has held three different positions on what kind of telecoms infrastructure we need: when he was standing to lead his party, he promised to deliver “full-fibre connectivity” to all households by 2025; the Government manifesto talked of “gigabit-capable connectivity” by 2025; and the Queen’s Speech dropped the 2025 reference altogether, promising instead to accelerate the roll-out. Will the Minister clarify exactly what the Government’s target is for broadband connectivity? Whatever the target is, and whatever the lofty ambitions are, I am afraid that the Bill will not achieve them.

The Bill is designed to enable people who live in flats and apartment blocks to receive gigabit-capable connections where their landlord repeatedly fails to respond to telecom operators’ requests for permission to install their infrastructure. The network builders say they face significant challenges in connecting people living in flats and apartment blocks when they do not receive a response from the building owner to requests for access. According to Openreach, 76% of multi-dwelling units miss out on initial efforts to deploy fibre because of challenges in gaining access.

The Bill provides a bespoke process for telecoms operators to gain access to MDUs in order to deploy, upgrade or maintain fixed-line broadband connections in cases where a tenant has requested an electronic communications service but the landlord has repeatedly failed to respond to an operator’s request for access. For a telecoms company to install equipment such as cables on public or private land, formal permission through an access agreement with the landowner/occupier is required. Under such an agreement, the landowner grants the communication provider a licence to install, access and maintain equipment on their land. The Bill takes into account the fact that landlords are not always responsive or eager to meet their tenants’ needs.

The measures in the Bill are welcome and the Opposition will not be voting against it. In the context of the lost decade, however, we are truly dismayed by the Bill’s limited scope. It proposes only minor measures to ease infrastructure build-out by giving operators more powers to access apartment blocks when tenants request service. The sector has welcomed the Bill but without any great enthusiasm, saying that the difference it will make will be marginal. The trade body for the tech industry, techUK, says it does not go far enough, stating that

“from new builds to street works”,

many issues

“have not been tackled by the Government’s Bill.”

We have tabled several amendments to improve the Bill, but before I speak to amendment 9, I will briefly mention additional flaws that the Opposition have not sought to fix through amendments. There is the matter of consistency with other regulations. The internet is now an essential utility for modern life and, as such, telecoms operators should possess the same powers as those who provide other utilities, but the Bill does not go far enough on that. We appreciate that the Government acknowledge the necessity of broadening the rights of telecoms providers, but they have not actually done so in the Bill. They have given no statutory rights of access to telecoms companies and placed no obligations on landlords to facilitate access.

Do the Government recognise that the internet is an essential utility, and do they believe that telecoms should be brought into line with other utilities, for which forced entry is permitted on the grounds of ensuring that there is no threat to life or safety? Obviously, that might not be the case with telecoms, but I want to understand the comparison that the Government make between the telecoms utility and other utilities.

The amendment is intended to ensure that operators can apply for a part 4A order only if they intend to supply gigabit-capable broadband. Of course, we need to understand what gigabit-capable broadband is, but I am sure that the Minister will relieve us of that uncertainty. As I said, we have suffered 10 wasted years under Conservative Governments of various types, a unifying theme of which has been a misunderstanding of technology interspersed with a misuse of it.

Given that the Prime Minister has expressed three different positions in six months, what is the aim of the Bill? Does it aim to provide gigabit broadband? On Second Reading the Minister said that the legislation will be a “hammer blow” to crack our woeful broadband nut. I can only assume therefore that the legislation does not serve simply to give operators opportunities to lock in my constituents to slow broadband. The Minister said that it must deliver gigabit-capable broadband, so I cannot imagine that he will have any objections to enshrining that in the legislation by supporting the amendment.

I also seek clarification on whether anything in the Bill confines it to fixed-line operators. Will the Minister confirm whether, under the terms set out in the Bill, it would be possible for a mobile operator to install a mobile base station, for example, for the purposes of delivering gigabit-capable broadband, either to one building or another? How does the Bill ensure, in the case of wireless or mobile broadband, that services are limited to a particular building only?

The amendment would make it clear that the Government are proceeding with their commitment to deliver on gigabit-capable broadband and that the Bill cannot be used to deliver slower broadband, so it will contribute to our broadband infrastructure.

Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

It is a pleasure to serve under your chairmanship, Mr Davies. I welcome the hon. Lady’s acceptance that the Bill is an important part of the Government’s programme to deliver gigabit-capable broadband as quickly and as far across the country as possible. She is right that we have not got the numbers that some of our European competitors have, although we are now up to 3 million premises with full-fibre broadband in this country—the latest figure is 11%, rather than the 8% that she quoted. None the less, the Government are significantly more ambitious than that, so today we are delivering this narrowly focused Bill that will quickly address a pressing issue that the industry faces. As she also said, the industry has broadly welcomed it.

I will address the main parts of the Bill in the stand part debate later. As the hon. Lady has said, the Bill will introduce, when demanded by occupants of a building, a right for communications providers to access a building to provide a service that is fit for the 21st century when landlords have been unresponsive. It is, as she has said, a pressing issue for the industry that has affected too many tenants already and in part has affected too many tenants because the existing process is overly cumbersome. The Bill introduces a process that is far more speedy and cost-effective for operators.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Not for some teenagers.

Matt Warman Portrait Matt Warman
- Hansard - -

Yes, I am not sure how I would cope myself, but the principle is the same.

We sympathise with the spirit of the amendment. There is currently little evidence that anyone seeks to install services that are not gigabit capable; if one goes into an MDU, it is almost always fibre that is being installed. However, as the hon. Lady said on Second Reading, being technology-neutral is important and might enable the speedier roll-out of a service. If a group of residents or a telecoms operator sought to install a service that was not gigabit capable, although that is extremely unlikely, I do not think the Government should seek to withhold better broadband from a block of flats, for instance, simply because that is the only option available. Nor do I think, to be fair to the hon. Lady, that that is her intention. We should maintain technology neutrality and the commitment to speed and a possible service sooner rather than later, rather than have the Bill restrict it, when it is in most instances a hypothetical problem—we are not aware of a situation in which a slower service would have been suggested or provided by an operator.

On the hon. Lady’s point about mobile base stations, again the Bill is technology-neutral, but it is important to note that placing a base station on the top of one building usually benefits the buildings around it, as she knows, rather than that building itself. The triggering of the request that the Bill covers would not necessarily be valid because it would be a different building. It does not imply rights to install equipment on a connected piece of land rather than on the building itself. That is an issue we discussed at some length earlier. Both points indicate that although the measure is technology-neutral, it is more likely that it will not apply to either 5G or to base stations.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I appreciate the points that the Minister is making, and the tone with which he is making them. Gigabit-capable broadband is technology-neutral. That is the only justification for having the full-fibre broadband that the Prime Minister initially promised. I therefore still do not understand why the Government are reluctant to put that in the Bill. As the Minister says, although there is no evidence of a desire to roll out a network that is less than gigabit capable now, once we have competition for a gigabit-capable network, some operators might seek to capture buildings and deliver broadband that, although better than what we have in some of our areas—the broadband in some areas is very poor—is not actually gigabit capable.

Matt Warman Portrait Matt Warman
- Hansard - -

I genuinely sympathise with what the hon. Lady is seeking to do, but her amendment also constrains a Bill that benefits from taking the approach that it does. Technically what she proposes would amend only one part, but amendment 9 would not amend the circumstances under which the part 4A order can be made because they are set out in paragraph 27B. There is a logical inconsistency in what she proposes, but the principle is very much the same as what the Government are seeking.

The hon. Lady would also inadvertently be delaying the roll-out of a service that would be a significant improvement even if it were not gigabit capable, and she undermines the principle of aspects of technology neutrality. Our intention has always been for the whole code to be technology-neutral. There would be no direct benefit from her amendment, although we very much share her ambitions. We want the Bill to benefit tenants whatever the service they request and, with that in mind, although the Government sympathise with her ambitions—

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I thank the hon. Lady for intervening just as I was finishing my remarks. There is no legislative flaw on the speed of a service that a commercial operator might seek to install, but the market is obviously going upwards rather than downwards. We have seen no evidence that anyone is seeking to install copper, for instance. The direction of travel in the market is clear across the country. When the USO comes into force, it will sit above this legislation. On her question about the scope of the Bill, I can confirm that those matters would be out of scope.

The Government want all networks to be gigabit capable, and through the work that we and Ofcom are doing, everything is moving in that direction, in terms of both market forces and the Government’s legislative programme. Although I sympathise with the spirit of what the hon. Member for Newcastle upon Tyne Central is seeking to do, I ask her to withdraw the amendment.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I am grateful to the Minister both for his response and for his sympathy with what we are trying to do, despite his inexplicable reluctance to actually do it.

Part of the Minister’s critique of the amendment is that it is not comprehensive in amending other aspects of the legislation. He is actually critiquing his own Government’s approach, because the problem is that we do not have a comprehensive strategy—or any kind of strategy or plan—to deliver the gigabit-capable broadband of which he and the Prime Minister have spoken. I remain concerned that the legislation may well be used to deliver broadband that does not meet the expectations or the just deserts of British citizens, whether or not they live in apartment blocks.

I look forward to the Minister setting out at some point a plan that enshrines gigabit broadband in our lives, just as the Prime Minister enshrines it in his speeches. I do not believe that it is worth pressing the amendment to a vote. I note that the Minister’s commitment to gigabit broadband is on the record, as is his expectation that the legislation will be used to deliver it. That will have to suffice for today. I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

My hon. Friend is right. I seek to understand whether the Government have considered that, and what their plans are to reflect it. As my hon. Friend says, it may be that tenants and leaseholders do want broadband access. We all have busy lives and are not full-time network engineers. They are not necessarily going to focus on that, whereas a mobile operator has the resources and expertise to make such a request. Tenants may feel that they do not want to annoy their landlord further in case they find themselves subject to an eviction notice or something similar. Mobile operators are in a better position to take on the power of the landlord in making that request. Operators acknowledged that potential logjam in the consultation on the Bill. Virgin stated that they would recommend that the Bill remove the requirement for tenant requests to trigger the process and that they typically

“will not attempt to seek a wayleave from a landlord unless…convinced of the prospect of selling services to the tenants within the MDU.”

Virgin also stated that demonstrating a tenant’s interest added another layer of administration to an already costly and bureaucratic process.

The Internet Service Providers’ Association, a trade body, also recommended an amendment to allow operators to use this mechanism where they are met with an “unresponsive” landlord, regardless of a tenant’s requests. ISPA would further recommend that all landlords be compelled to engage meaningfully with the code, regardless of any tenant request.

Why have the Government apparently ignored or rejected the industry’s requests? There may be a number of reasons. Perhaps the Government do not trust telecoms operators to make credible requests, perhaps they are afraid that big operators—given their deep pockets and big legal departments—will capture all the buildings. Perhaps they simply want to reduce the legislation’s scope so that it is less effective than it would otherwise be. Amendment 7 seeks clarification from the Minister of why the circumstances in which requests are initiated are so limited, and why the Minister has not given operators the opportunity to also make the request.

Matt Warman Portrait Matt Warman
- Hansard - -

Once again, I absolutely understand the spirit in which the hon. Lady raises the amendment, and I admire her gymnastic ability to bring all the points about leasehold into a telecommunications Bill. It is admirable. She is right to address her point specifically on business parks, and will know that the Bill does include the power for the Secretary of State to expand the types of land covered by the Bill, when there is evidence, to business parks, for instance. We do not have all the necessary evidence to do that. The issue of speedily fixing the problem for MDUs while also having the opportunity to fix the problem for business parks in the future is in the spirit of the Bill. I hope that she understands that it makes sense. She knows that there are almost half a million MDUs in this country. It is important to address that problem as soon as we can.

She will know that the Bill is ultimately about a relationship between a telecommunications provider and an unresponsive landlord. The provision can be triggered by a tenant of a building. That is an important factor. However, she will also be aware that the Bill contains the important concept of the “required grantor”. Proposed new paragraph 27B(1)(c) of schedule 3A to the Communications Act 2003, with which I know we are all intimately familiar, confers on the operator a code right in respect of connected land, or allows a person to be bound by such a code right exercised by the operator. In practice, that means that anyone with an interest in the land will have to be contacted. Therefore, when it comes to the operation of the Bill, there will be an opportunity for communications providers in practice to work with anyone in a building to seek to trigger what they would hope to go on through improved provision of broadband. Ultimately, however, the relationship is between the communications provider and the landlord, or the unresponsive landlord.

I think the hon. Lady seeks to expand the number of people who can have an impact on the process. Obviously, the consent of a freeholder, for instance, would still be required even though the property was sub-let. I hope she understands that, while we envisage everyone being able to trigger the process, the legal mechanism under which it operates ultimately is between the communications provider and the landlord—or the unresponsive landlord or the tribunal.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for giving way. I should say that I am familiar with the electronic communications code, having worked for years with it on my desk at Ofcom. It certainly is not a piece of regulation that I would expect tenants of buildings to be familiar with. Will the Minister clarify whether he is saying that the tenant can make the request, or that the tenant can work with the leaseholder, the freeholder and the telecoms operator to make the request? Can the tenant make the request?

Matt Warman Portrait Matt Warman
- Hansard - -

Ultimately, it is for the telecommunications provider to make the request, having been contacted by people with an interest in the building. However, it is important that it does that in the context of the person who is the leaseholder or the freeholder in any particular building. Obviously, there is nothing to stop an individual getting in touch with a potential telecommunications provider and saying they would be interested in taking up a service, but the formal relationship ultimately has to be with the person who has the leasehold or the freehold. It has to be between the communications provider and, in due course, the landlord, responsive or otherwise. I hope that clarifies some of what the hon. Lady asked about.

I appreciate that amendment 4 is probing, and I understand what the hon. Lady seeks to do. In the usual course of business, any communications provider would seek to expand its network because it knew there was demand. To enable a provider to seek to expand its network without doing any work with a potential tenant that may, in due course, trigger the code would expand that process significantly.

We have tried to take a balanced approach to accessing land to deploy or maintain networks, and it is essential that we try to keep that balance. We believe that allowing operators to access property without the landlord’s agreement is justifiable only in limited circumstances—where a customer has expressly requested a service, or where the operator has taken the steps outlined in the Bill to evidence that it has tried repeatedly to contact the landlord. It seems to me that that combination is the fair and balanced approach, and that if we allowed operators to do that without the consent, in effect, of either an absentee landlord or the people in a building, we would go further than we would reasonably want to. Actually, I think in some ways that would go further than what the hon. Lady suggested, but that would be the consequence of amendment 4.

We remain mindful of striking a careful balance between the rights of both landowners and telecoms operators. The need for a request to come from a tenant is an important element of that careful balance. Ultimately, a tenant, under whatever type of leasehold or contract can make that request. With that balance in mind, I hope that the hon. Lady is content to withdraw both amendment 7 and amendment 4.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his response, which has given some more clarity, but I am afraid he has not clarified what the situation will be.

Amendment 4 highlights the lack of a coherent telecoms industrial strategy and a plan for the delivery of gigabit broadband to the country. Opening it up to mobile operators could have unforeseen consequences, which the Government apparently have not had the foresight to investigate fully. While limiting it in this way could be detrimental, I see no alternative but not to press amendment 4, because the Government have apparently not investigated the best way of opening this up to mobile operators.

In relation to amendment 7 the Minister talked about leaseholders, freeholders, tenants and customers, but I remain unclear whether tenants—those who are not the leaseholder or freeholder but are occupying the building or the land—who make a request for service from a broadband provider are within the scope of this legislation.

Matt Warman Portrait Matt Warman
- Hansard - -

They can make the request but, within the scope of the Bill, there is also a requirement for consent from the freeholder, for instance.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for that. Will he point to where in the Bill it says that a tenant can make the request? I am sorry to put him on the spot, but the Bill seems to refer to leaseholders and freeholders, and I do not see tenants there. That is the reason for amendment 7. On that basis, and in order to provide clarity, I would like to press the amendment to a vote.

Matt Warman Portrait Matt Warman
- Hansard - -

My understanding is that, within the context of this Bill, a tenant would absolutely be within the legal definition. I am not pretending that I am wholly answering the hon. Lady’s question, because there is still a requirement for the freeholder, for instance, to be a part of the process.

Question put, That the amendment be made.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I beg to move amendment 8, in clause 1, page 2, line 14, at end insert—

“(f) the proportion of the operator’s network which uses vendors defined by the National Cyber Security Centre as high risk vendors does not exceed 35%.”

This amendment would prevent operators which heavily use high risk vendors from being granted Part 4A orders.

I want to move to an issue that has dominated our discussions on telecoms infrastructure for the past 18 months and is not reflected in the Bill at all: the role of high-risk vendors such as Huawei in the UK’s full-fibre, 5G and gigabit-capable future. The Foreign Secretary recently said that he wanted to

“legislate at the earliest opportunity to introduce a new, comprehensive telecoms security regime to be overseen by the regulator, Ofcom, and Government.”

He also said that the Government would

“legislate at the earliest opportunity to limit and control the presence of high-risk vendors in the UK network, and to allow us to respond as technology changes.”—[Official Report, 28 January 2020; Vol. 670, c. 709-711.]

Just this weekend the Minister’s senior colleagues on the Back Benches continued to express dismay at the rejection of our technological sovereignty.

I therefore want to give the Minister an opportunity to do what the Foreign Secretary called for—I hope that the Minister agrees that a Bill on telecoms infrastructure might be considered the earliest opportunity to legislate—by taking the first step in achieving the aim of limiting the role of high-risk vendors in our telecommunications networks. The amendment would limit the use of high-risk vendors so that

“the proportion of the operator’s network which uses vendors defined by the National Cyber Security Centre as high risk vendors does not exceed 35%.”

The National Cyber Security Centre stated in a recent report that for mobile operators security does not pay, and that market incentives had to be changed to deliver on security. It also made it clear that having high-risk vendors in the network was a risk, which seems obvious, but that the risk could be mitigated if the Government took certain steps, such as limiting the vendors to 35% of the network. The Government have yet to make clear the 35% of which network, when it should happen by and what enforcement powers would apply to the operators that do not meet the requirements. Although the Bill focuses on fixed-line operators, I am sure that the Minister and the Committee are aware that with the convergence of fixed-line and mobile operators, the core networks and aspects of the access network can be shared.

The amendment would prevent operators that heavily use high-risk vendors from being granted rights under code powers. It would therefore send out a clear signal that the Government are serious about following the recommendations of the National Cyber Security Centre, and as a consequence would lead to some monitoring of what is already in place and some reporting of that in order to meet the requirements.

Mr Davies, I am sure you agree—and I hope the Committee agrees—that nothing is more important than our national security. I am equally sure that you will not allow me to set out all the issues raised by the challenges of national security and our mobile networks. I will test your patience by saying that I have been highlighting for years the fact that there is a hole the size of a mobile network in the Government’s cyber-security strategy.

The NCSC says that the market is broken. Well, the Minister will not be able to fix it today, but I do expect him to answer some questions. Will he at least give some practical detail regarding how the recommendations of the National Cyber Security Centre will be implemented? Also, can he confirm that operators that heavily use high-risk vendors will not benefit from code powers, including those enabled by the legislation?

Matt Warman Portrait Matt Warman
- Hansard - -

I once again admire the hon. Lady’s ability to get national security matters into the discussion, as she herself to some extent implied, although her doing so was a lot less gymnastic than her peroration on leasehold. Although today is the first opportunity that we have had to talk about telecommunications since the announcement, there will be a far broader important debate on national security and high-risk vendors. That legislation will, of course, overarch many pieces of legislation, including this Bill.

We have listened carefully to the broad debate, both on high-risk vendors and on the amendment. I know that Members are interested in this matter, following the Government’s decision. In that decision, it was made clear that there will be new controls across the board on high-risk vendors, who will be excluded from all safety-related and safety-critical networks in critical national infrastructure, excluded from the security-critical core network functions, limited to a minority presence of up to 35% in the other parts of the network, and subjected to tight restrictions, including exclusions from sensitive geographic locations.

The Government made the decision on high-risk vendors after considering all the necessary information and analysis from the NCSC, industry and our international partners. It was an evidence-based decision, taken on a comprehensive security assessment, and noting the realities of the telecoms market. Members will be given a full opportunity to contribute to the important debate on high-risk vendors when the relevant legislation is brought before Parliament. However, as I think the hon. Member for Newcastle upon Tyne Central knows, to do so for this piece of legislation risks introducing a degree of incoherence in what is an important debate. We will do it in a coherent, sensible way in due course, and I hope that Members are reassured that the Government remain committed to working with Parliament as a whole to protect our future telecoms network, important though this Committee is.

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Member asks me to pre-empt what will be an important piece of legislation. What I can say is that we will ensure that nothing in today’s legislation could be used to circumvent that broader and more important piece of legislation, because obviously we have to ensure that 35% means 35% in whatever context.

I hope that Members understand that this is a hugely important issue. The Government are intent on doing things in a coherent and sensible way, so that we deal with matters of national security in the appropriate place rather than in a patchwork of measures with bespoke things in such places as this legislation. I therefore hope that the hon. Member for Newcastle upon Tyne Central will withdraw her amendment.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his response. I understand that he is in a difficult position. He talked of a coherent response from the Government, but it is the lack of any coherence in our telecoms infrastructure that has placed us in this position. My deep and real concern is when the Minister says “in due course”. We know that this form of language avoids any precision as to whether something will happen in the next few weeks, months or years. Telecoms infrastructure providers are taking decisions on their equipment suppliers as we speak. Customers and businesses, but also the public more broadly, are concerned about the security of their broadband networks. The Government have said that there will be a plan to ensure that security, but the only detail we have is that it will come forth “in due course”. Will he give a little more precision?

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady asks for coherence, but when I offer it to her she says that she does not like it. It is important to say that guidance from the NCSC is already out there, and the Government are seeking to put that on a statutory footing as soon as possible. The idea that information is not already out there is unfair, not least on the NCSC, which has worked incredibly hard on this. It is now the Government’s role to have a parliamentary debate and put that on the statute book.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for that response. He is right that I am seeking coherence in a plan, rather than coherence in rejecting changes to the legislation. The important point is that the NCSC guidance mainly takes the form of excellent blogs written by the technical director, which are very helpful in many ways but do not go into detail about, for example, what the 35% means in practice, how it will be measured, how it will be enforced, who will regulate it and at what point these enforcement measures will start.

I accept that “as soon as possible” is slightly more enthusiastic than “in due course”, and I recognise the difficult position that the Minister is in. While noting my real concerns that to deliver on our gigabit-capable infrastructure we need greater clarity on the role of high-risk vendors as soon as possible, I beg to ask leave to withdraw the amendment.

Amendment, by leave, withdrawn.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

I do not wish to sound less conciliatory than previously, but those matters are already defined in the Bill. I will briefly go through them, but the definitions that the hon. Lady seeks are already in the Bill, which renders the amendment unnecessary.

First, new paragraph 27B(1)(d) makes it clear that a request notice is a notice in accordance with paragraph 20(2) of the electronic communications code. That sub-paragraph is clear that it constitutes a notice in writing from the operator to a person setting out the code, rights and terms of agreement sought by the operator. The notice states that the operator is seeking the person’s agreement to those terms. In addition, the hon. Lady will know that Ofcom already produces template paragraph 20 request notices to ease the burden. I am confident that the request notice is already defined.

Secondly, the hon. Lady asks about the response. That answer lies in new paragraph 27B(4), which makes provision for how the required grantor—the landlord, as we might say in common parlance—responds to the operator. That provision states clearly two ways in which a landlord can respond: he or she either

“agrees or refuses, in writing”

or

“otherwise acknowledges the request notice in writing.”

That makes it straightforward and transparent for landlords. The amendment risks upsetting that balance by unnecessarily introducing additional regulations.

I am confident that those terms are already defined and I consider that it would be unhelpful for us to make additional requirements.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his clarification regarding the request. I acknowledge that there is detail on requests, as requests have been required previously, as the Minister said. With regard to the response, the term “otherwise acknowledges” is quite broad. Given that the next step is to go to a tribunal, which will incur costs, it would be helpful to have greater clarity on that term.

Matt Warman Portrait Matt Warman
- Hansard - -

The important point is that there has to be a formal response “in writing”. By definition, in responding a landlord ceases to be unresponsive. This legislation aims to deal with unresponsive landlords.

Matt Warman Portrait Matt Warman
- Hansard - -

I come back to my central point, which is that the Bill addresses the problem of landlords who do not respond. Ultimately, it does not confer a right to install equipment against the will of a landlord. Once a landlord engages with the process, they are not considered unresponsive and are not covered by the Bill. Obviously, a landlord has the right to prevent access—either through prevarication or by withholding permission—in almost all circumstances, whether for telecommunications infrastructure or for anything else.

I completely understand what the hon. Member for Newcastle upon Tyne Central is seeking to do, but ultimately the things that she wants defined are already defined on the face of the Bill, and they will clearly not benefit from being separately defined again. It is important that we are consistent with the electronic communications code and, although I sympathise with the hon. Lady’s desire to see broadband rolled out wherever it can be, I ask her to withdraw the amendment.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for his response. He said that the Bill does not confer a right to install equipment against a landlord’s will, and I am concerned that that effectively means that tenants do not have a right to superfast or gigabit-capable broadband, which I would argue is an increasingly important part of modern life. We joked earlier about the difference between access to water and access to broadband, but for many people broadband is an absolutely essential part of their working and social lives, and a forward-looking Government would ensure that citizens have a right to gigabit-capable broadband. Although the universal service obligation confers some rights, it does not deal with recalcitrant or unwilling landlords.

Seema Malhotra Portrait Seema Malhotra
- Hansard - - - Excerpts

Does my hon. Friend agree that there could be a compromise or third way on this? The terms of new paragraph 27B(4)(b)—

“otherwise acknowledges the request notice in writing”—

are superfluous if a landlord is seeking to push action further down the road. If that is an incentive for landlords to engage less positively with those seeking to build networks, would the Minister at least consider reviewing—if not deleting—sub-paragraph (4)(b)? If responses from landlords fall considerably under that option, rather than agreeing or refusing with the reasons that one would expect in a positive dialogue, will the Minister consider whether that option should stay in the Bill?

None Portrait The Chair
- Hansard -

As a matter of procedure, the Minister may wish to respond to the intervention by way of intervention, which I would welcome.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Thank you for that guidance, Mr Davies. I want to emphasise that my hon. Friend makes an excellent point. I am sure that the Minister will agree that the Committee should look for a compromise that allows this important legislation to pass. Landlords may be eccentric and unwilling in their responses, and people’s gigabit-capable broadband should not depend on that. If the Minister is interested in intervening, I will happily give way.

Matt Warman Portrait Matt Warman
- Hansard - -

I am delighted to intervene spontaneously. Essentially we are having a conversation about whether there is a universal right to internet access, and whether that should be something that people can request by one means or another. That concept has been widely explored in many ways. It is surely not right to introduce a universal right of access for people who happen to live in blocks of flats via a small route intended to speed up one process. If we wanted to do that, we would surely seek to do it in a coherent and wide-ranging way, rather than in an incoherent way that I am sure the hon. Lady would criticise at great length.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

That is an interesting response from the Minister, because having coherent legislation—I think the Opposition called it a “digital bill of rights”—was exactly what we sought, in order to protect citizens and offer them the kinds of digital rights that are required in the digital age. We have not had such a response from the Government; we have incoherent and ad hoc legislation. That was one part of the argument being made.

My hon. Friend the Member for Feltham and Heston mentioned another part of the argument. Landlords are individuals, and we have all had experience—I certainly have—of landlords who were eccentric or who responded in ways that were unresponsive. Perhaps it would be a positive step to consider how the legislation works in practice. If unresponsive landlords are an issue, will the Minister at least commit to reviewing the situation?

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Well, I am glad you do not find it strange, because it reflects what I am afraid experience has taught me—that the present generation of Conservatives appears to be willing to sacrifice competition to vested interests. Under the Bill one operator could capture a building, roll out infrastructure to that apartment block and fleece the tenants there for ever—having had the first mover advantage in a block, and/or having installed infrastructure so that other competitors cannot install further infrastructure. Examples of that might be using very small ducts, or taking up all the equipment space in a basement.

The amendment would ensure that tenants could not be locked into a particular operator, by requiring that it should be possible for the infrastructure to be shared easily. It would give Ofcom the duty to define what “easily” means. Having worked for Ofcom, as I have said, I know that that can be done quite easily.

Other countries require shared access to building infrastructure. Has the Minister looked at that? Both France and the Netherlands have a much higher proportion of apartment blocks than we do in the UK. As I am sure Members of the Committee are aware from visiting those countries, proportionately many more people live in apartment blocks, and their approach to broadband regulation has ensured that there is better access for competition through a requirement for infrastructure sharing. Could not the Government take stock of those pre-existing solutions, just across the channel, to respond to some of our competition concerns?

Ofcom is taking steps to promote infrastructure competition in what is known as ducts and poles. At this point I should probably declare another interest, in that I was responsible for Ofcom’s 2009 survey of the availability of duct and pole infrastructure. I hoped that it might be taken up a little more quickly than this. Companies laying high-speed fibre cables for broadband and mobile networks may benefit from greater access to Openreach’s telegraph poles and underground tunnels under decisions announced last year by Ofcom, so I would like the Minister to confirm whether similar ease of access can be a part of the Bill. The opportunity to let rival companies access the new buildings when a company such as Openreach provides access represents a real opportunity to increase competition in the market and avoid operator lock-in for what is an essential utility, as the Minister has said. Will the Minister confirm, therefore, that in the spirit of recent Ofcom initiatives we can also extend the scope of the Bill?

Matt Warman Portrait Matt Warman
- Hansard - -

I can return to my conciliatory tone, in the sense that in this case we are interested, through both Ofcom and the Department, to see what can be done on infrastructure sharing. The hon. Lady is right that it is potentially a hugely important initiative, and I enjoyed her account of her 2009 duct and pole work; but she is also right to say that the work is still ongoing, because it is a hard thing to do and it is important that we take a coherent approach to it. In that spirit, I am afraid I would argue that we should be coherent in our approach to infrastructure sharing across the piece, rather than simply introducing a separate regime for people living in multiple dwelling units.

The Bill aims to support leaseholders to access the services they request from the providers they want. It already ensures that leaseholders are not per se locked in to services provided by a single provider; nothing in the Bill prevents a leaseholder with an existing gigabit-capable connection from one service requesting an alternative network to come in and request code rights as well. The Government cannot and should not compel independent commercial companies to alter the way they choose to deliver their services unless there is evidence that a problem exists. That problem is one that we are looking at more broadly.

Far from improving competition in access to gigabit services, the amendment may actually have the unintended consequence of doing the opposite. As the hon. Member knows, much of the cost of connecting premises is in the initial installation. The amendment could therefore seriously undermine the case for operators to make that initial installation, as they risk being undercut by second or third movers who would not have to bear the same costs. Forcing network builders to deploy in a way that allows competitors easy access is likely to benefit only the largest players in the market.

While I sympathise with the aim of the amendment, I do not think the hon. Member seeks to entrench the position of any one large operator further. Part 3 of the code already provides for operators to be able to upgrade electronic communication apparatus and to share use of such apparatus with another operator, should they wish.

The hon. Member might alternatively be seeking to test our thinking about the terms of what an agreement to be imposed might look like. It is worth saying that the process of that agreement is dictated in paragraph 27E(6) of the code, which makes it clear that before we make regulations in relation to the terms that she has discussed, which will be under the affirmative resolution procedure, we must consult interested parties, including operators. The Bill already envisages that the views of interested parties such as other operators will be invited before the details of a regulation are made.

I hope that the hon. Lady understands that we are looking at this more broadly, that we are seeking to do it in the coherent way that I know she is so keen on and that we are going to look at making sure that that is fair and compatible with our other approach. It would surely not be right potentially to restrict the advantage of investment in a particular MDU in a way that could actually discourage that investment in the first place and leave people stranded without the broadband that the whole Bill is intended to produce. With that in mind, while I sympathise with what the hon. Lady is seeking to do, I hope she understands that what she is proposing does not actually do what she seeks to do and could hold back some of the progress that we seek to make with the Bill. I ask that she withdraw the amendment.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I want to continue in the conciliatory tone that the Minister has returned to, so I start by saying that I welcome his clarification that nothing in the Bill prevents a tenant who already has a broadband service from making a request for another broadband service and so invoking the code rights that the Bill gives. I know that that will be welcomed by tenants who have an unacceptable service or receive bad customer service, of which there are unfortunately far too many.

I welcome that clarification, but I cannot be so welcoming of the rest of the Minister’s speech, which raises many issues of competition and economics within the telecoms network sector, with which I am very familiar. When he says that the amendment would not do what I am looking to do, I am afraid that we will have to agree to differ on that. I find it strange that I should say this to him, but the key difference is that Opposition Members do not believe that there is a contradiction between investment and competition, which was the implication of his comment that the amendment, by opening up access to competitors, might chill investment. All the evidence shows—I again refer him to Labour’s example of unbundling local loop—that competition drives investment; it does not chill investment.

I think the Minister was trying to say that a small operator looking to put infrastructure into a 100-apartment block would do so only if it knew that it had exclusive access to that building for a number of years, to recoup its investment, which means that he acknowledges that tenants of that block would likely be locked into using that operator. However, smaller operators could benefit from having easy access to infrastructure installed by larger operators.

On that basis, the Minister’s comments do not reassure me. I gently say to him and the Government that saying that we cannot take measures now because at some point in the future we will have a coherent framework is partially what got us into this position of incoherent ad hoc responses to legislation that is obviously obsolete. While we cannot solve all problems with this legislation, we can at least help to solve problems for tenants and leaseholders in apartment blocks by ensuring greater opportunities for competition. As such, I will press my amendment to a Division.

Question put, That the amendment be made.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I am disappointed that the Minister has not seen fit to accept any of the amendments that we have put forward.

Matt Warman Portrait Matt Warman
- Hansard - -

I accept the spirit.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

The Minister indicates from a sedentary position that he has accepted the spirit, and I welcome his conciliatory tone in that respect. I hope that the clause will achieve its objectives by making it easier for telecoms operators to gain access in order to deploy gigabit infrastructure. I remain convinced that this will not do much to make up for the time lost in deploying gigabit-capable infrastructure and that, in rejecting our amendments, the Minister has lost an opportunity to improve the Bill. However, we accept that the Bill is positive and will support the clause.

Question put and agreed to.

Clause 1 accordingly ordered to stand part of the Bill.

Clause 2

Related amendments

Question proposed, that the clause stand part of the Bill.

Matt Warman Portrait Matt Warman
- Hansard - -

Clause 2 is a brief but important clause that introduces the schedule that makes related amendments to two pieces of legislation to complement the Bill. That legislation is the Communications Act 2003 and, contained within it, the electronic communications code and its related jurisdiction rights.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I rise simply to say that we are happy for clause 2 to stand part of the Bill.

Question put and agreed to.

Clause 2 accordingly ordered to stand part of the Bill.

Schedule

Related amendments

Matt Warman Portrait Matt Warman
- Hansard - -

I beg to move amendment 2, in the schedule, page 9, line 17, at end insert—

“(10A) In paragraph 95(1), after paragraph (a) insert—

(aa) in relation to Wales, the First-tier Tribunal, but only in connection with proceedings under Part 4A;”.

This amendment is consequential on Amendment 3.

Matt Warman Portrait Matt Warman
- Hansard - -

At its heart, the Bill is about making it faster and cheaper for digital infrastructure providers to seek rights to install their services in leasehold properties. The Bill is also concerned with not permitting consistently unresponsive landlords to stand in the way of receiving the connectivity that households need. The Government have tabled three amendments that respond to helpful suggestions, first made by the senior judiciary of both the first-tier and upper tribunals. Our amendments also respond to the welcome interventions made by hon. Members on Second Reading—I am glad to see some of those Members here today.

Without these amendments, applications would commence in the upper tribunal in England and Wales and the Lands Tribunal for Scotland, and would be dealt with in the county court in Northern Ireland. Commencing cases in the upper tribunal is a reasonable route, because it aligns the new process with the electronic communications code. The process still works in principle, but we should also ensure that it works as well as possible in the real world to deliver the faster, cheaper outcomes that we seek. We continue to be mindful that, with up to an estimated 2,650 cases per year in England and Wales, we need to hear cases at the most appropriate level.

Presently, the upper tribunal hears cases and makes determinations in respect of disputes concerning the interpretation. As such, the Government need to continue to work with that tribunal and its equivalents elsewhere. The need to ensure that the upper tribunal has the capacity to deal with the part 4A applications was raised on Second Reading. The matter has also been the subject of discussion between my officials and their counterparts at the Ministry of Justice, as well as senior members of the judiciary from the relevant chambers of the first-tier and upper tribunals.

The number of part 4A cases is estimated to be significant. The upper tribunal, with just two judges, would not have the bandwidth to deal with that volume of cases, regardless of the fact that the applications are expected to be relatively straightforward. While the process as drafted continues to work in principle, therefore, in practice we agree with the representations that we have heard that placing an additional burden on the upper tribunal would not necessarily provide us with the resources that we need. We are grateful to senior members of the judiciary from the first-tier and upper tribunals with whom my officials met.

In the light of those considerations, the amendments provide for applications for part 4A orders to commence in the first-tier tribunal in England and Wales and the sheriff court in Scotland. I hope that Committee members agree with that important change. In comparison with the small number of judges that I mentioned, 15 salaried judges and an additional 125 fee-paid judges sit in five courts across England, and 142 sheriffs preside over 39 courts in Scotland, so the change significantly increases the resources available and addresses some of the concerns expressed, sensibly, by hon. Members from both sides of the House on Second Reading. I am glad that we have found a sensible way forward that increases the resources available. It is a sensible and pragmatic move that has a significant effect but does not alter the principle of the Bill.

New clause 1 proposes that a report be made to make it clear that we have the necessary resources. As I said, we are confident that applications for part 4A orders will, in due course, be heard on the papers—without the need for an oral hearing—and our intention is for the process to be as low in burden as possible. Of course, we will monitor the resourcing of the first-tier tribunal to ensure that it has the capacity to dispense with those cases. Ultimately, that information can be obtained in a number of ways, such as by tabling parliamentary questions or through the fact that the proceedings are public.

Again, we sympathise with the intentions of the hon. Member for Newcastle upon Tyne Central, but it is clear from the amendments tabled in my name that we are already addressing the substance of what she asks. Ultimately, the information that she seeks is already widely available in equivalent cases and will continue to be in future, so introducing an additional administrative burden would neither provide more information nor be a sensible use of resources. I hope that she will withdraw the new clause in that spirit.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

It is a pleasure to respond positively, and not just in spirit but in practice, to the Minister’s amendments. They respond to concerns that we raised on Second Reading and those raised by others about increasing resources. The number of judges available to consider those requests and cases leaves much to be desired. Hopefully the Government’s amendments will make the limited scope of the Bill more effective, so we are happy to accept them.

New clause 1 responds to that by acknowledging that our judiciary is under severe strain at every stage. The new clause is designed with accountability and transparency in mind, so that we can see the impact of the new legislation on the resources available. The legislation sets out new legal functions. As with all good legislation, we must ensure that the new mechanisms are robust and well-resourced to ensure that the legislation does what it is meant to do, and does not fail when it makes contact with reality.

The new clause would require a report on resources to deal with proceedings arising under part 4A of the code be prepared and published within six months of the Act receiving Royal Assent. It aims to ensure that we see the impact on our judiciary. Although the information may be available, I am sure that the Minister is aware that nothing concentrates minds as much as laying a report before Parliament for scrutiny by right hon. and hon. Members. That gives an opportunity to see how the legislation works in practice. I am sure the Minister is proud of the legislation and the impact it will have, so he must welcome the opportunity to speak to that in the House.

We do not have an impact assessment for this legislation. It is a short Bill, but that does not mean that its impact may not be important. When I spoke to operators, they estimated that it might cost around £30,000 to take a request through the tribunal. That is their estimate—I have not seen any Government figures to confirm whether they consider that to be high or low, but that would have been a welcome part of an impact assessment. The sum of £30,000 for a tribunal to access an apartment block with 10 apartments means an additional cost to the operator of £3,000 per customer. That has an impact on the business case for that investment in the first place.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

To clarify, I am not including the cost of investment. From talking to operators, on top of the cost of applying they will have lawyers’ fees and internal costs. Those are the costs that I have been told about—not the cost of the infrastructure, but the cost of going to tribunal for an organisation, as part of its daily operating costs.

Matt Warman Portrait Matt Warman
- Hansard - -

None the less, the legislation cuts a tribunal process from several tens of thousands of pounds to a £500 fee, which is indisputably a significant reduction.

The hon. Lady talked about focusing the minds of Ministers. I would say gently that parliamentary questions, oral questions and indeed Westminster Hall debates also focus minds. I look forward to celebrating the success of the Bill through that means, rather than through the proposal set out in the new clause.

Amendment 2 agreed to.

Amendment made: 3, in the schedule, page 9, line 22, leave out paragraphs 4 and 5 and insert—

“4 The Electronic Communications Code (Jurisdiction) Regulations 2017 are amended as follows.

4A In regulation 2(1) (interpretation), after the definition of “the code” insert—

‘“Part 4A proceedings” means proceedings under Part 4A of the code;’.

4B (1) Regulation 3 (conferral of jurisdiction on tribunals) is amended as follows.

(2) The existing text becomes paragraph (1).

(3) In that paragraph—

(a) in the words before sub-paragraph (a), after “Subject to” insert “paragraph (2) and”;

(b) for sub-paragraphs (a) and (b) (including the final “and”) substitute—

“(aa) in relation to England and Wales, the First-tier Tribunal and the Upper Tribunal, and”;

(c) omit the words after sub-paragraph (c).

(4) After that paragraph insert—

“(2) Functions are exercisable by the First-tier Tribunal under paragraph (1)(aa) only—

(a) in connection with relevant proceedings in relation to England that have been transferred to the First-tier Tribunal by the Upper Tribunal, and

(b) in connection with Part 4A proceedings (whether in relation to England or Wales).

(3) Any provision of the code which confers a function on the court is, to the extent that the function is exercisable by a tribunal under this regulation, to be read as if the reference to the court included reference to that tribunal.”

4C (1) Regulation 4 (jurisdiction for commencement of proceedings) is amended as follows.

(2) In the heading, for “relevant” substitute “certain”.

(3) The existing text becomes paragraph (1).

(4) After that paragraph insert—

“(2) Part 4A proceedings must be commenced—

(a) in relation to England and Wales, in the First-tier Tribunal, or

(b) in relation to Scotland, in the sheriff court.”

5 The amendments made by paragraphs 4 to 4C do not limit the provision that may be made by regulations under paragraph 95 of the code.” —(Matt Warman.)

This amendment provides that proceedings under new Part 4A of the Code must be commenced in the First-tier Tribunal (in relation to England and Wales) or in the sheriff court (in relation to Scotland), instead of in the Upper Tribunal or the Lands Tribunal for Scotland respectively.

Question proposed, That the schedule, as amended, be the schedule to the Bill.

Telecommunications Infrastructure (Leasehold Property) Bill

Debate between Matt Warman and Chi Onwurah
2nd reading & 2nd reading: House of Commons & Programme motion
Wednesday 22nd January 2020

(4 years, 2 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Gentleman is right that effective competition is absolutely essential to rolling out broadband in the best possible way. I have seen for myself in Dundrum and Belfast a whole host of really excellent work in Northern Ireland, demonstrating not only that it can be done but that it can be done at an even more efficient price than in some parts of the rest of the United Kingdom. Good work is going on that promotes competition. The role of the Government is, of course, to make sure we get maximum value for money across the whole of the United Kingdom.

I pay tribute to both the new Members who spoke for the first time. My hon. Friend the Member for Totnes (Anthony Mangnall) asked us to reimagine what a significant encounter might look like, but, more seriously, elsewhere demonstrated the depth of knowledge and breadth of expertise that he brings to this place. His constituents are lucky to have him, even though he is neither a communist spy nor a mystic—to our knowledge. Just as the Bill represents a significant upgrade for broadband in this country, my hon. Friend is an upgrade on communist spies and mystics, so we pay tribute to him.

I also welcome my hon. Friend the Member for Bury South (Christian Wakeford). He was initially somewhat disparaging about the Bill, and I was worried. But he showed genuine expertise on the topic as well as on antisemitism, one of the most challenging issues of our age. I also pay tribute to his courageous predecessor. I know from his funny and down-to-earth speech that he will be a worthy Member of this place.

Finally, my hon. Friend the Member for Bishop Auckland (Dehenna Davison) said that she had seen two new Members becoming initiated into full involvement in this place; I should say that full involvement comes when one colleague like her says something nice about me while another—who I shall not name—heckles to say that she is probably wrong. Welcome to politics. My hon. Friend is of course right to say that the Bill introduces things that will make a real and meaningful difference—not just in urban constituencies, but across the country. People are living in multi-dwelling units and blocks of flats in all our constituencies.

I am also, of course, happy to discuss some of the other issues that various Members raised in this debate. Some of those will come out in Committee. I was grateful to receive applications from a number of Members to serve on the Bill Committee—we will try to ensure that they do not regret it. It will be an important piece of legislation and I am grateful to them for their expertise in this debate and beyond.

To conclude, I am sure that we can continue to work together across the House to bring this important Bill into law as soon as possible, and on the other legislation that forms the building blocks of a comprehensive plan to deliver gigabit-capable networks across this country.

We are bringing this Bill forward first because it allows us to crack on with a plan that we would otherwise have to deliver by waiting for a single, larger piece of legislation. The Bill allows us to address some aspects of a broader challenge, and we will get on with the rest of the plan as soon as possible.

Matt Warman Portrait Matt Warman
- Hansard - -

I look forward to encountering the hon. Lady across the Dispatch Box—it would be mean not to give way to her.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I was pleased to hear the third or fourth reference, I think, to a plan. Will he share with us when he will publish the plan for gigabit-capable broadband delivery?

Matt Warman Portrait Matt Warman
- Hansard - -

We will, of course, be talking much more extensively and consulting on various aspects of the plan, which the hon. Lady will see emerge in good time. We are genuinely keen to be collaborative on many aspects of the Bill, because it is good to see cross-party support for a Bill that we all acknowledge is important. We hope to be able to do the vast majority of any legislation with cross-party support, because that is the right thing to do.

Government Members care passionately about this issue, and I am sure that the same spirit will continue as the Bill makes its passage through the House. This is a real contribution to the agenda of levelling up across the country and bringing digital infrastructure to every school, home and classroom in a way that allows all our constituents to benefit from the infrastructure that they deserve, and from a digital revolution that this Government will foster.

Question put and agreed to.

Bill accordingly read a Second time.

Telecommunications Infrastructure (Leasehold Property) Bill (Programme)

Motion made, and Question put forthwith (Standing Order No. 83A(7)),

That the following provisions shall apply to the Telecommunications Infrastructure (Leasehold Property) Bill:

Committal

(1) The Bill shall be committed to a Public Bill Committee.

Proceedings in Public Bill Committee

(2) Proceedings in the Public Bill Committee shall (so far as not previously concluded) be brought to a conclusion on Thursday 6 February 2020.

(3) The Public Bill Committee shall have leave to sit twice on the first day on which it meets.

Proceedings on Consideration and up to and including Third Reading

(4) Proceedings on Consideration and any proceedings in legislative grand committee shall (so far as not previously concluded) be brought to a conclusion one hour before the moment of interruption on the day on which proceedings on Consideration are commenced.

(5) Proceedings on Third Reading shall (so far as not previously concluded) be brought to a conclusion at the moment of interruption on that day.

(6) Standing Order No. 83B (Programming committees) shall not apply to proceedings on Consideration and up to and including Third Reading.

Other proceedings

(7) Any other proceedings on the Bill may be programmed.—(Mr Marcus Jones.)

Question agreed to.

Oral Answers to Questions

Debate between Matt Warman and Chi Onwurah
Thursday 16th January 2020

(4 years, 2 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Matt Warman Portrait Matt Warman
- Hansard - -

My hon. Friend is right that notspots are by no means confined to rural areas. Through the Government’s voucher scheme, we are covering all of the country, and the 2025 commitment to gigabit broadband remains. The crucial issue is the universal service obligation, of which she will be aware. Fifteen per cent. of her constituents get less than the 10 megabit limit. They will benefit from that later this year.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

This is my first questions session shadowing the Digital Minister, who, as a former tech journalist, knows something of his subject—and as a former telecoms engineer, so do I. We both know that in towns, villages and cities, everyone is suffering the consequences of a wasted decade. Under Labour, we rolled out first-generation broadband to half of all homes within a decade. But today, full-fibre broadband only reaches a mere 10% of homes, and we languish at the bottom of all the international tables. The Prime Minister has promised full-fibre broadband for everybody in five years. Does the Minister have a plan for that? Who will be delivering it? How much will it cost? Will it really be fibre or just gigabit capability—or are Big Ben’s bongs the only telecoms infrastructure that he can plan for?

Matt Warman Portrait Matt Warman
- Hansard - -

As an engineer, I think the hon. Lady will know that a bell is not telecoms infrastructure, but we will leave that to one side. The important issue that she raises is one on which there is some cross-party agreement. We are completely committed to rolling out gigabit-capable networks across this country. That means building on the work of the superfast programme to ensure that we deliver the infrastructure needed across the country. The plan for that will come forward. I hope she will welcome the news that, immediately after questions, we will be heading to No. 10 to meet the broadband providers, to ensure that the industry can come together to deliver the best possible infrastructure, which this country needs.

Online Pornography: Age Verification

Debate between Matt Warman and Chi Onwurah
Thursday 17th October 2019

(4 years, 5 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Urgent Questions are proposed each morning by backbench MPs, and up to two may be selected each day by the Speaker. Chosen Urgent Questions are announced 30 minutes before Parliament sits each day.

Each Urgent Question requires a Government Minister to give a response on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Matt Warman Portrait Matt Warman
- Hansard - -

I am afraid I am too young to recall precisely the experience to which my right hon. Friend refers—and I am sure he was speaking on behalf of others, rather than himself. However, he is absolutely right that what is out there on the internet now pales into insignificance compared with everything that was printed for newsagents. That is precisely why we have to go so much further.

Chi Onwurah Portrait Chi Onwurah (Newcastle upon Tyne Central) (Lab)
- Hansard - - - Excerpts

For the Minister to say that he will wrap up childhood protection in the online harms legislation is not even a fig leaf to hide the fact that his Government are absolutely naked when it comes to a robust legal framework that deals with privacy, data, age verification and identity. We need measures that put in place protection for children online, not that kick in after they have already been exposed. What is he doing to ensure that children have the same rights online as they do in the real world?

Matt Warman Portrait Matt Warman
- Hansard - -

I think what the hon. Lady is saying is that in many ways prevention is better than cure, and that is why the online harms approach will place a duty of care on website operators to make sure they have to take a preventive approach.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

indicated dissent.

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady shakes her head as though I have misunderstood her question. I am very happy to talk to her outside the Chamber to try to give her a better answer if she wants one.

Internet of Things: Regulation

Debate between Matt Warman and Chi Onwurah
Thursday 3rd October 2019

(4 years, 5 months ago)

Westminster Hall
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.

Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

My hon. Friend, who is a great champion of innovation and technology—coming from the constituency that he represents, it is appropriate—makes a critical point. I could not have put it better. Although this debate is about regulation of the internet of things, it is impossible to talk about protection and security in the internet of things without talking about the data that is its lifeblood: the flows of data that both drive and enable the internet of things. We are in a confused state about who owns and controls the data and how it can be shared. The Government, for example, had at the last count at least 80 different ways of sharing data with themselves. As long as that is the case, we cannot have real security or integrity within the internet of things.

Last year the Government finally took some action with their Secured by Design voluntary code of practice on the security of the internet of things, as well as guidance for consumers, which was later codified as ETSI TS 103 645. In May this year, the Government announced a consultation on the introduction of some mandatory legislation on labelling. For example, retailers would have to label internet-of-things products as complying with varying levels of the Secured by Design code. Labelling is necessary because the Government will not decide what is secure and make it mandatory—if everything were secure, it would not need to be labelled. We await the outcome of the consultation. However, there are at least five major issues, and many others besides.

First, the tone of the consultation is, “Regulation is very, very bad and stops innovation, so let’s just have as little as possible.” Secondly, there is no enforcement or sanction. Thirdly, while some mandatory requirements are proposed, they would simply be a declaration of adhering to standards. That approach puts a major emphasis on the consumer to understand these increasingly complex problems and does not account for the use of the devices in public spaces.

The fourth major concern is that the regulations deal only with consumer things. The clue is in the name: it is an internet of things. We need an architecture of standards and a regulatory framework that enables security and interoperability across the internet and also considers the lifeblood of the internet of things—data. Fifthly and finally, there are billions of insecure old-generation IOT devices already enmeshed in our digital infrastructure. The regulations do nothing to address them.

The Government need to recognise that technology is not something that happens to us; it is something that we actively participate in, or should do. That does not mean stifling innovation. Instead, it means using Government influence to look forward to the impact of technologies and to shape them for the public good. The Government must understand technologies in terms of social purpose, rather than just profit margins. That must be done with the tech sector, but the Government must recognise that it is their job to protect the interests of the people. During the first and second industrial revolutions, it was the trade unions, organised workers, the nascent Labour movement, feminists, abolitionists and former slaves who pushed law makers into putting legislation in place that would direct the use of technology to more egalitarian ends. I fear that it will be for a Labour Government to ensure that that is what happens here.

Technology can be used for good or ill. My hope is that intervening now to set up a framework for data and the IOT will mean that we do not face problems and resistance further down the line.

Last year, I was at CES, which is the largest computer electronics show in the world, in Las Vegas. An American start-up literally begged me to put in place security regulations for IOT devices, so that it could compete on a level playing field with the cheap but totally insecure exports from less reputable manufacturers. It is cheap and, frankly, lazy to set up a sort of binary choice between regulation and innovation. A clear regulatory framework and strong governance allows good companies that are making socially useful products to succeed without markets being flooded with poor quality and potentially dangerous products that threaten security.

I want to say a little on Labour’s plans as I understand them—I know that the shadow Minister, my right hon. Friend the Member for Birmingham, Hodge Hill (Liam Byrne), will set them out in more detail—and I want to put that in context. I am a technology evangelist. Before becoming an MP, I worked all over the world building out the networks that now form the internet. One of my proudest moments was when I rolled out the first global system for mobile communications network in Nigeria and saw how mobile communications could really make a positive difference to people’s lives. Fisherman in the delta could now know the market price in Lagos and could not be cheated out of the right price for their fish; pregnant women could phone for a doctor instead of having to send vital requests on foot, which took hours. The internet of things will bring more and better benefits.

I have also seen the flip side of new technology. When I worked for Ofcom, I was asked to report to the board on internet security in 2005. When I came back with stories of bot attacks, honey traps, distributed denial of service, white hat wizards, Trojans, worms, phishing and pharming, it was as if I was describing a war in a galaxy far, far away. More than 10 years on, however, those threats are very real. They are part of everyone’s daily lived experience. Online fraud is the most common crime in the country, with almost one in 10 people falling victim to computer misuse or one sort of fraud or another. The same may happen with the internet of things—in fact, to an even greater extent—and we must not allow that.

I talk about the internet of things for everyone, because I believe that technology can be democratising and enabling, but just as cyber-crime seemed so foreign only a decade ago, we do not yet fully understand the new risks posed by the internet of things. To fully realise its benefits, we need to be able to deal with the increasingly pervasive security threats it presents. To address them, we need regulation as well as action in other areas. For example, we need to invest properly in skills and adult learning to help people to become digitally literate citizens. Labour’s pledge to create a free truly universal national education service, the NHS for the innovation age, will help everyone to become part of an innovation nation in which everyone is a creator, not simply a user, of technology.

We also need the power of Government to address our creaking infrastructure, and close the productivity gap at the same time, by enabling businesses across the country to invest in the internet of things. Our national transformation fund will do what it says on the tin—transform our infrastructure to bring it up to OECD levels.

We need to address a critical part of the tech sector that I referred to earlier, which is a lack of diversity. Diversity is not an optional add-on; it is an economic imperative. It needs to be at the heart of economic and technological policy, because we cannot build a more prosperous economy without making use of everyone’s talents. We need a more comprehensive sector-wide approach to diversity, particularly in the tech sector. It is key that the creators of new applications for the internet of things come from diverse backgrounds, so we have technologies that work for all and make use of the full array of talent in our society.

Finally, an internet of things requires the right digital rights and responsibilities to exist across our nation. That is why Labour plans to introduce a bill of digital rights that will provide strong and easily understood protections for citizens and will give us all rights and control over our own data.

As I draw to the end of my comments, I want to make sure that the Minister understands the questions that I am asking, so I will list the ones to which I would like him to respond. First, as I have mentioned, who owns and controls the data flowing to and from internet of things devices? Why is it not the people who are generating the data? The Prime Minister said that data is the new oil, but we have seen what the corruption around the oil industry did to many developing economies. Our citizens deserve to be in control of their own data.

Secondly, what steps is the Minister taking to ensure that insecure internet of things devices cannot be sold? Thirdly, will the provisions of the online harms legislation, specifically the duty of care, apply to the internet of things? I asked his predecessor that question, but the answer was not clear. Fourthly, when the internet of things is combined with facial recognition to monitor people, whether in education or on our streets, what requirements are there on consent? Fifthly—this was raised by TechNorthWest—internet of things devices take data for one stated purpose. What prevents its being used for various others? How does consent work in that case? Is the general data protection regulation sufficient?

Sixthly, I believe that all our critical national infrastructure is connected to the internet of things. I have mentioned the blackouts in Ukraine and attacks on an Iranian power station. What regulation is there of the internet of things in critical national infrastructure?

Seventhly, what analysis has been made of how the Government should respond to the misuse of internet of things devices? What scenarios are being considered and what plans are in place?

Eighthly, for the purposes of internet of things regulation, what is the nature of the relationship between the Department for Digital, Culture, Media and Sport, the National Cyber Security Centre, the Cabinet Office and the Information Commissioner’s Office?

I expect the Minister to respond to the five criticisms of the current consultation.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

We have an hour and a half, which will be more than adequate. I should perhaps have said that the Minister has a background in technology, as a tech correspondent, so I am sure that he has the answers to all the questions.

--- Later in debate ---
Matt Warman Portrait The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
- Hansard - -

I begin by saying that I will not intrude on the private grief of where the industrial revolution began; I am certain that it did not begin in Skegness, so I have no dog in the fight. I congratulate the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) on securing the debate. I well remember the work that we did together in the parliamentary internet, communications and technology forum—PICTFOR—and in other forums.

The hon. Lady says that she is a tech evangelist, and so am I. Although I regret the tone of some of her comments about some aspects of the Government’s policy, I think we agree that there is not a huge amount of partisan disagreement on many of the issues. We want to get it right. The right hon. Member for Birmingham, Hodge Hill (Liam Byrne) and I also agree on a huge number of issues, as he said, particularly around discrimination and what we should do to ensure that the well-known principles that exist in the offline world persist online. I hesitate to use the slogan, but we too want technology to work for the many, not the few.

I will begin by seeking to answer some of the questions of the hon. Member for Newcastle upon Tyne Central, which might be a novel approach, although I am sure she will not be satisfied with all the answers. In many ways, as she identified, this is a debate about data, not the internet of things. On the principle of who owns the data, the general data protection regulation applies to data controllers in exactly the same way whether they are processing data that derives from the internet of things or anywhere else, so the principles that we all subscribe to, of the consumer owning their data, should persist. That is a hugely important starting point, and we should acknowledge that there is agreement on it. The hon. Lady frowns as if she disagrees, so I invite her to intervene.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for the tone of his opening comments. It is certainly true that there are many areas on which we agree. The reason for my frowning is the idea that the GDPR recognises the right of ownership of consumers or citizens. The fact that there is a data controller who is not the citizen or consumer suggests that it does not. As I have said, the GDPR is progress, but issues of ownership and control are still far from clear. My right hon. Friend the Member for Birmingham, Hodge Hill (Liam Byrne) made some excellent points in this area.

Matt Warman Portrait Matt Warman
- Hansard - -

The hon. Lady pre-empts my next point: all of this is predicated on consent. The consumer has to understand that they are giving up their data for a particular purpose and a particular benefit. As the hon. Member for Dagenham and Rainham (Jon Cruddas) said in what was a fascinating speech—albeit one where I wondered if I had at times transcended, if not humanity, at least this debate—these are fundamental issues that have effects far beyond what we might think of in an arcane debate about the ownership of data. I commend the approach that says we are dealing with issues that go far beyond a debate about technology, which will have an impact on huge aspects of humanity itself, whether we get them right or wrong. That is why it is important to consider them in that wider way.

The hon. Lady was right to point out that, in some ways, the internet of things represents a whole new chapter of how technology is becoming more common in our homes and making our lives easier and more enjoyable, but potentially also more fraught with decisions that we need to be aware we are making. I will trump the hon. Lady’s numbers: Statista says that by 2025, there will be 75 billion internet-connected devices worldwide—I am sure other analysts are available to provide even higher numbers. In our estimates, that translate to some 15 devices per household by next year. The internet of things is very real; it is already with us.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - -

The right hon. Gentleman raises a lot of points in one short paragraph. I understand what he accuses me of seeking, when he speaks of having it both ways. Actually the services that are offered digitally, ostensibly free, are different from services in a physical world where we might talk about the kind of monopoly that he has mentioned. In that sense, all he is doing is underlining why we need to get things right, in a way where the digital challenges are understood, without reinventing the wheel and pretending that all online challenges are necessarily different from those in the physical world. It is an emerging picture, which is why I refer back to the technology innovation strategy that we published in June 2019 and that includes new measures, such as the Spark procurement programme, to enable Government and the wider public sector to benefit from new digital technologies and the service that can be provided by stimulating the UK’s world-leading tech sector. It is also why we set up the Centre for Data Ethics and Innovation, which will allow us to consider how we might best benefit from those opportunities and ensure that we seek not to design in the kind of prejudices that the hon. Member for Newcastle upon Tyne Central mentioned. One of its first papers is on smart speakers and voice assistants and on how industry and Government can work together to ensure that the products do what they are supposed to and that users consent to them.

We should also be mindful that the 75 billion devices, or however many there turn out to be, will have a physical environmental impact. I am therefore pleased that as part of its resources and waste strategy, the Department for Environment, Food and Rural Affairs has committed to updating the existing guidance for local authorities on managing the collection of smart items and similar electricals. That might sound like a minor point, but it is probably less minor than others.

The hon. Lady mentioned the Prime Minister’s speech at the United Nations General Assembly. I am not delivering the rhetorical flourishes that he delivered late at night at the UN, but it is important to say that he made that speech in that location because this country is already a world leader in this area in so many ways. It is right that our Prime Minister is addressing these issues and the legitimate public concern.

It is also right that, as several hon. Members have mentioned, when we seek to regulate in this area and on online harms, we in this country and across the parties should be proud that the UK is a liberal democracy that seeks to lead the way. We have an opportunity to shape a global debate, as my Opposition counterpart, the right hon. Member for Birmingham, Hodge Hill, observed.

In some ways, the greatest thing we can do is use Britain’s status in this area and on the world stage to try to develop global standards. The hon. Member for Newcastle upon Tyne Central mentioned those of the ETSI, which in its way is world-leading: it seeks to produce standards that can be replicated or mirrored globally, addressing some of the coherence that risks arising in the area. She says that we are not providing leadership and quotes the Prime Minister’s speech, but I say that his speech demonstrates the existing status of Britain’s leadership in the area already. If I am being kind to her, although we disagree on several minor issues, I should say that she too would agree that Britain has a huge opportunity to capitalise on its place in the world on this issue.

In June, we published a White Paper, “Regulation for the Fourth Industrial Revolution”—we are sticking to that number, although I understand that there is a dispute over whether it is correct. It confirms that the Government will establish the regulatory horizons council to identify the implications of precisely the sort of technological innovation that the hon. Lady spoke about, and to advise the Government on regulatory reform so that we can take exactly the kind of steps that she highlights.

In that process, security should not be an afterthought; it has to be embedded. Thus far, we have taken the approach of working with industry, and industry is now saying to Government—the hon. Lady will have heard these calls as well—that greater clarity, particularly in regulation, will help consumers and the industry itself. Many of the internet-connected devices that are currently on the market still lack even the most basic cyber-security provisions. Some 90% of 331 manufacturers that supply the UK market and that were reviewed in 2018 did not use a comprehensive vulnerability disclosure programme up to the level that we would expect; I think that hon. Members on all sides would agree that that is unacceptable. Organisations have a duty of care to their customers, to help make sure that they can access and use their internet-connected products safely.

Although Government have previously encouraged industry to adopt a voluntary approach, it is now clear that decisive action is needed to ensure that stronger cyber-security is built into these products by design. That is why we launched our consultation on secure consumer IOT in May. That consultation built on the extensive work to which I have referred. It allows us to talk about minimum security principles for connected devices, which my Department elaborated on in the document published last year. Our focus will be on ensuring that there is a baseline of cyber-security built into all consumer IOT products by design, to eliminate the most harmful practices.

These are, I freely admit, low-hanging fruit. We wish we did not have to tackle issues such as forbidding the use of universal default passwords, ensuring that manufacturers provide a contact point for security researchers, and making sure that consumers are informed at the point of sale of the minimum length of time for which security updates are provided for their device. Those measures address some of the issues raised by the hon. Member for Newcastle upon Tyne Central, and we would like to go further in due course. We will respond on what that will look like as soon as possible after the consultation.

We are advocating a staged approach to enforcing those principles through regulation. Obviously, there is always a balance to be struck between regulation and legislation, and in this case I think it will be a bit of both. We will publish the formal response to our consultation on the regulatory approach later this year, but we are mindful of the urgency of this work. Our approach must keep pace with the technological change identified by the hon. Lady. We have said that we will review the code of practice every two years. The development of the code of practice may not sound exciting, but as the hon. Lady acknowledged, and as the hon. Member for Dagenham and Rainham said, these things are hugely far reaching, even if they do not sound as exciting as some people might wish, because then they would attract the attention they perhaps deserve.

There is major business support for our approach, including from the signatories to the cyber-security tech accord. I always hesitate to say “major business support”, because businesses will not always necessarily greet with enthusiasm the actions of a sensible regulator. Some would say that this is a sign of success. We will develop the strategy, but ultimately the security of the internet of things is a global challenge and it requires a global effort to get it right and to shape those norms.

In February 2019 we worked closely with international standards bodies and the National Cyber Security Centre to make sure that we publish the ETSI standard to which the hon. Lady referred, though without the complementary tone it deserves. None the less, I understand her point.

We do not think it is right to expect all users of all internet-connected devices to become cyber-security experts, and we recognise the need to take from them the burden of differentiating between good and bad. That is why we have been clear with industry what good practices will look like, and we wish to support manufacturers of all sizes to embed them and to support retailers to make sure that they are obvious.

Matt Warman Portrait Matt Warman
- Hansard - -

I will give way to the hon. Lady, but she does not have long.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank the Minister for giving way. In the absence of any time to sum up, I want to thank him for his comments and to confirm that I will write to him with my list of questions so that he can answer them in full. Will the regulatory horizons council cover all regulation with regard to technology or only that relating to manufacturing, and does he agree that this is about not only consumer data but citizen data, because it relates to Government as well?

Matt Warman Portrait Matt Warman
- Hansard - -

I absolutely agree with the hon. Lady’s second point. The council will, of course, be wide ranging. I look forward to answering her comprehensive list of questions, and I will be grateful to Hansard for providing clarity on them.

Finally, in response to the intervention from the hon. Member for Cambridge, this Government do not think there is a choice between innovation and security. We have to make those two complement each other. That is at the core of our strategy and will continue to be so, and I would hope that we can move forward together with the cross-party consensus to which the hon. Member for Newcastle upon Tyne Central alluded.

Question put and agreed to.

Resolved,

That this House has considered regulating the internet of things.