Tuesday 19 April 2022
[Sir Mark Hendrick in the Chair]
Computer Misuse Act 1990
I beg to move,
That this House has considered the Computer Misuse Act 1990.
Before I begin, I draw Members’ attention to my entry in the Register of Members’ Financial Interests, and in particular to my stakeholding in a firm that has offered digital forensic services in the past, but which I understand does not plan to offer such services at least for the next three to five years.
It is a pleasure to serve with you in the Chair, Sir Mark. I am grateful to have secured this important debate of national security significance, especially considering this morning’s headlines about the potential spyware attack on No. 10. The need for this debate has become more urgent of late, especially considering the barbaric and unprovoked invasion of Ukraine, which has placed a spotlight on the pressing requirement to strengthen the UK’s cyber-security.
The UK Government have achieved a great deal in developing our cyber-capabilities, spearheading the creation of the National Cyber Force and putting aside a total of £2.6 billion for cyber and IT, which is a significant funding increase on previous years. I strongly welcome the Department for Digital, Culture, Media and Sport working more closely with cyber-security firms, through £850,000 of funding to support the establishment and activities of the UK Cyber Cluster Collaboration.
Given this Government’s strong record developing our cyber-capabilities, it is surprising that 32 years after its introduction as a private Member’s Bill, the Computer Misuse Act 1990 remains the primary piece of legislation covering cyber-crime in the UK. I am sure we all agree that the technological landscape has altered drastically over the last 30 years. Our existing legislation must urgently be updated to reflect those monumental changes. When the 1990 Act came into law, Margaret Thatcher was Prime Minister, the first website was yet to be published and I was just a toddler.
The CMA was brought into law to criminalise unauthorised access to computers. In other words, hacking without permission became illegal, irrespective of motive or intent. However, the CMA came into force before the modern cyber-security industry, which now employs more than 52,000 people across 1,800 firms. In 2022, the methods used by cyber criminals and cyber-security professionals are often very similar—sometimes the same. Individuals who work in cyber-security are frequently required to perform actions for which explicit authorisation is difficult, if not impossible, to obtain.
Contemporary defensive cyber research into computer system vulnerabilities and threat intelligence often involves the scanning and examination of compromised victims and criminal systems to lessen the impact of future attacks—pre-empting what such a hack might resemble to prevent its success. It strikes me as woefully naive to think that criminals will explicitly authorise access to their systems. To do so would be akin to a policeman asking permission to arrest an individual.
British cyber-security professionals are at risk of being taken to court for obtaining actionable intelligence, which means that as a country we are dissuading vital research from being conducted at a time when countries such as Russia and China are increasingly deploying hostile technologies against us and our allies. Consequently, even though the CMA has been amended several times since 1990, its major flaw is that it fails to allay fear of arrest and/or prosecution among cyber-security professionals as they carry out essential threat intelligence research against cyber criminals and agents of rogue states.
We find ourselves in a perverse situation where industry specialists who are acting in the public interest—often dealing with issues that are critical to our national security infrastructure—are at risk of being designated a criminal. Even with responsible policing, the CMA can still be used by non-state bodies to pursue individuals through the civil courts, causing considerable financial and emotional injury to well-intentioned professionals. If situations such as these remain possible, future generations of cyber professionals could be deterred from pursuing a highly rewarding career, precisely at a time when we should aspire for Britain to continue its reputation as a global cyber leader.
In urging for reform of the CMA, I have worked closely with the CyberUp campaign, which argues for updating the law and makes the case that failure to reform is holding back our cyber defences and preventing the upskilling of our workforce. In the “Time for reform?” report published by the CyberUp campaign and techUK in November 2020, analysis of a survey showed that the industry overwhelmingly suggested that the CMA was not fit for purpose. More than nine in 10 respondents said that they
“did not believe that the Computer Misuse Act represented a world leading example of 21st century cyber crime legislation.”
With Russia frequently targeting infrastructure through cyber-attacks, it is becoming increasingly urgent that we resolve the contradictions in the CMA. We need only look at the 2017 Russian state-sponsored NotPetya virus, which caused billions of pounds-worth of damage, to appreciate how devastating such attacks can be. At the epicentre of this digital hydrogen bomb in Ukraine, national transport infrastructure ground to a halt, people were unable to withdraw money from ATMs and even the radiation monitoring system at Chernobyl went offline. The current situation is an immense security risk.
The national cyber strategy, which was published in December 2021, sets out a commitment to improving our resilience to cyber-threats, but currently the strategy is clearly hamstrung because of the CMA. I have spoken to threat intelligence researchers from leading UK cyber-security companies, who have stated that they come up against CMA-related barriers three times a week on average. In those situations, researchers must seek guidance on whether they can investigate without breaching the provisions of the Act. In 80% of such cases, investigations cannot be undertaken. Where investigations can go forward, there is a significant benefit, with the average number of victims who can be identified, and thus warned and supported, varying between a handful and often up to hundreds per investigation.
We can extrapolate the figures to try to develop a national picture of what is going on. Using data obtained in the DCMS sectoral analysis 2022, the list of CREST threat intelligence providers and statistics from the DCMS cyber breaches survey 2021, we can surmise that the CMA is an active consideration in relation to at least a hundred, but potentially up to 3,000 investigations, each week across the UK in cyber-threat intelligence firms; that is, of course, assuming that all the other firms are similarly conscientious about staying on the right side of the law. That means that up to 2,400 investigations could be abandoned due to sensitivities around the CMA, which in turn could mean that up to 1 million victims remain unidentified and thus under threat from cyber criminals. Financially, it is estimated that the outdated CMA is costing our economy at least £30 million a week.
Our digital economy is being held back by a law that came into existence when less than half a percent of the population used the internet. We need to make the case that Britain, with its impressive track record in computing, networking and cyber, is a fantastic place to invest, create jobs and upskill our workforce. As it stands, we risk losing out to global competitors with more liberal legislative regulations, such as France, Israel and the United States.
What practical changes need to be made to the CMA for it to be well placed to rise to the challenges of 2022 and beyond? Industry representatives have directly conveyed to me a strong desire to see the inclusion of a statutory defence for cyber-security professionals who are acting in the public interest. Although I understand the need to ensure an effective balance between protecting legitimate cyber-activity and being able to prosecute genuine criminals effectively, one thing that struck me in my meetings with industry representatives was that even among those who felt relatively at ease about the prospect of prosecution, there remained a strong and genuine fear of arrest, which would involve the seizure of their work devices—the tools of their trade—and cause significant stress to individuals who are proud of their contributions to keeping Britain safe.
Currently, the only protections in the Act, beyond a few cases where a warrant is obtained, are extendable only to actions undertaken with explicit authorisation. Consequently, for the law to work for 21st-century Britain and its need to defend itself from cyber-attacks, reform should include a legal mechanism and clarify legal ambiguities in order to put professionals at ease.
I apologise for not being here at the very beginning. My hon. Friend is absolutely correct about a statutory defence, but I understand that that could be achieved without changing the current legislation, particularly if it were done in co-ordination with the Crown Prosecution Service.
It is important that we respond directly to the concerns of the cyber-security professionals; this is what they have asked for. Meaningful engagement with them will lead to a potential compromise. There is also a need to balance how we act against genuine cyber criminals, and I think that meaningful engagement and working with them will be the way to find that suitable compromise.
Updating the CMA has widespread cross-party support, with the all-party parliamentary internet group first calling for reform of the CMA in 2004—18 years ago. Since then, the Intelligence and Security Committee’s Russia report has recommended that the CMA should be updated in response to the heightened risk of malignant Russian cyber-activities.
Although cyber professionals across the country and I greatly appreciate the announcement by the Home Secretary last year of a review looking at the CMA, progress has seemingly been slow. Some 66% of respondents to the Government’s call for information had concerns over the existing legal protections of the CMA, so I hope that the Minister will update us as to whether the review is being expedited, especially considering that there has been an increase in hostile cyber-actions undertaken by rogue states and given this morning’s headlines on potential spyware attacks on No. 10. I would also be grateful if the Minister would meet myself and others from the campaign to discuss the matter further. I look forward to hearing contributions from hon. and right hon. Members.
It is a pleasure to speak in this debate, Sir Mark. I commend the hon. Member for Bridgend (Dr Wallis) for setting the scene so well. I look forward to contributions from others, especially the Minister. From previous experience of dealing with the Minister, and of partnership and co-operation with him, I believe that his answers will be helpful to us. Whether we are technically-minded or otherwise, we all recognise the key issues to which the hon. Member for Bridgend has referred. Why is this issue so important? It is because, as the hon. Gentleman has said, stakeholders have expressed deep and real concerns about the poor security of many devices. I will speak first about individuals and companies, and then probably take my arguments a wee bit beyond that.
Insecure devices can compromise privacy or be hijacked and used to disrupt other uses of the internet. That happens every day in my constituency and across the whole United Kingdom of Great Britain and Northern Ireland. The Government set in motion a strategy, which was first mooted in 2016, that set a date of 2021 for most online products and services to be cyber-secure by default. Will the Minister in his response tell us whether those targets have been met, and if they have not, when will that happen? DCMS has proposed a voluntary code of practice. I certainly would have liked to have had something mandatory in the system. Perhaps the Minister will indicate whether that is his and the Government’s intention.
I cannot profess to be technically-minded, but my staff are. They tell me that it is possible to access personal and confidential data, including on bank accounts, through our phones. That is why the debate is vital and why we need to seek from the Minister the reassurance that the protections that people need and want are in place. There is not a week in my constituency when people do not come to me about such issues. If someone phones an individual and talks about that individual’s bank account, it is not their bank. If someone phones and asks personal questions about confidential data, they are not legitimate.
In the recess, I watched a consumer programme which highlighted a scam that looked so convincing—what was happening looked absolutely correct to the untrained eye—but the experts looked into the issue and were able to help the person who was being scammed to thwart the scammer. As I have said, there is not a week when I do not hear about a scam. Usually, they are against elderly people, but also against others those who inadvertently give out details and lose their savings. Just a few months ago, a gentleman in my constituency was scammed. The appearance of legitimacy and truthfulness meant that he did not fear that it was a scam, but he lost £20,000, which has never been retrieved.
Cyber-attacks are one of the most common types of crime experienced by individuals in the UK. According to national crime statistics, some 2.4% of adults in 2017 and a higher percentage today will have experienced cyber-attacks, including on their personal computers, which is what this debate is about; I thank the hon. Member for Bridgend for setting the scene.
User behaviour is a factor in the poor cyber-security of consumer devices, whether by the individual or the system that they use. The 1990 Act needs to be reviewed to provide greater protection. Some user behaviours include using default, weak or reused passwords. What can we do? We need to establish good practice in the industry, improve the cyber-security of consumer products, adopt a vulnerability disclosure policy, make software updates available for stated lengths of time, and inform consumers on setting up, managing and improving the security of household connected devices, as in the DCMS’s own code of practice, which was published some time ago.
UK infrastructure must be protected. The Government have identified cyber as one of the top six tier 1 threats. Cyber-crime costs the UK some £1.27 billion per year, with about 60 high-level cyber-attacks a month, which indicates the magnitude of the problem. Many of the 60 high-level cyber-attacks a month threaten national security, which is also why this debate is important.
The hon. Member for Bridgend referred to Ukraine. Russia launched a cyber-attack on Ukraine’s electricity network back in 2015. Some quarter of a million people were impacted by that attack, which I think he also referred to. That example shows that even six or seven years ago, before the war, cyber was being used as an instrument of war by Russia, and indicates how much cyber-attacks can disrupt and compromise. Cyber-attacks are a method of warfare, which is why I support the hon. Gentleman’s call for legislative change.
I will make a plug, as I always try to do in these Westminster Hall debates. The Minister will be well aware that Belfast is a cyber-security stronghold and is very much at the forefront of cyber-security development. Belfast has become a capital of security. Any new cyber legislation must not prevent cyber-security experts from doing what they do best, which is finding the loopholes in programs.
Much consultation must take place to ensure that the Government do not tie the experts’ hands or throw the baby out with the bathwater. After all, the experts are combating criminal activity, and abuse and aggression from foreign powers such as Russia and China. Will the Minister confirm that any legislation that is proposed will entail working with companies—for example, cyber-security companies in Belfast and Northern Ireland—to enable their excellent progress to continue?
I fully support the motion tabled by the hon. Member for Bridgend. I look forward to hearing the contributions from the two Opposition spokespersons, and particularly to the Minister’s response. I hope that he can give us the reassurances we seek, so that we can continue to be at the forefront of cyber-security in Belfast, as we are throughout the whole of the United Kingdom.
I congratulate my hon. Friend the Member for Bridgend (Dr Wallis) on securing this debate. I myself put in for a debate on this issue a while ago, but the gods obviously smile more on Bridgend than they do on Boston. Nevertheless, I welcome this opportunity to debate the issue.
I thank the Minister and his officials for several meetings that he and I have had about this issue relatively recently. All were prompted, as my hon. Friend the Member for Bridgend said, by CyberUp and by Kat Sommer, who deserves to be cited in Hansard for her persistence, among many other things.
This is an important but technical issue. I will be honest and say that I am not completely certain that the Computer Misuse Act 1990 is broken, but I am certain that it can be improved, by one means or another. That is because, as my hon. Friend the Member for Bridgend said, the structure of the cyber-security industry has changed since the Act came into force, and is different from almost any other part of the national security set-up. If we were to ask whether academics have a right to interrogate systems for the purposes of research, we would definitely say yes. If we were to ask whether businesses have the right to interrogate those same systems, we would assume that it was for commercial purposes and that it was important to have different rules.
It is also a sector where a lot of very small-scale research is done by individuals—some of them literally in their bedrooms. There is a very diverse set of people looking for loopholes and vulnerabilities. Uncovering those vulnerabilities—be they in banks, businesses or any other area where we all rely on the internet—is categorically in the public interest, even if it may also be in the interests of businesses, researchers or people looking for bounties given by large businesses to uncover those vulnerabilities. Those businesses realise that it is in their interests to provide the maximum security to their customers or users.
That gets to the heart of why the Computer Misuse Act matters. On the one hand, it seeks to prevent hacking and other things that we do not want to see done by people with malign intent; but on the other hand, it risks fettering the ability of people with the public interest at heart to solve issues that we would all like to see solved. Admiring the problem is the easy bit; the hard bit is trying to work out what we should do about it.
There are a couple of things that we should not do. We should not introduce a blanket public interest defence for anyone who goes looking for things that might subsequently be perceived as a loophole or bug in a system. To do that would potentially give carte blanche to anyone who got caught, allowing them to claim that they were going to fess up about it, rather than benefit from it themselves. A public interest defence that goes too far should be avoided. I find it hard to imagine how a public interest defence might be constructed that does not, inadvertently or otherwise, go too far.
The other thing that we should not do—notwithstanding the figures that my hon. Friend the Member for Bridgend quoted—is assume that cyber firms of any sort should not be mindful of legislation such as the Computer Misuse Act. Of course, if someone is doing research they should consider what is legal. It is a good thing, not a bad thing, that it is a factor for consideration for those who are engaged in the cyber-security industry. We should be mindful of how we can fix the Act, rather than just sweep it away altogether. I come to a point that was made a moment ago; those issues can probably be addressed through enhanced guidance that provides a degree of legal comfort to the unsurprisingly risk-averse lawyers who work for cyber firms and others. Such guidance would not provide carte blanche to people who might have malevolent intent.
Criminals will not be looking at the CMA and wondering whether what they are doing is legal; by definition criminals are not bothered about whether they are breaking the law. However, there is an important grey area, and we should not create an unintended opportunity for people to defend themselves in court. I implore the Minister to continue his work on the review of the Act, which is really important, but with some minor legislative tweaking we could provide the comfort that the industry rightly asks for and could continue to secure the excellent reputation that Britain has and, as the hon. Member for Strangford said, that Belfast has, for being a world-leading cyber power. We can build on that success because the CMA is an example of a bit of legislation that, although very old, has largely stood the test of time for a lot longer than many might think.
I will close by simply saying that the principles embedded in the CMA are not bad ones. Whenever it comes to legislating for the internet, we should realise that the internet has not necessarily reinvented every single wheel, and principles that apply offline can be applied online. In this case, they need a little bit of updating, but I do not think we should throw the baby out with the bathwater, as the hon. Member for Strangford said.
I am absolutely delighted to speak in this extremely important debate—it is perhaps not pressingly urgent, but very important. I congratulate my hon. Friend the Member for Bridgend (Dr Wallis) on securing this debate and on his speech. I pay tribute to my hon. Friend the Member for Rushcliffe (Ruth Edwards), who wrote an excellent foreword in the report from CyberUp and techUK, “Time for Reform? Understanding the UK cyber security industry’s views of the Computer Misuse Act”. It is an excellent paper with sensible suggestions.
If I may say so, we are blessed to have this Security Minister here in his place. As far as I understand it, being Security Minister is not for someone who showboats or campaigns; it is for somebody who is extremely thoughtful and reliable and can really get to the heart of matters, so I am grateful that my right hon. Friend is the Minister replying today. He might not be able to respond to all the points today, but I know he will certainly think about them. I also pay tribute to my hon. Friend the Member for Boston and Skegness (Matt Warman), who showed his command of the subject.
I approach this debate with great humility, deeply aware of my own inadequacy at rising to the most difficult technical problems involved. I say that not because I do not know anything about the subject, but because I do. I have an MSc in computer science from Oxford, which I gained in 2000. I was once upon a time—at least, I think so—a reasonably competent Unix system administrator. I have done a network intrusion course as a software engineer, and I like to think that I might be considered as once being above average as a software engineer.
Having read books such as “The Art of Computer Programming” and Bruce Schneier’s book on cryp-tography—he is one of the world’s great experts—I am well aware that the subject of cyber-security is fabulously complex and difficult and not well understood. Without naming the organisation, I once went to a major public body to talk about cyber-security. It had put a large TV up on the wall and on it was a NORAD-style display of cyber-attacks going to and fro across the world, and there was a little software engineer’s rolling league table of which attacks were in progress. I asked what it all meant, and the public body did not know. It could not tell me what the attacks going to and fro meant, which put the meeting in context. So my first point is that no one following this debate or this subject should be under any illusion whatever about the complexity involved. It is a problem for the top 1% of software engineers—the sort of people who might be employed at GCHQ at the very cutting edge of understanding computers, how they work and how things can be dealt with.
Secondly, I think reform of the Computer Misuse Act would be a very good thing. My goodness!—what we have learned and how things have changed since that Act was put in place. Even since I joined Parliament in 2010, software engineering has changed tremendously. We all find that we go out of date very quickly, and the law has to keep pace with how things have changed.
The point was made earlier that some things that happen in the real world have parallels online. When I look at the range of things that software engineers have to do to counter network intrusion and cyber-attacks, at the moment we seem to be in a position akin to saying to a householder, “You may not defend against burglars,” or to someone attacked in the street, “You may not commit acts of self-defence.” That parallel might be flawed, but we have to look extremely carefully at whether software engineers and other professionals are adequately defended in law, so that they can do what is necessary to defend against criminal attack. That is what we are talking about.
The paper from CyberUp and techUK is excellent. I read it only over the weekend, but it all seems to be very sensible and well thought through, and I certainly commend it to the Minister and his officials. They should have a really good look at it to see whether the case has been made, in particular for a statutory defence for professionals in the field, making sure that we have taken into account everything we now know about cyber-security.
I am not actually in favour of an official register of professionals, which is recommended in the paper. There are two reasons for that. First, insert here all the arguments about the state running registers of professionals—the anti-competitive practice it can encourage and so on—which do not need rehearsing. It would also become something of a honeypot for criminals. If we were to create a privileged list of registered actors who are, in some sense, allowed or better facilitated to conduct cyber-security operations, for want of a better term, that would create an enormous incentive for criminals to get their people on that list, or to corrupt individuals on the list in order to get what they want from them. I remain opposed to having a state-sponsored list of professionals with some kind of privilege to conduct these operations, outside of employees of the state themselves—obviously, we employ people to do this sort of thing. I think that would be a mistake.
Those are the three points that I wanted to make. First, we need humility as we approach these things. This issue is not susceptible to loose pub chat; it needs real expertise. Secondly, reform of the CMA seems to me to be a jolly good idea. Thirdly, there should be no official register. Once again, thank you very much, Sir Mark. I am really looking forward to hearing the response of my right hon. Friend the Minister.
I thank my hon. Friend the Member for Bridgend (Dr Wallis) for securing this debate. Once upon a time I also applied for it, so I am glad that one of us got through the lottery.
I am the chair of the all-party parliamentary group on cyber security, and this is an issue that we have looked at time and again. We have looked at specific reform of the CMA, and frankly, with almost any issue we concentrate on, we keep coming back to the challenges that the CMA brings up for professionals. As others have done, I thank CyberUp for the support it has given, both to the APPG and in advance of this debate. When reforms are made to the CMA, it will be due in no small part to the advocacy that CyberUp and industry have put behind this.
My view is that the CMA is holding the UK back and making us less secure. It needs reform, and the urgency is very keenly felt in the industry. It is frankly ridiculous that we are reliant on a piece of legislation that came into force at the time of Windows 3.0, before Google and Amazon, and crucially before the internet had come into common use.
In the last meeting of the APPG on cyber security we had Ciaran Martin, the former head of the National Cyber Security Centre, before us, and we asked his view. It is hard to articulate how much he rolled his eyes when I asked the question, but clearly the view of those who operate in this space is that the time for change is now.
As it is currently written—I apologise, Sir Mark, for going over some of the same ground—the CMA inadvertently criminalises a large proportion of vulnerability and threat intelligence research that UK cyber-security professionals must carry out to protect the UK from cyber-threats such as the one affecting No. 10 that is in the news today, ransomware attacks and those from state actors such as Russia.
Let us be clear: the legal jeopardy that cyber-security professionals face is not theoretical but very real. We have heard from professionals who have been at the sharp end of the law for merely doing their jobs—probing weaknesses in order to fix them. At a time when the world has never been more connected, and there is inter-reliance between news, messaging, shopping, banking, security and leisure—the web of systems that hold modern society together—we need to ensure that the laws are fit for purpose and fulfil the roles they were enacted to achieve. I firmly believe that this one does not and we are the poorer for it.
It is worth spending a little time putting this in context and detailing the main challenges of an unreformed CMA. Cyber-security professionals identify vulnerabilities in products and services and work with manufacturers and vendors to fix them. They detect cyber-attacks, gain insights into attackers and victims, lessen the impact of incidents and prevent future ones. The Government’s “National Cyber Strategy 2022” recognised the value of that important work. It committed to building valuable and trusted relationships with the cyber-security researcher community to deliver a reduction in those vulnerabilities. But the CMA is currently a block to that, irrespective of the intent or motive of those doing the work. That leaves the UK’s cyber defenders having to act with one hand tied behind their back, because much of their defensive work requires interaction with compromised victims’ and criminals’ computer systems where owners will not give access or explicitly permit such activities.
Another aspect is that the Act is having a really damaging impact on the cyber-skills pipeline. In 2018, the Joint Committee on the National Security Strategy concluded that a shortage of “deep technical expertise” was one of the greatest challenges faced by the UK in relation to cyber-security. This year’s national cyber-security strategy made explicit the need to grow and improve sectoral skills in order to build UK resilience to threats. But we should be clear about the chilling effect that the CMA is having on doing that and the challenges that it throws up. The sector needs a diverse range of minds in order to continue to grow and to adapt to a changing environment. High-profile prosecutions enabled by the CMA for little more than pursuing public interest investigations reinforce negative stereotypes that may deter some from pursuing a career in cyber-security. If the UK is to meet the challenge of closing the cyber skills gap, it needs to stop criminalising the activity, and ultimately talent, that is needed to promote the industry and grow its share of the global cyber-security services market, which is currently dominated by North America. That will not only grow cyber skills in our own economy, but help to build cyber resilience and better defend the UK.
As my hon. Friend the Member for Bridgend pointed out, there are relatively simple tweaks that we think could be made to this legislation that would make a big difference in this space. They would unlock huge opportunities for the sector and our national resilience. As has been mentioned, the inclusion in the CMA of a statutory defence, not a blanket one—I think my hon. Friend the Member for Boston and Skegness (Matt Warman) was absolutely right on that—would give cyber-security professionals acting in the public interest a clear defence from prosecution. That would provide legal clarity for individuals, the industry and the state. We can learn much from our international partners in this space about how to achieve a fair balance and enact safeguards to ensure that new freedoms are not abused by those who are not on the side of the angels. I am talking about a clear framework that measures the defensibility of an action, proportionality, intent and competence and looks at a harm-benefit profile. They are the sorts of principles that we should be considering when looking at reform.
It seems bizarre that as we launch the National Cyber Force in Lancashire and as my local town deal brings a university campus focused on cyber-security in Barrow, the legal framework that will enable these people to do their jobs and practise their craft is lagging behind. It is clear from the national cyber-security strategy that, as a country and a Government, we do not lack aspiration in this space, and that is a really good thing. It is the burden of advanced nations to have to defend these new frontiers, but we must ensure that the framework is in place to support our good efforts and deliver on the opportunities that the strategy speaks about. A very good step would be reforming this Act and ensuring that those acting in the public interest have protection from unjust litigation. Doing that would make us all safer.
While we are on the subject of the new cyber-security centre, I too am very pleased that it is coming to Lancashire; it is next door to my constituency. Like Mr Baker, I am proud to have studied computer science at master’s level—in my case at the University of Manchester—so I am very pleased with the developments and the way that things are going forward. We will hear from the Front Benchers now.
It is a pleasure to see you in the Chair, Sir Mark. We do not always have such a knowledgeable Chair in relation to such technical matters.
I thank the hon. Member for Bridgend (Dr Wallis) for securing the debate and for his expert introduction of the topic. He rightly highlighted events in Ukraine, and, indeed, today’s reports of attacks on No. 10 as providing a stark backdrop to this discussion. He and all hon. Members made a strong case for revisiting and revising the 1990 Act.
The point I agree with most fundamentally was made by the hon. Member for Wycombe (Mr Baker), who highlighted the complexity of these issues. I feel rather underqualified at the moment, particularly given the CVs on display today. Nevertheless, I approach this topic with an open mind and am open to persuasion by the experts. I welcome the Home Office’s call for information last year. The recent cyber strategy hints at this legislation being looked at again. If the Government proceed with reforms, the Minister will have our support and we will play as constructive a part as we can to ensure that they are the right ones.
As we heard, the 1990 Act was pretty much rushed into effect via a private Member’s Bill when it seemed to be established that hacking—shoulder surfing in one particular case—was not against the law. Obviously, that had to change, so the legislation put criminal offences on the statute book for unauthorised access, unauthorised access with intent to commit other crimes and unauthorised modification of computer material, but things have changed significantly since then. The hon. Member for Bridgend said he was a toddler back when the legislation was passed. I certainly was not; I would have been sitting, as a teenager, with my BBC Micro computer taking 20 minutes to load “Football Manager”. He is right to point out that, back then, a tiny percentage of the population had access to computers. The internet was something for the future. Technology has changed in unbelievable ways, with computer use now absolutely ubiquitous. People are also using a large number of smart internet-connected devices. That all radically alters the threat landscape from when the legislation came into force.
As the Act explicitly mentions computers and not other internet of things devices that can connect to the internet and be hacked, things such as smart fridges or nanny cams must be argued to be computers to fall under scope of the legislation. We had reference to the submission by the NCA to the House of Commons Russia inquiry, highlighting the widespread use of mobile phones as a reason for urgently updating and reforming the CMA. The legislation does not appear to be effective: one report I read recently suggested that less than 1% of reports of hacking led to prosecutions. There are issues about whether it even works in bringing criminals into the court system for justice.
It is right to acknowledge that it is not the case that the Act has not been updated at all. Changes have been made: punishments have increased and, significantly, the offences of impairing the use of a computer and provision of articles to facilitate misuse have been added. The Government have also started to address the problem of securing smart devices through the Product Security and Telecoms Infrastructure Bill 2022, but revisiting and broadening the scope of the CMA would improve on that and complete the move to address the internet of things security dilemma.
Perhaps a more pressing issue, which Members have rightly focused on, is that the Act does not attempt to differentiate between the motives of hackers: malign cyber criminals who intend to exploit or harm other users or their systems are treated the same as those identifying weaknesses and flagging them up for altruistic reasons. Often, ethical hackers test a company’s systems accurately by using the tools that hackers themselves would use. Those concerns have led to the CyberUp campaign and the idea of a statute of defence to protect cyber researchers identifying vulnerabilities in computer systems and company networks not to exploit them but to help fix them. I pay tribute to that campaign for helping me try to understand what this is about.
As the hon. Member for Barrow and Furness (Simon Fell) put it, all this is holding us back. While US IT security companies can offer whole-of-supply-chain vulnerability scanning to identify weaknesses that could compromise systems, UK companies cannot offer those services for fear of prosecution under the CMA. He pointed out that that has a knock-on effect on our ability to grow our expertise and talent base. If those working legitimately to uncover vulnerabilities or using hacking tools to simulate attacks are left at risk of prosecution for doing their jobs, that leaves companies, organisations and our key infrastructure more vulnerable to attack.
Adding a defence to the Act seems a sensible way to proceed. I accept that the scope of any such defence has to be judged carefully. This is not a straightforward. The hon. Member for Boston and Skegness (Matt Warman) was right to raise the difficulties. While a defence should protect those engaging in legitimate vulnerability scanning or ethical hacking, the defence must be defined in a way that does not encourage vigilante activity or any sort of free-for-all. He suggested as an alternative the idea of using guidance. I must say that, as a lawyer, I slightly shy away from using guidance when the alternative is to put something on the face of a Bill; from a rule of law perspective, that is always more desirable but, again, it is something that I am open to persuasion on.
All these concerns have been recognised by the CyberUp campaign through inclusion in its proposals for various tests, including a competency element, to ensure that only a person engaged in activities covered by the Act who is competent to do so and who has good intent is protected. While it is complicated, I believe that it can be done and should be done.
I finish by again welcoming the debate and the chance to put on record our support for reviewing, revising and updating the 1990 legislation. As I said, we will work constructively on any proposals to do that.
As always, it is a pleasure to serve under your chairmanship, Sir Mark. As others have done, I will start by paying tribute to and thanking the hon. Member for Bridgend (Dr Wallis) for securing today’s important debate and for his ongoing and important role in highlighting some of the issues in this policy space.
Like others, I will start with some humility about the limits of my technical capabilities in this space, while very much recognising that the comments of those who have some background in it have been particularly insightful —I include your comments in that, Sir Mark.
We often describe debates in Westminster Hall as timely, but as the UK faces a threat unlike any other in recent history, and just one day after reports broke that Downing Street itself may have been may have been targeted using Pegasus hacking software, which can turn smartphones into remote listening devices, a renewed focus on the Computer Misuse Act could not be more urgent.
As others have mentioned, the 1990 Act was the first major legislative attempt to tackle cyber-crime and criminalise hacking. The Act strengthened the protection of personal data held by organisations by making it a crime for individuals to gain unauthorised access to that data or to modify it without the necessary permission. Undoubtedly, it was a significant landmark, but given the rate and complexity of technological advance, the Act is long overdue for reform. While it has been amended by more recent legislation, at 30 years old, its contemporary relevance continues to wane.
This policy area moves at such a pace that legislation could be rendered out of date in the time between a new law being drafted and securing Royal Assent, so laws governing this space would require almost constant consideration and review. That is where the statutory guidance plays an important role, as some areas of this must be particularly dynamic. However, with the Act at 30-plus, and without a significant overhaul, we are now woefully ill-equipped as a country to ensure that we are meeting as robustly as is required the cyber challenges that we face.
In 2020, an estimated 99.99% of total cyber-crime and roughly 99% of reported computer misuse offences went unpunished. That is despite the fact that we know that cyber-crime is significantly under-reported. Coupled with that, there were only 45 prosecutions in 2020 for computer misuse offences. In total, there were 43 convictions, with the average custodial sentence being 15.7 months, and the average fine just £1,203. While there are several reasons for low prosecution rates for cyber-crime—such as jurisdiction, with a great deal of this type of crime being committed abroad—the CMA, with its confusing framework and ambiguous, outdated terminology, presents a further challenge.
I recently met the CyberUp organisation—others have already paid tribute to its work—which was set up in 2020 to campaign for reform of the CMA. It is a broad coalition of supportive bodies from within the cyber-security industry, including the larger cyber consultancies and the cyber industry trade body, techUK, and has the backing of the Confederation of British Industry. Others have cited similar arguments, such as the Criminal Law Reform Now Network, which was launched in 2007 and comprises leading academics, practitioners and legal experts in the field. In its 2020 report, it concluded that the CMA is “crying out for reform”.
Speaking last year at the National Cyber Security Centre, the Home Secretary announced a welcome formal review of the CMA. The result of the call for information was clear, with 66% of respondents saying that they had concerns over the current protections in the Act for legitimate cyber-activity. I understand that the outcome of the review is expected to be published early this summer, so as with others who have spoken today my first question is, can the Minister confirm when we can expect the next step of that review? I would be grateful if he could update Members about that. Given that there is no reference to reform of the CMA in the Government’s new national cyber strategy, which was published late last year, many people hope that the review will comprehensively address the areas discussed today and provide a clear position on how we move forward.
As the hon. Member for Bridgend has mentioned, reviewing the CMA in the light of Russia’s abhorrent invasion of Ukraine is of even greater importance in order to ensure that our cyber-defence is fit for purpose. As outlined in the 2020 Russia report conducted by the Intelligence and Security Committee,
“Russia’s cyber capability, when combined with its willingness to deploy it in a malicious capacity, is a matter of grave concern, and poses an immediate and urgent threat to our national security.”
During evidence provided to the Committee, the NCA explained:
“The Computer Misuse Act…is very outdated legislation. It was designed for a time when we all didn’t carry six phones and computers and let alone have criminals who do the same.”
It would therefore seem more than sensible for the Government to accept the report’s recommendation that the CMA
“should be updated to reflect modern use of personal electronic devices”,
alongside the report’s other recommendations.
A Government report published just last month and conducted by the UK, the US and other allies exposed the historic malign cyber-activity of Russia’s Federal Security Service, including a long list of cyber-operations targeting the UK energy sector, US aviation and a Russian dissident in the UK, who was targeted using sophisticated hacking and spear phishing. Given the historic and increased cyber-threat level, we must consider the concerns of cyber-security professionals who make a strong case that the CMA, in its current form, prevents them from being able to robustly test security systems using some of the most effective methods available to them.
Last month, the former chief executive officer of the UK National Cyber Security Centre warned that our current system
“lacks nuance in protecting people who inevitably have to look into bad things to protect against them.”
That argument is further supported by the recent findings of a survey conducted by CyberUp and techUK, which found that 93% of cyber-security professionals believe that
“the Computer Misuse Act did not represent a piece of legislation that was fit for this century”
and 91% of cyber-security businesses felt that
“they had been put at a competitive disadvantage relative to other countries with better legal regimes.”
If we do not have a system that our security professionals have confidence in, we do not allow them to robustly defend our security to the best of their abilities.
Having discussed the necessary reasons for reform, it is important to consider what legislative reform would look like and the possible alternatives available to us. One reform, advocated by CyberUp and the Criminal Law Reform Now Network, would introduce a statutory defence to the CMA, using a principles-based framework that would allow cyber-security professionals to defend activities performed in the public interest. I recognise the diverse purposes for interrogating cyber-security, which were raised by the hon. Member for Boston and Skegness (Matt Warman), and the requirement to ensure that we find the balance in introducing a defence. When an individual is able to demonstrate clearly that they acted to prevent crime or to protect a system or that no personal profit or gains were made, it would seem reasonable and appropriate for that to be recognised in new legislation.
If I have understood the French approach correctly, article 40 of the criminal procedure code allows for a person who is acting in good faith and who acts solely in the national interest by notifying the appropriate body about an existing vulnerability related to the relevant system. That may be a comparison we can look at in order to see how we can best update our legislation.
If we are to ensure that we can protect ourselves from evolving cyber-threats, such as those revealed at the very heart of Government today, the Computer Misuse Act must be reformed as a priority to acknowledge the changes in our technological landscape. When the CMA was drafted, the majority of people did not even have access to a computer, but now we all carry that capacity with us in our pockets. Times have changed, and so must the legislation.
I would be grateful for an outline of the Government’s response to the revelations of spyware in Downing Street, and for confirmation that a comprehensive and urgent investigation is under way, as well as for an update on whether any upcoming legislation on countering hostile state actors will operate in this online space and when we might see more detail about those proposals.
Being able to combat threats from hostile cyber-actors in the current geopolitical environment is an essential requirement, and it is our role as legislators to ensure that that is possible. We need the very brightest and best working in the UK cyber-security space; those professionals must have the ability to do their jobs as well as they can if they are to deliver the protections that our country urgently needs.
It is a pleasure to serve under your expert chairmanship, Sir Mark. I thank my hon. Friend the Member for Bridgend (Dr Wallis) for securing today’s debate and bringing this important issue to Westminster Hall. I am also grateful to all colleagues who have taken part. It strikes me that this is a good example of bringing to bear on Parliament not just opinions or political points but real depths of expertise from the outside world. I think it has been a very good debate.
I thank the SNP spokesman, the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald), and the Opposition spokesperson, the hon. Member for Halifax (Holly Lynch), for the constructive way that they engaged with the important discussion. I reassure everybody that it will feed into the review, which I will come back to later. I confirm to my hon. Friend the Member for Bridgend that I would be pleased to meet with him and a group of colleagues to discuss the issue further—I look forward to it.
As the Minister for Security and Borders, I am keenly aware of the scale of the cyber-crime threat facing our citizens and businesses. Keeping them safe is a key priority for the Government and our operational agencies and I take this opportunity to thank all those who work tirelessly to protect the public.
The threat from cyber-crime has intensified over the last couple of years. As the hon. Member for Halifax said, the pandemic meant that even more of our lives were spent online, and, inevitably, criminals have sought to exploit that shift. The statistics bear out the scale of the threat, with computer misuse now accounting for an estimated 15% of all crime. That opportunism is despicable and underlines how crucial it is that we have a robust and effective response. The Computer Misuse Act is primarily about hacking into someone else’s computer, but clearly there are more crimes that involve misusing computers for criminal means—most fraud, for example. Later today we have the Second Reading of the Online Safety Bill, which is an ambitious and forward-looking piece of legislation that will tackle online harms around fraud and fraudulent advertising.
I turn to some of the points made by the hon. Member for Strangford (Jim Shannon) about protecting individuals and small businesses. I reassure him that comprehensive advice is available from Cyber Aware. We encourage everybody to act on that, starting with three key things: protecting email security with a password made up of three random words; using two-factor authentication where that is available; and keeping operating systems up to date—often when an update comes around it is to see off some weakness that has been found.
I want to note important steps taken by industry that can make what hacking yields of less utility—things such as the banking sector’s deployment of the confirmation of payee system. We have sector charters in place with key industries, including retail banking. While Northern Ireland has a different policing arrangement, in this part of the UK we have the regional and national cyber-resilience centres, supported by policing, to help give extra support and guidance to small businesses that may have less wherewithal to invest in cyber-security expertise.
I also want to respond to my hon. Friend the Member for Barrow and Furness (Simon Fell) about skills; he is absolutely right that although the issue is about machines, it is ultimately about people. It is people who improve our defences. There are key pathways and standards in the Institute for Apprenticeships and Technical Education system, including under the cyber-security technologist umbrella and more broadly with the introduction of T-levels. Indeed, the critical T-level is digital business services, which includes a minimum of nine weeks of industry placement. I strongly encourage firms operating in the area—in cyber-security and in-house digital technology—to support that to make sure we all work together to bring on that next generation of experts who will help keep us all safer.
The Minister has prompted me to recommend a book called “Peopleware”. It is a classic in software engineering and is all about people and how they develop software. One of its points is the orders of magnitude difference between different categories of competence in software engineering. It raises some interesting issues that I am sure he and his officials would find helpful.
I am grateful to my hon. Friend. I shall add that to my bedtime reading list, which is not uncrowded at present. I will look forward to getting to that.
In the last year, we saw a number of high-profile ransomware attacks around the world, including attacks on local authorities and schools in the UK. The National Cyber Security Centre has reported that in just the first four months of 2021, it handled the same number of ransomware incidents as for the whole of 2020. The National Cyber Security Centre has improved our understanding of the threat and provides a unified source of advice and support to Government and business.
I am afraid that the threat posed by cyber-attacks continues to grow in scale and complexity. That is why the national cyber strategy, mentioned by a number of colleagues and published in December, sets out how the Government will invest £2.6 billion over the next three years to develop a whole-of-society approach to increasing national cyber-security and resilience, including reducing the risk and opportunity for cyber-crimes and disrupting cyber-criminals. As part of that funding, we will continue to invest in the law enforcement cyber-crime network at national, regional and local level. In the face of such a broad and complex threat picture, law enforcement agencies must have the powers they need to investigate online criminality. It is also essential that we have robust legislation in place to enable action to be taken against the perpetrators.
My hon. Friend the Member for Wycombe (Mr Baker) was right about how much has changed since 1990, and my hon. Friend the Member for Barrow and Furness pointed out that the world is more interconnected than ever. Next year, it will be even more interconnected again. All that is correct and we must make sure we are up to date and up to pace. However, as my hon. Friend the Member for Boston and Skegness (Matt Warman) pointed out, it is also the case that over the last 30 years, the Computer Misuse Act has generally proven to be a far-sighted piece of legislation for tackling unauthorised access to systems. As the threat has changed, so too has the Act, which has been updated a number of times—most recently in 2015, where the offence of unauthorised acts causing, or creating risk of, serious damage was introduced.
We are firmly and fully committed to ensuring the legislative framework that underpins our efforts to address cyber-crime remains relevant and effective. That is why last May the Home Secretary announced a review of the Computer Misuse Act. The Home Office subsequently launched a call for information, which marked the first step in that process. The purpose of the call for information was to seek views of interested stakeholders across the piece, including in industry, academia and the agencies, on the Act and the associated investigative powers available to law enforcement. The Home Office has received responses covering a range of interesting and complex issues and we are grateful to those who have sent in their views. We are considering the feedback submitted and continue to engage with partners to determine whether changes are needed. We will provide an update on the initial findings of the review shortly.
I want to touch on a couple of key points directly relating to the Act that will influence the approach we take on defences. First, the Act is based on the principle that the owner of the computer and computer data has the right to say who can access it. I want to stress that point, which was made repeatedly during the development of the Act. Authorisation to access a system is the prerogative of the owner. It is that person who is responsible for the operation of the system and bears the cost of securing it.
Equally, the Government are rightly seeking to ensure that system owners take more responsibility for the security of their systems and the content held on them. Therefore it is right that the system owner has the protection of the law from those who obtain or attempt to obtain unauthorised access to computers and their data. We encourage firms to agree to having their systems tested for vulnerabilities by third parties but the fundamental point is that it is the choice of the legal property owner to determine that.
Secondly, we need to ensure that the Act continues to criminalise those who take unauthorised action against computer systems and provides the legal basis for relevant legal authorities to act.
In launching the review, we have been clear that we are open to changes to the Act that enhance our approach to that threat. However, I must also emphasise that any such changes should be well-considered and well-evidenced. We must guard against taking any action that would undermine the ability of law enforcement agencies and prosecutors to investigate criminals and prosecute them.
I have heard the views of Members on defences. My hon. Friend the Member for Boston and Skegness identified the nuance very well, as my hon. Friend the Member for Wycombe did the nuance of the registration of industry professionals. We are still considering the question of defences, but I am sure that Members would agree with me that we cannot put in place measures that would act as a mechanism for criminals and state actors to hide behind. That is why we need to tread cautiously. An ill-conceived defence could leave prosecutors with the burden of trying to prove a negative, for example, in needing to prove that cyber-attacker X was not, in fact, intending to protect a computer system when they attempted to access it without permission.
It is also worth pointing out that there are already defences in the Act that apply to cyber-security activity. If a person has the authorisation of the system owner to access the system, no offence is committed. In addition, any decision on prosecution is a matter for independent law enforcement and prosecuting agencies who take into account all relevant facts of the case. We must also ensure that any changes to the Act do not permit or encourage retaliatory cyber-activity, sometimes known as “hack back”. There is a danger that such a defence could embolden so-called hacktivists, or commercial entities who wish to offer such services, if they believe their actions could be protected under the law. The UK does not condone unlawful cyber-attacks of any kind.
Some responses to the call for information set out proposals for a review of sentences, and we have also had suggestions for new powers for law enforcement agencies to take action against criminals online. We are considering them as part of the review, including whether sentencing guidelines are needed to ensure that the harms caused by those committing Computer Misuse Act offences are appropriately considered during sentencing.
The hon. Member for Halifax asked a direct question and yes, state threats in this area are absolutely a prevalent and growing issue. I know she would not expect me to give a commentary on a specific security matter, but I want to reassure her and the House that the Government take extremely seriously the question about state capability in this area.
There is absolutely no doubt that the UK needs a Computer Misuse Act that is fit for purpose and can rise to the challenges of the present day. As colleagues know, the Home Office is engaged in a review that is charged specifically with ensuring exactly that.
The context of the war in Ukraine makes that work more important than ever, as the shadow Minister said quite rightly. I am acutely conscious of that, but we cannot rush this. That would only serve to help our adversaries. We are, therefore, approaching the exercise with the careful consideration that the public would expect and which these sometimes complex issues demand. Through the review, and as part of business as usual, we are listening attentively to law enforcement agencies and National Cyber Security Centre experts on what is most likely to enhance our national cybersecurity. Of course, we are also studying the approaches of other countries.
I thank my hon. Friend the Member for Bridgend for securing the debate, which has been interesting and insightful. I am grateful to have had the opportunity to outline our activity in the space and, as I said at the start of my remarks, I look forward to meeting my hon. Friend and colleagues to discuss it further.
I begin my closing remarks by extending my thanks to you, Sir Mark, for being in the Chair, and to all right hon. and hon. Members for their insightful contributions to this timely debate. It is wonderful to see such cross-party engagement on this issue of significance for our national security, and I am pleased about how Members have contributed to a very good debate.
I thank my hon. Friend the Member for Wycombe (Mr Baker) for raising an important point about humility. He and I both know that expertise a few short years ago probably means a lack of it today—I can certainly attest to that. His comments about the register of professionals were certainly also cause for thought.
I thank my hon. Friend the Member for Boston and Skegness (Matt Warman) for raising points about statutory defence. I think we can get the best of both worlds: it is possible, on our side, to give the reassurances that security professionals want without necessarily legalising what is obviously criminal activity.
I thank the SNP spokesperson, the hon. Member for Cumbernauld, Kilsyth and Kirkintilloch East (Stuart C. McDonald). When he spoke about smart fridges, he touched on something that I forgot to mention in my speech: however much we think the technological landscape has changed, even more is coming. It was not that long ago that the internet of things was just an idea, and now it is on its way. Everything will have a SIM card and everything will be connected to the internet. Driverless cars, drone deliveries and all those things are coming—they are not pipe dreams; they are currently being developed by someone, somewhere.
I also thank the chair of the all-party parliamentary group on cyber security, my hon. Friend the Member for Barrow and Furness (Simon Fell), for his concise and eloquent summary of the case for reform, and the shadow Minister, the hon. Member for Halifax (Holly Lynch), for introducing comparisons with how other countries have done—she mentioned France—which was very useful.
I thank my right hon. Friend the Minister for his attendance and for his carefully considered response to the points that were raised. I am grateful for his offer to make time available to meet us so that we can begin the important work of well-considered and careful reform.
Question put and agreed to.
That this House has considered the Computer Misuse Act 1990.
Business to Business Selling
I beg to move,
That this House has considered business to business selling and encouraging jobs and growth.
It is a pleasure to serve under your chairmanship, Sir Mark. I am delighted to have finally secured this important debate to consider the importance of business-to-business selling, which I will refer to as B2B; why there needs to be a selling revolution; and what needs to be done to upskill the B2B sales workforce—particularly in small and medium-sized enterprises—and to encourage more people to train in B2B selling. Finally, I will set out some measures that the Government could take to encourage professional sales both at home and abroad.
This debate was prompted by my chairmanship of the all-party parliamentary group for professional sales and by my 25 years’ experience of selling. Like most people who end up in sales, I had no intention of becoming a salesperson. Few people set out to make that their career path, but they end up there through other routes. As a business-to-business salesperson, I spent 25 years driving the motorways of Britain to talk to my customers and understand their needs. As a manager of B2B salespeople, I helped my sales team to win business, grow the business I was working for and drive prosperity.
It is with the benefit of that personal experience that I argue that the UK would not function without business-to-business selling. It is a huge and important part of the economy. In many businesses there is a saying: “Nothing gets made until a salesperson has taken an order.” That is the importance of the sector. Since I left the profession to come to Westminster 12 years ago, the job has become more demanding: it requires deep product knowledge but always with a high need for customer insight, empathy, communication skills, collaborative working, strategy and critical thinking.
Why is selling to business important? It is important to the economy and to create wealth, and it supports 10 million jobs. It is skilled work, and it was recently re-categorised as a profession by the Office for National Statistics. That upgrade in status was based on evidence that the majority of B2B sales job postings call for a degree and five years’ experience. It is an important fact that 80% of UK businesses make part or all of their turnover from selling to other businesses.
I congratulate the hon. Gentleman on bringing forward this debate. As a salesman in my father’s shop way back in the very early ’70s, and then with Henry Denny, a pork products firm in Portadown, I fell into sales by accident, perhaps, but I recognise its importance. Does the hon. Gentleman agree that with trade deals across the world potentially coming through, there is a greater need for more salespeople to push buyers and achieve greater economic growth for all of the United Kingdom of Great Britain and Northern Ireland—always better together?
The hon. Gentleman anticipates many of the points I will make, and he draws attention to the distinction between retail sales and business-to-business sales. I note that he did not set out to go into sales—as I mentioned, few people do.
Business-to-business sales are believed to be 44% of the UK’s gross value added—economic output—worth an estimated £1.7 trillion. Companies involved in B2B pay nearly £22 billion in corporation tax and, as I said, employ more than 10 million people. Looking ahead, as the hon. Gentleman mentioned, the UK will rely on a massive amount of business-to-business selling overseas, to take advantage of the opportunities that we have, having left the European Union, in the development of new markets.
One concern is that there seem to be too few statistics collected about business-to-business sales. There is some confusion between retail sales and B2B sales, despite business-to-business sales being about four times more valuable. When official statistics are collected, no distinction is made between retail sales—what we would call consumer shopping or business-to-consumer sales—and business-to-business selling. That hampers understanding, as the two sectors are very different. Being an effective B2B seller takes skill and experience, whereas a retail sale is often a quick transaction.
Selling to another business is typically a lengthy and complex activity with many people involved on each side, and deals can have multiple stakeholders. For example, if we consider the arrangement of a business-to- business contract for the just-in-time supply of components to an automotive manufacturer, or to supply financial technology to a multinational bank, the salesperson involved will need extensive market insight, an under-standing of the customer’s needs, good negotiating skills, and often the ability to find solutions to legal and logistical problems. Consider the examples I have just given: B2B sales can be very high when compared with retail sales, and strategic outsourcing contracts can run into billions of pounds and take many years to negotiate. For those reasons, B2B selling requires a professional level of proficiency.
The impact of the pandemic has made it more important for policy makers to distinguish between retail and B2B. We know that jobs in retail are disappearing as consumers move to digital self-service; by contrast, the number of B2B selling roles is steadily growing. Unfortunately, however, many of those posts are hard to fill, and the sector suffers from a skills shortage. We need more and better salespeople to enable us to recover from recession and boost overseas trade. The CBI anticipates that if the UK can achieve its upskilling and retraining needs, that will boost the economy by between £150 billion and £190 billion a year by 2030.
I referred earlier to the all-party parliamentary group for professional sales, and I want to talk about some of the work that we have done. The group was founded in 2018 by Stephen Kerr, who was then the MP for Stirling and is now a Member of the Scottish Parliament. The mission of the all-party group is to
“improve the global recognition of the importance of sales and its impact on the UK economy; to promote and advance the sales profession and boost the success of British industry, especially in international trade.”
That is what I am hoping to achieve through this debate. I mentioned that my background led me to become a founding member of the APPG, and as its chairman, I am proud of the work that we have done. In particular, I am proud of two recent policy reports.
The APPG’s first inquiry, in 2019, looked at why so many small and medium-sized enterprises were under-performing at this essential business activity. In our report, “The Missing Link: Inquiry into the role of sales in increasing the productivity of small and medium-sized enterprises,” we highlighted how many small businesses had too few B2B sales, we mentioned the lack of status of the salesperson within the organisation, and we commented on how slow SMEs in particular were at taking in new technology. We felt that the status issue was stopping good recruits coming into the profession, and we concluded that if we were able to fix some of those problems, it would assist the economy in enjoying significant growth. We stated:
“Our report identifies a critical shortage of professional salespeople that affects every business, but SMEs in particular. It also highlights a negative attitude in Britain towards selling that is holding the economy back. The government needs to intervene to close the skills gap, and to promote a more businesslike attitude towards selling.”
I mentioned the impact of the pandemic; shortly after that report was published, covid-19 hit, and it caused a revolution in the way that people sell. Our second report, which we published in March 2021, was entitled, “Supercharging Sales: Investing in B2B selling for jobs and growth,” and it looked at the changes that had arisen as a consequence of the pandemic and the lessons that needed to be learned. It made three recommendations—about the need to recognise the importance of B2B selling to the economy, to encourage more entrants into the sales profession at SME level, and to promote better sales skills and greater uptake of digital sales technology.
In our report, we found that the owners of SMEs would need to learn to sell in a new way; no longer would it be suitable to charge up and down the motorway for personal visits. We have seen the adoption of digital technology, but in many cases B2B salespeople have been slow to adapt to that technology. They need to be upskilled, and more of them need to be trained. As an APPG, we called for the Government to tackle the skills shortage; we know that would have a positive impact on the economy.
If businesses embrace a digital landscape and enter a selling revolution, we can grow the economy. We know that digital methods will be important, but when it comes to selling there remains a wide gap between the digital haves—usually big businesses and growth-orientated SMEs—and the digital have-nots, which are usually smaller businesses.
As I have mentioned, SME salespeople have struggled with obstacles that have hindered them from switching smoothly to the digital marketplace. Those obstacles include, in the first instance, a lack of sales skills. Before the pandemic, skilled B2B sellers were in short supply; from March to September 2020, there were 197,000 job postings for B2B sellers, in a profession that numbers only about 540,000 people. We found that the skills deficit was greatest for SMEs, which often do not train their staff.
The second major obstacle to growth was the shortage of management skills. Covid-19 made it urgent for businesses to adjust their sales model, but many business owners were too busy and needed help developing a strategy. The majority of SME owners are yet to adopt efficiency-oriented management practices and do not use customer relationship management software. The software exists, and it needs to be used. In addition, a lack of understanding of sales often leads SME owners to make mistakes when hiring salespeople, because the business owners themselves do not understand the sales process fully.
The third major obstacle that we identified was a shortage of digital skills. We know that the UK is only 12th among OECD member countries for technology adoption. We also know that covid-19 has spurred many salespeople to use more digital tools. However, SMEs have stopped evolving their tech use, while larger companies have carried on. SMEs will not adopt the next wave of sales technology if they do not first adopt the basics, which are about having a good online presence and using cloud computing and CRM software.
We know that jobs and skills are challenges for the UK economy as we exit the pandemic. New skills will help Britain to commercialise its research and development innovations. We know that we are an innovative country and new skills will facilitate overseas trade. However, we have struggled to recruit and train the B2B salespeople that the economy needs, and we need support from the Government in promoting awareness of and respect for business-to-business selling, and in stimulating demand for sales learning. Such Government support would be very welcome in the sector.
Members of the APPG believe that sales should, at some point, be referenced in the curriculum at school, college and university. There should be more work-based qualifications to create pathways into the profession, and the professional body, the Institute of Sales Professionals, has an aspiration to see a chartered professional body. We would like to see B2B given a higher priority by policy makers in skills and education. There are few Government-supported educational programmes for building commercial sales skills for those entering the workforce, and I am afraid that there is little or no discussion of sales in the MBA courses that are run in this country. That contrasts strongly with US universities that provide the same qualification.
We want the Government to use what influence they have to promote awareness of business-to-business selling and stimulate demand for sales learning, and I have a number of asks for the Minister, which I hope he will respond to in his remarks. The all-party group would like to see more on-the-job learning, and more courses and qualifications in professional sales, which could be backed by the Department for Education—I know that the Minister here today is a Business, Energy and Industrial Strategy Minister. We think courses should be eligible for funding under the lifetime skills guarantee. We would like more teachers of sales skills in our further education colleges, and more such teaching in the growth hubs, wherever possible supported by professional people who are actually doing the job. Perhaps there could be more mentoring and support for businesses that are involved in business-to-business sales. Perhaps representatives of the profession could participate in Government and industry advisory groups, as the salesperson is often overlooked.
The all-party group would like to see more apprenticeships. We would like to see the bureaucracy of the Education and Skills Funding Agency cut, with growth hubs offering support to SME owners. We think the Government could also help by setting national targets for the adoption of proven digital technology by SMEs, including cloud computing and customer relationship management software. Let us provide an incentive for businesses to take on that new technology. SMEs will need some support in funding their training needs. We would be happy for there to be financial incentives for SMEs to do that, and we would like to see extra funding for growth hubs to carry out sales courses and peer networking.
My remarks so far have focused primarily on the domestic need for business-to-business selling, but we must also consider the role that professional sales can play in the international landscape. The Government have an export strategy, which was published by the Department for International Trade on 17 November. Its 12-point plan mentions sales five times, and professional sales are involved in almost all of the 12 points. Approximately one third of the UK economy is international trade, and that is about business-to-business commerce. To be successful on the world stage, we need experts who can compete with salespeople from other countries to ensure that our goods and services are bought in preference to others’.
In the aftermath of the UK’s leaving the EU, we have the freedom to trade on our own and in new territories. I know from my business career that new business is not easy to secure, and that certainly is not possible without a competent and skilled team of salespeople. Fulfilling the ambitious trade deals that the Government have put in place will not be possible without those skills. A trade deal is a listing—an entitlement to deal with somebody—but we now need skilled salespeople out in those markets to take advantage of those deals.
As the Government’s priorities shift away from job retention and towards retraining people for the skilled jobs of the future, B2B sales must be a top priority for the UK. There will be massive benefits if we can ensure that SMEs adopt digital sales technology and gain professional skills. The pandemic has presented us with an opportunity to look afresh at difficult economic problems. Much of the cost of upskilling can be borne by employers, but I reiterate our ask for Government action to encourage that training by signalling the importance of sales skills.
Many positive benefits will flow to the UK if we can get businesses to adopt these new skills and gain new abilities. If we can turn around our attitudes and upskill our workforce, business-to-business selling will be a major force enabling us to grow our economy, create jobs and build new markets overseas. The cry should be: “Let’s get out there, and let’s get selling.” I look forward to hearing the Minister’s response.
It is a pleasure to serve under your chairmanship, Sir Mark. I am grateful for the opportunity to respond. I am also grateful to my hon. Friend the Member for Rugby (Mark Pawsey) for securing this debate so that we can highlight the fantastic work that British industry and businesses do every day throughout the year. The ability to talk about that even for a few minutes is a great opportunity to celebrate their fantastic work.
I congratulate the APPG and my hon. Friend the Member for Rugby, who chairs it, on the work done under his chairmanship and under the chairmanship of the much-missed former Member for Stirling, who we all wish was still in his place. I was at the initial APPG meeting. I admit this was not an area of huge knowledge to me, but the former Member for Stirling was looking for Members to attend and managed to achieve quite a large number at the initial meeting. That was a testament to the former Member’s powers of persuasion and to the continuing ability of my hon. Friend to highlight this important issue.
I was involved in business for most of my career prior to coming to this place five years ago, so I have a little bit of experience in business-to-business selling. I used to be a management consultant and I would try to find somebody else who could do the business-to-business sales because I was not particularly good at it. I also worked in a bank for several years, building processes so that we could sell financial products to businesses. That brought home to me the importance of capable and competent individuals—and they were not easy to find, as my hon. Friend the Member for Rugby has correctly indicated. They have an incredibly difficult skillset, and I am in awe of those people who can walk into a room and sell at the level of technicality, competence and ability that so many B2B and professional salesmen have.
Such a skill takes many years to hone. We have an understanding in government that that skill is difficult to procure and not easily taught. It is often learnt on the job, but it is hugely important. My hon. Friend pointed out the difference between retail sales and business-to-business sales, which are often merged together but should be considered separately because they have very different skillsets. From a BEIS perspective, I assure my hon. Friend that the Department absolutely recognises the importance and value of business-to-business selling in the UK.
We know that the sector has been through a significant challenge, as every sector has, over the past couple of years. The pandemic has brought many difficulties for businesses and sectors all around the country, so I will take this opportunity to thank the sector for its work, its efforts and its contribution to the UK during that difficult time. I affirm that the Government value and wish to continue to support the sector where they can.
We have near full employment and lots of vacancies, but there are challenges regarding the skills that are more difficult to procure and create in the type of selling that we are talking about. In the past couple of years, gaps have appeared or been exacerbated. Covid has taught us that many business activities can be conducted successfully anywhere and that technology can allow us to get past geographical barriers, but ultimately it is the sales and the techniques that are hugely important.
My hon. Friend the Member for Rugby highlighted the international opportunities to go out and sell UK plc if we have the right skillsets in UK businesses to do so. We are proud to have already delivered a trade agreement with the EU, which came into force last year and has been debated many times in this place and beyond. It is the first that the EU has signed that grants tariff-free and quota-free access to its market, ensuring that British businesses can continue to have a strong trading relationship with our European neighbours and build on the skills that we have been talking about. It is the most liberal market access that either party grants to any trading partner, and gives us opportunities to sign new trade deals—the first opportunity in 50 years.
We have already signed trade deals with Japan, Australia and New Zealand, and this gives us the opportunity to use the skills already in place in UK plc and to seek new opportunities as we build that skillset even further. We will continue to support British businesses to be able to make that case all around the world—not just in the EU, but in all the new markets that are opening—through measures such as the 12-point plan, which will support SMEs to manage import controls, and the export support service, which provides a single point of entry and support for businesses exporting to Europe.
We have included a chapter dedicated to protecting the interests of SMEs in the trade and co-operation agreement, and have various helplines for customs and international trade. All those measures seek to give our businesses and salespeople, and the B2B people who are selling in and around these markets, the tools and the ability to help them with the knowledge and expertise to do what they do best—to find business and help UK businesses grow.
I turn to the importance of skills and productivity in sales. My hon. Friend the Member for Rugby is right to highlight the maxim that nothing gets made until a salesperson ultimately takes an order. There is the challenge of building skills in those who are just coming into the workforce, and of augmenting skills for those who are already there.
B2B sales can be a dynamic and lucrative business activity, which can attract young talent. It is for employers, ultimately, to convey the benefits of those roles for prospective workers. The Government are keen to highlight the opportunities in the B2B market, and the abilities and fantastic capabilities in UK plc. As Minister for industry, I look forward to doing more where I can, and I know that my colleagues elsewhere, in BEIS and beyond, are also keen to do so.
That is an interesting question, and one that many industries are debating. There is huge value in chartered status and the accreditation that it provides. At the same time, we must ensure that in creating those things—I am sure it will not be the case in this sector—barriers to entry are not raised at the same time, as that could exacerbate some of the challenges that my hon. Friend has rightly highlighted throughout the debate.
In the few moments I have left, I will touch on productivity and highlight the importance of the schemes already in place, such as Help to Grow: Digital and Help to Grow: Management. Help to Grow: Digital provides businesses with free, impartial online support and guidance on how the digital technology that my hon. Friend rightly highlights can boost their performance. Up to 100,000 eligible businesses can take advantage of discounts of up to 50%, worth up to £5,000, to buy some of the basic productivity-enhancing tools highlighted by my hon. Friend, such as customer relationship management and accountancy software.
On top of that, Help to Grow: Digital enables people to consider the best way, from an e-commerce perspective, to help businesses make the best of selling online. That will be useful for many people, but does not take away from the important point—highlighted by my hon. Friend the Member for Rugby, and the hon. Member for Strangford (Jim Shannon)—about people understanding what they are selling and having the capability, competence and technical knowledge to do so.
This has been a hugely important, if quick, debate. I am grateful to my hon. Friend the Member for Rugby and the APPG for continuing their important work in this sector. There are parts of commerce that do not often speak as loudly as others; they just get on with the job and do brilliant work, day in and day out. This is one of those examples—people who are really pushing UK plc to do more. They are working through how we can grow, do better, and collectively take on more jobs. I congratulate the sector on all the work it has quietly done over so many years; as the Minister for industry, I offer my personal support.
If it is helpful to my hon. Friend, I am happy to talk to the APPG on a different occasion, in more detail, about how we can work together on this issue. I am keen, if we can, to do a visit—or something along those lines—so that we can see, publicise and highlight all the great work in this sector, which has done so much over recent years to put UK plc in such a good position, and will continue to do so in the years ahead.
Question put and agreed to.
Covid-19 Pandemic: Royal Mail Services
[Rushanara Ali in the Chair]
I beg to move,
That this House has considered Royal Mail services and the covid-19 pandemic.
It is a great pleasure to see you in the Chair today, Ms Ali. This is the third debate that I have secured on the performance of Royal Mail in as many years. I have done so because, as a company, Royal Mail is continuing to fail residents and businesses in my constituency and in many places across the country.
Royal Mail provides a vital frontline service. Throughout the covid-19 pandemic, postal workers continued to go to work to deliver letters and parcels, and, in addition to their core responsibilities, often provided vital contact for vulnerable residents living on their own during lockdown. I pay tribute to their bravery, dedication and service. I regularly meet postal workers in my constituency and representatives from their union, the Communication Workers Union. I am absolutely clear that the issue at Royal Mail is a failure of management and that the problems are structural.
The problems with Royal Mail first came to prominence in my constituency in 2017 when it announced plans to close two delivery offices in my constituency: the SE22 delivery office on Silvester Road and the SE27 delivery office on Windsor Grove. It was clear to local residents and elected representatives that the closures would be a disaster for postal delivery services. Following a large campaign, Royal Mail decided not to close the SE27 delivery office, but it pressed ahead with the closure of the SE22 office in autumn 2018, shortly before Christmas.
The closure of the SE22 delivery office heralded a disastrous deterioration in the reliability of postal services for local residents in the SE22 area. The delivery office was merged with the SE15 delivery office in Peckham, which is too small to cope with the volume of parcels for two postcode areas. It is located a considerable distance from the furthest parts of SE22 and the area has challenging topography. When the office initially closed, it is no exaggeration to say that services collapsed, with many streets not receiving postal deliveries for days or weeks at a time and customers having to queue for hours to pick up parcels. The situation was completely chaotic.
Following the initial Christmas peak in 2018, services improved somewhat, but ever since that time it has been clear that Royal Mail has no resilience in the SE15 delivery office and can maintain a satisfactory level of service only when all conditions are optimal. Whenever there are any increased pressures due to peak periods, staff sickness or adverse weather, the service in large parts of SE22 quickly becomes completely unreliable.
The consequences of poor and unreliable postal delivery services for my constituents have been severe. I have heard from constituents who have missed medical appointments or, perhaps even worse during the pandemic, turned up at hospital for appointments that had been cancelled. They have lost important legal documents and have had to attend court because they missed the deadline for paying speeding fines.
During the pandemic there have been many heart-rending stories that illustrate the important role that postal services still play in people’s lives, including children not receiving any birthday cards during lockdown, handmade gifts from grandparents for newborn babies not being delivered, and residents who have been relying on post from family and friends to fend off loneliness and isolation waiting weeks at a time for their post.
In addition, my constituency is home to the Mark Allen Group—a magazine publisher that produces 114 publications, including Farmers Weekly, which is delivered nationwide on Fridays. The publisher has highlighted the unreliability of postal delivery services in many parts of the country as a serious threat to the viability of its business. It has noticed significant subscription cancellations, which correspond with unreliable postal delivery services.
Magazine publishers are worth £3.74 billion to the UK economy and employ more than 55,000 people. The Mark Allen Group in my constituency supports hundreds of jobs in journalism, printing and distribution. It is reliant on Royal Mail for the sustainability of its business. It is no exaggeration to say that the Royal Mail failures are putting jobs at risk. Citizens Advice, the consumer advocate for the postal sector, also confirms that the kinds of failures seen in my constituency are common across the country. It estimates that 16.5 million customers were hit by letter delays in January 2021, and 15 million were left waiting for letters during the festive period 2021-22. It also highlights the rapidly increasing cost of Royal Mail services. The price of a first-class stamp has increased by almost 50% in just five years, leaving customers paying much more for a poorer service.
I have engaged extensively with Royal Mail, the CWU and Ofcom since 2017 about the problems in SE22, and during the covid-19 pandemic problems in other postcode areas in my constituency, especially SE19, SE24 and SE27. My engagement with Ofcom has been, frankly, extremely disappointing. There appeared to be very little interest in the severe problems affecting my constituents, and no meaningful action that Ofcom, as the regulator, was willing or able to take in response. It is clear to me that there are considerable problems with the regulatory framework that have made it impossible for Royal Mail to be held to account when its services fail.
I believe that five measures are urgently needed to put this situation right. There is currently no requirement on Royal Mail to undertake public consultation on a decision to close a delivery office, despite the obvious significant impact that a closure can have on a local community. In the case of SE22, every single concern that local residents raised about the closure has come to pass. Royal Mail sold the SE22 delivery office for £7 million. There was no requirement to reinvest any of the receipt in the provision of local services. I urge the Minister to ask Ofcom to introduce a new requirement for meaningful public consultation on delivery office closures, and to instigate an independent analysis of the impact on local services that must be submitted to Ofcom and signed off before a closure can take place. We will not accept further delivery office closures in Dulwich and West Norwood.
Royal Mail is required only to report quality of service data at the level of the first part of the postcode. That has consistently meant that the catastrophically poor performance in SE22 and other postcodes in my constituency has been masked by performance data across the wider SE postcode area, which covers a vast swathe of south-east London. In effect, that has made it impossible to secure any regulatory action for my constituents. I have made repeated requests over a number of years for Royal Mail to provide more granular performance data, and they have always been refused. That gives rise to concerns about transparency and accountability. I urge the Minister to ask Ofcom to require Royal Mail to report performance data at the level of local postcodes, so that regulatory action can be taken more easily on individual delivery offices when they fail.
The partial suspension of the universal service obligation during the pandemic effectively removed all regulatory levers from Ofcom in relation to Royal Mail. Across many streets in my constituency, residents have reported periods when post was not delivered for weeks at a time. When I raised those problems with Royal Mail, it systematically denied the extent of the problem, refused to acknowledge backlogs of mail sitting in delivery offices—that miraculously were cleared when I made a short-notice visit to at least one of the delivery offices in question—and denied the extent of the gaps in delivery.
I am completely clear that Royal Mail has regularly been in breach of the USO in my constituency, but there has been no action from Ofcom, leaving Royal Mail entirely unaccountable for the quality of its services. The Government must therefore require Ofcom to review the universal service obligation to ensure that meaningful regulatory action can always be taken when there are breaches and, in circumstances in which the USO is partially or fully suspended, that there is no vacuum of regulation.
Finally, it is unacceptable for the public to be asked to pay more for less, particularly at a time when the cost of living crisis is bearing down on so many people across the country. I ask the Minister to respond to the request from Citizens Advice and to ask Ofcom to carry out a full assessment of the affordability of postal products, in the light of the jump in first-class stamp prices. My constituents are utterly exasperated by the lack of action from Royal Mail, Ofcom and the Government in response to the failures of Royal Mail in my constituency. The privatisation of this vital public service by the Tories and the Lib Dems has failed. The Government must urgently get a grip.
It is a pleasure to serve under your chairmanship, Ms Ali. I congratulate the hon. Member for Dulwich and West Norwood (Helen Hayes) on securing this important debate. I would like to associate myself with the appreciative comments she made about postal workers.
My experience of postal deliveries came with my first opportunity to visit sorting offices in my constituency last Christmas, after covid restrictions were relaxed. I visited the sorting offices in Carlton and Arnold in Gedling. I was struck by the very close working conditions under which postal workers operate when sorting the post, working cheek by jowl. Although there was a good working atmosphere in both sorting offices, I congratulate them on their tenacity for working in such difficult conditions throughout the pandemic; it must have been a very difficult time.
The service in Arnold has remained very good, but there were serious concerns about delivery of post in Carlton. Medical appointment letters arrived after the appointment date, and birthday cards arrived late. A useful indicator of whether an individual or the system is at fault is the arrival of cards; when several birthday cards arrive after a birthday, that is a useful indicator that the system itself is at fault.
Some of my constituents received 10 or 14 days-worth of post at the same time, in one go after a long gap. That was initially ascribed to staff shortages and so forth as a result of covid, but on further investigation that seemed not necessarily to be the prime mover. Particularly at Carlton, new walk routes had been introduced and implemented because that sorting office was serving a lot more points than previously. Once the new system was implemented, it stuttered on day one, and a lot of work was required to resolve significant teething problems and iron out that problem, to get back to an acceptable level of service.
I had good meetings with Royal Mail on the matter. I also praise the members of the Communication Workers Union I met to discuss it. I hope that, as a Conservative MP, I do not damage their street cred too much by singling out Ian Pointer and Steve Blower for particular praise, as they gave me a thorough and considered briefing on the subject. As I stand here today, it looks as though the problems in Carlton have simmered somewhat. I am gaining significantly fewer emails in my inbox on the subject, so it appears to be resolved.
I want to use this opportunity to thank Royal Mail and its staff, who have worked so hard to resolve the issues in Carlton, and for stepping up to meet that challenge in difficult circumstances.
It is a pleasure to serve under your chairship, Ms Ali. I congratulate my hon. Friend the Member for Dulwich and West Norwood (Helen Hayes) on securing this important debate. Like her, I thank the staff at Royal Mail for their hard work in keeping communities connected throughout the covid pandemic. It was such a difficult time for everybody, but they continued to strive to work extremely hard, delivering parcels throughout my constituency of Cynon Valley.
As others have mentioned, I have a good connection with local postal workers, especially the trade union representatives. I make particular mention of Amarjite Singh, branch secretary for south-east Wales, and our local CWU rep, Jason Richards, who has been instrumental in the re-establishment of our trades council locally, which is fantastic.
Over the past two years, during periods of widespread lockdown or personal isolation, Royal Mail deliveries have been a lifeline and kept people supplied, including with the special delivery of coronavirus test kits. The postal workers were part of the key worker service provision that kept the country running, even when many of them suffered from covid; we have to thank them for their work.
As has been outlined, the difficulties in meeting delivery targets during the pandemic were understandable from the perspective of postal workers. Increased parcel volumes, social distancing requirements, and staff absences were all contributory factors. The suspension of Royal Mail’s regulatory targets as a designated universal service provider in 2020-21 was a welcome move. The service came in for much criticism and many complaints, which had a detrimental impact on the morale of staff, who—from my significant dealings with them—are absolutely committed to providing a high-quality service.
Three areas of concern have been brought to my attention that could assist in securing a return to the delivery of a world-class postal service if work were undertaken. The first relates to covid and staff sickness. While over the past two years employees battled with the impact of covid, Royal Mail discounted covid absences from the sickness absence procedure. With restrictions having lifted, that is no longer the case. Given the public-facing nature of the work involved and the close working environment, it is essential to ensure that in all instances, both staff and the public are adequately protected from the risks of covid. Although I understand Royal Mail’s policy is that staff are advised to remain at home if they have covid symptoms or test positive, I would be most concerned—as, I am sure, would other Members—if there were evidence that practice did not always follow that policy. Staff should never feel pressured to come into work in such circumstances. I would be interested to hear the Minister’s views on that.
The second area relates to steps to improve service provision, service quality and standards. It is welcome to hear that the CWU and Royal Mail recently set up a joint national quality of service steering group to monitor progress and address any barriers to achieving quality of service objectives. In my opinion, Royal Mail should be provided with more regulatory freedom to innovate, grow, and improve postal services. Allowing Royal Mail to introduce tracking facilities for a universal postal service is a key action that Ofcom could take to improve postal services. Ofcom is opposed to that, but the CWU argues that tracking in the universal service obligation would deliver better outcomes for customers and ensure that the USO evolves with user expectations. Further, it is essential that Royal Mail is reunited with the Post Office and returned to public ownership. An integrated postal, retail and delivery network would boost postal revenue potential and service quality, thereby benefiting customers.
The final area relates to job security, staffing levels, and terms and conditions. Recent media coverage reports that Royal Mail is planning to sack about 900 managers and bring in lower rates of pay in what Unite the union has said is another case of fire and rehire. The Royal Mail workforce is already depleted, having suffered in excess of 1,500 job cuts in 2021, leaving the service seriously understaffed and struggling to meet targets. A recent survey of Unite members revealed that the service depends on the willingness of members to undertake unpaid work, with members readily going without lunch breaks, working unpaid at weekends and even forgoing annual leave to provide the quality service that those workers want to provide to constituents.
Unite the union claims that job cuts are driven by shareholder greed—a view I share—despite the service having returned a record £311 million in profits, and that the business’s real plan is to eventually cut the six-day delivery service altogether and move to a three-day service model, as is the case in European countries such as Denmark. Sharon Graham has called on Royal Mail to step back from making any cuts. In her words:
“Royal Mail has no excuse for announcing these job cuts, especially at the same time as introducing ‘new’ bands on lower pay. That is just ‘fire and rehire’. They are not even losing money. Royal Mail’s private shareholders are doing very nicely…This is shameless boardroom greed looking to ruin a great UK name and a 500-year-old essential service.”
In this cost of living crisis, it would be remiss of me not to say that staff deserve an inflation-proof pay rise. CWU workers in Wales have relayed to me their concerns about the pay discussions in Royal Mail and have written to the Royal Mail Group chief executive in February and, following the lack of response, published an open letter to bring the union’s concerns into the open. The union made it clear that it found the delay in announcing the pay offer unacceptable given the cost of living crisis, and that the company is undermining trust.
Local CWU members are very aware that the business recently paid dividends to its shareholders to the tune of £400 million. Indeed, as of January 2022, a total of £1,725 million had been paid out in dividends to Royal Mail shareholders since privatisation by the Conservative-Lib Dem Government in 2013. I therefore fully support the CWU’s calls for Royal Mail to be renationalised, which would allow for the money paid in dividends to shareholders to be reinvested in the business to retain staff, fund a significant pay rise, which the staff deserve, support growth and improve service quality.
I would like to know whether the Minister supports the call for an inflation-proof pay rise for postal workers, and indeed all key workers. That is, I believe, the right and necessary thing to do in this current crisis. Diolch yn fawr.
It is a pleasure to serve under your chairmanship, Ms Ali. I congratulate the hon. Member for Dulwich and West Norwood (Helen Hayes) on securing the debate and I associate myself with the words of appreciation for postal workers that have already been expressed.
The recent postal disruption in my constituency hit a peak in the latter half of last year, so unsurprisingly much of the correspondence I received centred on its impact on the festive season, with Christmas cards and presents sent in November not arriving until the new year. I first got in touch with Royal Mail about my concerns about the Amersham sorting office in September 2021. The original responses were inadequate. It initially assured me that the delays were temporary and that, although reduced, service to the affected areas was still regular and being delivered rotationally every other day. Based on the testimonies of constituents shared with me in the following weeks, that was in no way an accurate representation of the situation on the ground.
One elderly constituent missed two long-awaited hospital appointments as the letters did not arrive until after the appointments were scheduled. Another told me that they ended up in rent arrears and debt after a delay in the delivery of a bank card. The same constituent was left without any form of identification as they waited for a new driving licence and the other identity documentation to be returned to them.
Of course, we all understand that Royal Mail has been dealing with a pandemic, and I am well aware of the difficulties caused by staff absences as a result. I understand why Ofcom decided to grant an exemption to Royal Mail’s universal service obligation, but the level of service we have been left with in places has been completely unacceptable. A few days’ delay is one thing; a month’s is another. If exemptions are granted, there should be an obligation to clarify what is and is not acceptable.
Royal Mail conceded that, as well as the pandemic and staff shortages, the difficulties at Amersham sorting office related to changes to the delivery rounds. It transpired that entire streets were missed off the routes, so some people were getting no mail at all. I have been in regular contact with Royal Mail about that since the autumn, and by the end of January things were largely in a much better place, but I have started to receive the same messages about postal delays to my inbox all over again. That is nothing to do with the exceptionally committed postal workers; there is something going wrong at a higher level.
I echo my colleagues’ calls for more detailed data, broken down at a more focused level. It is clear that reporting does not paint an accurate enough picture. In my area, the most severe disruption focused on the HP6, HP7 and HP8 areas. To ensure a more consistent service, Ofcom must require Royal Mail to provide more detailed data in order to root out the problems plaguing service delivery. Holding Royal Mail to account is desperately needed. The hard-working postal workers I have spoken to are not responsible for the backlog they are trying to clear.
It is a pleasure to serve under your chairship, Ms Ali. I thank my hon. Friend the Member for Dulwich and West Norwood (Helen Hayes) for securing this important debate, following an unprecedented two years in which Royal Mail staff worked at the coalface of the pandemic to ensure that vital services continued and that our country remained connected. I refer the House to my entry in the Register of Members’ Financial Interests and, in particular, to my membership of trade unions.
As with all key workers, we owe Royal Mail’s workforce a debt of gratitude for performing heroically in the face of the covid crisis, which claimed the lives of many of their colleagues on the frontline. I also thank to the Communication Workers Union for its leadership throughout that period, ensuring that the concerns of all Royal Mail staff were listened to and acted on. The CWU always works tirelessly, and never more so than in the past two years, when it has ensured that the interests of all postal workers—including health and safety concerns—were listened to. The CWU and all Royal Mail staff have gone above and beyond to serve our communities throughout the pandemic.
My local branch—the CWU North West Central Amalgamated Branch, which represents more than 2,500 postal workers—continued despite sadly losing one of its own members to covid. Mr Ian Wilson was based at the Royal Mail delivery centre in my constituency. His death left an enormous hole in the union, which he first joined in 1978 before working as a Royal Mail driver in Stockport. Ian was a loyal, hard-working public servant who was liked by everybody he came into contact with. He continues to be missed dearly by all those who knew and loved him.
Local CWU branch secretary Mr Dave Kennedy was forced to source and fund PPE himself from a local company early on in the pandemic. I thank Dave and all CWU branch officers for their work on that. The lack of PPE at the start of the pandemic remains nothing short of a disgrace. Royal Mail staff always deliver for our country and never more so than during the pandemic, when it was awarded the Government contract for the testing programme; staff had to work around the clock, seven days a week, to deliver and collect test kits from households, playing an enormous role in helping to contain the spread of the virus. They often did so in the face of considerable hurdles. When social distancing restrictions were in place, only one member of staff was allowed per van, which led to a shortage of vehicles and instances of staff members being forced to walk—in one case, up to 3 miles—before starting a shift. The efforts of the CWU’s cleaning membership in sterilising all vehicles, touchpoints and work areas undoubtedly also helped to limit the spread of the virus.
The already challenging situation was made worse by of a lack of support by senior management. Royal Mail did not take advantage of the furlough scheme for clinically extremely vulnerable staff members. Instead, it recorded any resulting absences as sickness absences, which led to members exhausting their sick pay entitlement and suffering significant financial hardship. Instead of supporting the workforce, Royal Mail bosses directed sick staff members to a national charity for help. It was only after many weeks of the pandemic—and following the intervention of the CWU—that the situation was resolved.
Things could have been very different if Royal Mail had remained in public hands and the bottom line was not what mattered most to its senior leadership. It remains a national tragedy that the Conservative-Lib Dem coalition Government sold off one of the UK’s crown jewels in 2014—the biggest privatisation since that of the railways in 1994, when the Conservative Administration flogged off another of our country’s greatest assets.
Almost a decade on from the sale and millions of recklessly wasted taxpayer pounds later, there remains no justification for having privatised the organisation. As we all know, Royal Mail was making a profit and providing a high-quality public service to everyone in the UK. That profit now goes straight to private shareholders, with £800 million lining their pockets between 2013 and 2017 alone. Research by We Own It and the New Economics Foundation revealed that, by 2025—just a decade after the sale—the country will be worse off than if Royal Mail had remained public. Almost 70% of the public support a publicly owned Royal Mail, which, research shows, would save us £171 million a year—enough to open 342 new Crown post offices with post banks. It is time to bring Royal Mail back into public hands, where it belongs.
Scandalously, we have seen a nationwide attack against Crown post office branches. The Royal Mail is not to blame for that; this short-sighted Government are. I am proud to have a Crown post office branch in my constituency, just a short walk from my constituency office. My community needs that branch, and I will do all I can to stop its closure. It is staffed by unionised civil servants, unlike the concessions often operated by retail brands, which simply do not offer all the services of a Crown branch.
Last year, following the CWU’s “Save our Post Office” campaign, I was delighted that controversial franchising plans for my local branch were overturned. Crown branches are at the heart of many communities like my own, and we must ensure that other branches are not relocated or downgraded to a retail partner.
I agree with my hon. Friend the Member for Cynon Valley (Beth Winter) that the Royal Mail and the Post Office should be integrated and come under public ownership. I also agree with the comments made by my hon. Friend the Member for Dulwich and West Norwood.
Once again, I want to take this opportunity to place on record my thanks to all Royal Mail staff, CWU members and the Communication Workers Union for consistently going above and beyond to keep our country connected at a time when it faced the very real prospect of being ground to a halt by covid. Their efforts will not be forgotten. I thank them on behalf of my constituents.
It is a pleasure to service under your chairship today, Ms Ali. I congratulate my hon. Friend the Member for Dulwich and West Norwood (Helen Hayes) on securing this important debate and thank all hon. Members who have spoken. I will reflect almost all their comments in my remarks this afternoon.
The postal industry is hugely important to the well-being of our country. The covid-19 pandemic highlighted the importance of the service and of its workforce. For the past two years, Royal Mail workers have selflessly provided key services delivering vaccinations, shielding letters, covid-19 tests and PPE items, as well as enabling people to communicate with their loved ones when they were unable to visit them in person. It is right that today we have heard hon. Members across the House recognise them for their extraordinary efforts. It is also important that we review together how we can better hold Royal Mail management to account. I want to mention one of my constituents, Councillor Poonam Dhillon, who was a dedicated Royal Mail worker who sadly died of covid last year.
Royal Mail has a long and storied history dating back to 1516, roughly taking the shape that we know today in the 19th century with the introduction of the first stamp in 1840 and with the first pillar box erected in 1852. Those were important reforms, as was the setting of a duty on the postal service across our islands that Royal Mail must deliver to every address in the UK six days a week at a uniform price.
The Postal Services Act 2011 gave a statutory basis to the universal service order, which defines what should be considered part of the universal postal service. The Act sets out the minimal requirements that Royal Mail must deliver. The USO can be amended by Ofcom, which designates regulatory conditions, including pricing and performance targets.
The Royal Mail is the UK’s universal services provider, which is a sign of the respect and trust we have placed in the postal service in our country. A character in a book by Anthony Trollope, the Victorian novelist who also invented the pillar box, once exclaimed of the stamp: “Surely this little Queen’s head here can’t be untrue!”.
Trust matters, yet trust in this very significant public service has been significantly weakened since Royal Mail was privatised by the coalition Government in 2014. The Business, Innovation and Skills Committee at the time concluded that it had been undervalued in that sale by David Cameron’s Government—to the tune of £1 billion to the taxpayer.
What was the result? In 2020-21, Royal Mail significantly missed its targets that a minimum of 93% of first-class mail is delivered the next working day and a minimum of 98.5% of second-class mail is delivered within three working days. Just 74.7% of first-class mail and 93.7% of second-class mail met those service targets.
Although we all acknowledge the unique conditions of the pandemic, during which sickness eroded staffing levels and isolation increased the parcel load, data from Citizens Advice’s 2022 state of the sector report suggests that the service has not recovered. It found that at the beginning and end of 2021, letter delays were widespread across the country. During Christmas last year, almost 15 million people were left waiting for post. Over half of those reported going at least a week without letters, as we have heard today.
In previous debates, Members have complained about mail arriving late for their constituents and, worryingly, the Citizens Advice report also found that one in 14 UK adults had experienced serious negative consequences of struggling to receive their post, missing important documents such as insurance letters or fines. Last July, Royal Mail committed to returning to pre-pandemic quality by the end of August, but as the CA report makes clear, it did not. In response to this persistent failure to meet its targets, Ofcom has told Royal Mail that it must take steps to improve performance as the effects of the pandemic subside.
May I ask the Minister what expectations the Government have of Royal Mail for the timescale in which its performance will return to pre-pandemic levels? Will he tell the House what discussions he has had with Ofcom about the next steps for Royal Mail, and say what potential repercussions Royal Mail executives could face if they do not meet their targets?
Although Ofcom has the power to fine Royal Mail, as it did in response to missed delivery targets in 2018 and 2019, more stringent measures might need to be taken. A further significant issue has been the closure of Royal Mail delivery offices and the impact of such closures in some areas is still very much ongoing. My hon. Friend the Member for Dulwich and West Norwood has been a dedicated campaigner for her constituency ever since the SE22 delivery office was closed in 2018. She spoke very powerfully about that closure in her speech today. Despite being warned by my hon. Friend and community stakeholders that that closure would make delivery more difficult, Royal Mail pressed forward and closed the delivery office in East Dulwich anyway. That decision continues to impact the performance and services that local businesses and residents are receiving. My hon. Friend has also talked about there being no resilience in the SE15 service, and the poor and unreliable services for a range of her constituents. We need to look at the measures that have been raised today, including reporting at a more detailed postcode level, because transparency is not the enemy of democracy.
Royal Mail’s recent history has raised concern that it seems to be driven by a mission to increase dividends for shareholders ahead of genuinely fulfilling its responsibilities as the nation’s universal service provider. Following the cuts of 2,000 managerial roles in 2020-21, in January this year Royal Mail revealed plans to cut a further 1,000 management jobs. Although Royal Mail has said that cuts are intended to streamline operational management and to improve focus on performance at a local level, they come in a year of record-breaking profits for shareholders and an increase in the cost of first-class stamps of nearly 12%. At the same time, Royal Mail will bring in a lower-paid managerial role, in a move that Unite the union has compared to fire and rehire practices. That is absurd at a time when the service is already struggling to meet basic performance targets and when data suggests that Royal Mail has the capital needed to make investments without such a scale of job losses.
Will the Minister say what discussions he has had with Royal Mail and the relevant trade unions—Unite and the Communication Workers Union—about the scale of job losses? Has he discussed the service’s prospective plan to streamline operational management in terms of equipment, transformation for future business and staffing? Does he recognise the work of the unions, including the CWU’s acknowledgement of the need for modernisation? That need is understood: unions want to work with management to reform an organisation that their members work for with pride.
May I also ask the Minister whether he has considered the CWU’s proposal to integrate a high level of corporate social responsibility on environmental issues and employment standards into the postal regulatory framework? What discussions has he had about the affordability of postal products?
We need better communication with Parliament. As Royal Mail moves into a new regulatory framework for 2022 to 2028, I want it to be open to better communications with Parliament, stakeholders and communities. Although Royal Mail is technically independent of Government and overseen by Ofcom, it remains an essential public service. Yet it has been hit by a decade-high rate of more than 1 million complaints and high sickness absence rates. There were boosts otherwise for shareholders last year, as parcels helped Royal Mail to achieve a £311 million profit. For that reason, Labour will continue to call for Royal Mail to be held more strongly to account, for the Government to actively listen to the debate and for a better postal service in all parts of our nation, as the public expect and demand.
It is a pleasure to serve under your chairmanship, Ms Ali.
I congratulate the hon. Member for Dulwich and West Norwood (Helen Hayes) on securing today’s important debate about Royal Mail’s services and the covid-19 pandemic. Clearly, this is not the first time that we have discussed the issues—the ongoing issues—in her constituency. I am sure that we will continue the conversation, and it is important that we do, so I am glad that she has had the chance to air her views in this debate. I hope that Royal Mail continues to respond and to engage constructively with her.
Before discussing the level of service overall, I would like to provide some context, outlining both the importance of and the pressures on postal services in the lead-up to the debate. We have heard today that the postal service has played a critical role in helping to mitigate the impact of coronavirus on individuals, families and businesses across the UK. We absolutely recognise that postal workers have been working incredibly hard to meet demand and deliver the universal service in incredibly difficult circumstances. We all rely on them to keep people connected across the country by delivering the letters and parcels that are so important to everyday life, and supporting the economy in these difficult times.
As the hon. Member for Dulwich and West Norwood is aware, Royal Mail’s contingency plans to mitigate disruption to postal services are well established. They are overseen by Ofcom, the independent regulator, which has been raised, so it is for Ofcom to monitor service levels, although Royal Mail has reassured Government that it has been doing everything it can to maintain service levels during the pandemic. I do look out for and try to support hon. Members’ inquiries with Royal Mail when those are raised, as has been the case today—for example, my hon. Friend the Member for Gedling (Tom Randall) raised the situation there.
Royal Mail has set out that improving service levels is its No. 1 priority at this stage, so although the situation is improving, it is clear that there are still issues that need to be addressed in certain areas. I do expect Ofcom to continue to challenge the business, under its regulatory framework, to ensure that it is delivering the best possible service. It was disappointing to hear otherwise from the hon. Member for Dulwich and West Norwood about the policy of engagement with Ofcom, which she said was missing in her exchanges. That is certainly regrettable to hear.
Overall—looking at the wider picture—customers continue to be satisfied with Royal Mail’s services. Ofcom’s last annual monitoring report, for 2020-21, which was published in December of last year, found that more than eight in 10 residential customers and around eight in 10 SME users are satisfied with Royal Mail. Those results are in line with Ofcom’s findings in its review of user needs published in November 2020. That general satisfaction is despite the challenges of delivering postal services during a pandemic.
The statutory framework recognises that, in an emergency, Royal Mail may not be able to sustain the universal postal service without interruption, suspension or restriction. I hope that hon. Members will agree that it was reasonable for Ofcom to acknowledge in this context that the pandemic was indeed an emergency. Therefore Royal Mail was legitimately able to modify its obligations, including by reducing the frequency of letter deliveries temporarily, for six weeks, in 2020. However, Ofcom’s declared emergency regulatory period ended on 31 August 2021 as Royal Mail implemented its improvement plan. Normal regulatory requirements have since applied, although in monitoring compliance Ofcom needs to take account of any relevant matters beyond Royal Mail’s control that may impact on its performance. Throughout the pandemic, Royal Mail has been transparent about any changes to the services that it provides; that information can be found on the Royal Mail website.
Royal Mail’s quality of service results, published last month, indicated that it had not met its universal service obligation targets for the delivery of both first and second-class mail in the third quarter of the financial year. Royal Mail reported that that was due to high levels of covid-related isolation and to absences being at double the normal pre-pandemic levels at the peak of the omicron variant. That is something that we have heard from any number of sectors, and any number of businesses, beyond postal services. Royal Mail has also reported that hiring temporary staff to help to manage service issues proved very challenging because of the combination of very high competition for temporary staff and high infection rates across the population. Despite those challenges, postmen and women worked exceptionally hard to ensure that the delivery of covid-19 test kits was prioritised. Royal Mail responded to the Government’s call to double the volume of covid test deliveries within days, and Royal Mail next-day delivery for kits exceeded 98%.
Royal Mail accepts and acknowledges that its quality of service has not always been as it would have wished, and has publicly apologised for any resulting delays that customers may have experienced in their local areas. It has reassured me that it continues to work to improve service levels, having spent more than £340 million in the last financial year on overtime, additional temporary staff and sick pay, as well as providing targeted support for the offices most impacted by staff absences. Royal Mail also publishes a daily list of the delivery offices most impacted by service delays. I understand that near the start of the year 77 local delivery offices were listed on the website, and that number had been reduced to one as of last week, indicating the progress that has been made.
I would like to take some time to say something about local service disruptions, particularly in regard to the constituency of the hon. Member for Dulwich and West Norwood. I know from correspondence with her that this is, unfortunately, not a new issue and that she has been in contact with Royal Mail about service issues in the area.
Royal Mail has informed me that the service was disrupted because sickness absence levels in some part of its operation remained higher than normal—East Dulwich delivery office in particular has been experiencing high levels of sickness. Royal Mail has taken measures to tackle the issue, including rotating mail deliveries to addresses so that customers receive mail as frequently as possible.
The hon. Member said she had recently visited the East Dulwich, Herne Hill and West Norwood delivery offices to see the measures first hand. I encourage others to do the same—to go into sorting offices and meet the management, as well as saying thank you to the workers. It is good to see what managers are doing. Hon. Members have mentioned changes of route, which tend to be put together by managers in the sorting office, close to those who walk the beat.
I understand that mail deliveries for the delivery offices that the hon. Member for Dulwich and West Norwood visited have been taking place six days a week, barring occasional unforeseen disruptions, such as Storm Eunice and a spike in absences since February. I am also aware that Royal Mail has introduced operational changes to its network as part of its wider transformational plans. Modernising Royal Mail operations is necessary to maintain sustainable universal postal services and deliver better outcomes for customers.
I thank the Minister for giving way—I have always found him to be polite and helpful in my engagements with him. On the point about customer service and universal connectivity, can I press him on the issue of Crown post offices? The UK seems to be one of the only nations in the world where counter services are dis-integrated from delivery services—it does not even happen in the USA. I am one of the lucky MPs in Greater Manchester to have a Crown post office branch in their constituency. Can the Minister give me some assurance that the Government will not continue to close such branches or downgrade them to retail outlets?
I cannot give the hon. Member that assurance, because he is referring to Post Office Ltd, which was disentangled from Royal Mail at the time of sale. Post Office Ltd oversees franchised post offices and owns and runs Crown post offices, and it is going through its own modernisation programme. The financial situation of the Post Office has been well rehearsed, including the backdrop of the Horizon situation. Allowing Royal Mail to work through its own modernisation programme disentangled from that scenario is not necessarily a bad thing.
The hon. Member for Dulwich and West Norwood was elected at the same time as me; in those seven years, I have seen a huge difference when I go to the sorting offices each Christmas in the balance between letters and parcels. Royal Mail has had to change all the racks and systems to adapt to the big drift to more and more parcels being delivered and fewer and fewer letters.
I accept the point about the change in letter and parcel volumes. My broader point, as we are here talking about Royal Mail, is that Crown post office branches offer services that other post offices do not. It is about not just letters, but banking services, insurance and so on. Every MP in this room will have people in their constituency who do not have access to broadband or a telephone and who depend on those branches. I will perhaps write to the Minister and he can come back to me on my local Crown branch.
I do not want to be tempted into debating Crown post offices in this debate, but I would be happy to exchange correspondence with the hon. Member. He raises some important issues about access to cash and banking services. The future of the Post Office is very close to my heart. I want to make sure that we provide something that meets customer demand and is acceptable in this place, and that retains the social value we put on post offices while getting the fine balance right in terms of providing a solid financial footing—we should get that and more in a post office for the future. I will gladly engage with the hon. Member on that issue after the debate.
I am aware, as I said, that Royal Mail has introduced changes to its network. Modernising Royal Mail operations is necessary to maintaining that sustainable universal postal service and delivering those better outcomes for customers. However, in the immediate term, that may have contributed to local service issues while the business adapts to changes. It is always difficult to embrace and work through change, but Royal Mail has assured Government that if for any reason an address does not receive a mail delivery one day it will be a priority the next working day.
Royal Mail is open to engaging with the public, and indeed with all MPs about delivery services in their respective constituencies and across the UK. I urge any hon. Members whose constituents are not happy with the service they receive to take that up with Royal Mail. I have always found it engaging, but I am also here to help expedite things, if that does not work.
Ofcom is aware of continuing reports of delivery delays, and it issued a statement on 19 January expressing its concerns and making it clear to Royal Mail that it must take steps to improve its performance as the worst effects of the pandemic subside. As the regulator, it is ultimately for Ofcom to determine whether Royal Mail is meeting its statutory obligations. Ofcom has the powers to investigate and take enforcement action if Royal Mail fails to achieve its performance targets, without good justification, at the end of each financial year. That includes penalising Royal Mail for failing to meet its targets, as Ofcom did when it imposed a fine of £1.5 million on the business for missing its first-class delivery target for 2018-19.
Ofcom reviewed Royal Mail’s performance against its quality of service targets in 2020-21 and in the light of the impacts of covid-19 throughout that year decided not to open an investigation. However, Ofcom continues to scrutinise performance closely. It is currently preparing to review Royal Mail’s performance for the 2021-22 financial year and, if appropriate, it will not hesitate to act where necessary.
I would add that Ofcom must ensure that postal regulation keeps pace with the changes in the market and remains relevant, fit for purpose and effective. It last reviewed the regulatory framework for post in 2017 and said at the time that it should remain in place until 2022. It is now carrying out a further review of the future regulatory framework, which it aims to complete later this year. As part of that review, Ofcom ran a consultation on its proposals, from 9 December 2021 to 3 March 2022. It is currently considering the responses and expects to issue a statement in the summer.
A couple of quick questions were asked. The Government do not have any plans to renationalise Royal Mail. The sale of Royal Mail shares in 2013 and 2015 added £3.3 billion to public funds. In addition, we heard a lot about dividends, but not about the £2 billion that has been invested in the firm since privatisation, with a further £1.8 billion announced in 2019 for the following five years. Access to private capital, as with any other large, successful business, has enabled the investment necessary to innovate and seize the opportunities presented by new markets.
As I said, I want to ensure that I can help any hon. Member, should they have problems with their deliveries in the short term. I have found Royal Mail to be particularly proactive in engaging with hon. Members, should there be longer-term issues, and it does come back in good time. However, should it not, I am here to help expedite things, as I said.
There have been exceptional challenges in the last two years, and services have been disrupted. However, the postal system has continued to operate, and Royal Mail is now able to resume normal service levels as absence levels move closer to normal and as the business adjusts to operational changes. I want to take this opportunity to once again thank Royal Mail, and all postal workers, for the dedication and commitment shown while providing continued service throughout the pandemic.
I thank all hon. Members who have contributed to the debate. Two themes have run consistently through many of the contributions. The first is gratitude and appreciation for frontline postal delivery workers and acknowledgment of all that they have done during the pandemic, and I reiterate that once again. We are grateful to our postal workers up and down the country for the vital work they do.
The second theme is the frequent mismatch between the messages we all receive from Royal Mail as constituency MPs and the experiences of our constituents. I recognised, almost verbatim, the experience reported by the hon. Member for Chesham and Amersham (Sarah Green) of being told by Royal Mail that deliveries were being alternated every other day in her constituency, and yet residents were reporting that they were not receiving post for weeks at a time. That has absolutely been my experience. The problem is not the timeliness of the response from Royal Mail; it is that it simply does not chime with the experiences of our constituents. They have no reason to exaggerate or make up their experiences of the postal delivery services. If post is arriving, there is not a problem. Yet, time and again people report that there is a problem. I am grateful to the Minister for his continued engagement on this issue, and I am sure that, like Royal Mail managers in my constituency, he is sick of hearing from me about it, but we will not rest, because Royal Mail’s services are so important.
I am disappointed that the Minister did not address the data reporting issue, which is critical. Royal Mail cannot be held accountable for local delivery office failures, which matter so much in specific communities, if it has to report its performance data only at a very broad level. The same is true of national satisfaction survey reporting: hearing that 80% of customers are happy is no comfort if someone lives in SE22 when the SE22 delivery office is failing.
I urge the Minister to step back from the briefings he receives from Royal Mail and Ofcom, to look at what people across the country are saying about the quality of the services they receive and to think about the role Government can play in getting a grip on what I believe is a failing organisation and in making sure that Royal Mail continues to deliver the post, but does so with a reliability that such a vital service demands across the country.
Question put and agreed to.
That this House has considered Royal Mail services and the covid-19 pandemic.
Covid-19: Public Inquiry
[Mr Virendra Sharma in the Chair]
I beg to move,
That this House has considered the covid-19 public inquiry.
It is a pleasure to serve under your chairmanship, Mr Sharma. I begin by saying a huge thank you to many organisations, including Covid-19 Bereaved Families for Justice, Disability Rights UK, Sense and the Royal National Institute of Blind People, for all their tireless hard work in this area supporting the many people who have been impacted by the pandemic.
Covid-19 is the worst public health emergency and global health pandemic we have faced in a lifetime, having devastating effects globally. Here in the UK we were not exempt, with over 150,000 lives lost, which was one of the worst death rates. Having significant and unequal human and economic effects, the pandemic disproportionately impacted women, including pregnant women, as well as children, disabled people, and black, Asian and ethnic minority communities. Moreover, people’s class or where they live has an impact, exposing and exacerbating the inequalities as well as creating many new ones.
The pandemic severely tested this Government’s preparedness, resilience and co-ordination, but there is no doubt in anyone’s mind that the Government were not prepared for the pandemic and they lacked any credible strategy or plan to mitigate the situation. How they responded to the unprecedented challenges they faced raised a wealth of questions. The Government resisted mounting calls and pressure for a public inquiry until May last year. There needs to be a comprehensive investigation into all aspects of the pandemic and into the Government’s response to establish the facts, rebuild trust with the British people, hold power to account and learn lessons to ensure that the mistakes made will never happen again. The Government said that the inquiry would start in spring this year—here we are—but they have recently confirmed that public hearings will not begin until 2023. That is not good enough and is a huge blow to everyone, including the bereaved families who need justice and answers.
We know that there will now be two inquiries: one by the UK Government and one by the Scottish Government. Both inquiries will look at a wide range of issues, including the use of public health powers and expertise, such as medical evidence, restrictions and the wearing of masks, and health and social care policy, such as PPE availability, care homes, Test and Trace, and the vaccination roll-out. They will also look at the financial impacts, including statutory sick pay—or the lack of adequate statutory sick pay—public sector procurement safeguards, furlough and business support.
While the inquiry seeks to cover a wider range of areas, I strongly believe that the failure to include specific reference to disabled people is a grave omission. When I asked the Minister in February whether the inquiry would have a specific focus on disability, she replied, “Yes”. However, without explicit inclusion in the inquiry’s terms of reference, how can disabled people have confidence in the inquiry and confidence that lessons can and will be learned? So, today I will focus my speech on the impact of the pandemic on disabled people.
Between January and November 2020, of the 50,888 covid-related deaths in the UK, 30,296 were of disabled people or of someone with an underlying health condition, which accounts for six in 10 covid-related deaths. And that is not just any old data; it is data from the Office for National Statistics. During that same period in 2020, the risk of death involving covid was 3.1 times higher for disabled men than for non-disabled men, and the risk for disabled women was 3.5 times higher than for non-disabled women.
That deeply concerning disparity must be examined and must form part of an inquiry, as I believe it is the one thing that we really need to learn the lessons of, and why. Disabled people were one of the groups who were disproportionately impacted the most by the pandemic, and that remains the case now. Disabled people and their families have suffered the worst form of hardship and loss, and they really were an afterthought, including on—but not limited to—issues related to the labour market and employment, the move from working at home to hybrid working and so on, and the risks associated with face-to-face working, particularly for people living with sight loss. There are also the issues around education and learning, and for young people and children education and learning were incredibly challenging, but there were also issues when it came to accessing goods and services within the covid regulations. I have heard of so many instances at the start of the pandemic when many people who are blind or partially sighted could not even access food deliveries.
That is why, early on in the pandemic, I set out 10 clear asks of the Government, in order to alleviate some of the pandemic’s worst effects. However, in the words of one woman who has multiple disabilities:
“Thousands, if not millions, of disabled people lost their support network, which set back progress and caused so many other issues. Whether that is health or social care, we are human beings and deserve to have as much support as anyone else.”
She could not be more right.
Also highlighted in the report by Sense last year, which was entitled, “ Locked Down and Abandoned: Disabled People’s Experiences of Covid-19”, were the necessities of daily life that were involved, whether that was in education, employment, social contact, exercise, accessing food and essential supplies, medical and social care, financial support, testing kits and PPE. We know that three in four disabled people believed that their needs were overlooked, and that they have not received enough support.
That is why I believe that disabled people must be at the heart of this inquiry—yes, to learn the lessons and to be prepared for the future, but also to tackle some of the deep-rooted inequalities once and for all, and to ensure that the needs of disabled people are properly understood and prioritised.
Why is that important? First, we know that disabled people were unable to access essential support, including essential financial support, and services in the community. The introduction of the Care Act easements under the Coronavirus Act 2020 contributed to a cut or reduction of essential social care support, at a time when support should have been enhanced.
The social care system was not fit for purpose prior to the pandemic—I think we would all agree with that—and required significant investment and reform. However, despite the expiration of the easements, social care support has not returned to pre-pandemic levels. One of the worst practices was the blanket use of “do not attempt resuscitation” orders. Many families believed that they were being applied without their informed consent, and no system was in place to prevent people from not receiving lifesaving care just based on their underlying health condition. It prompts the question: why did the Government not do enough to identify the groups that were at greater risk during this pandemic?
When it comes to financial support, nearly 2 million ill and disabled people were excluded from the £20 uplift that was applied to universal credit, leaving many having to make difficult choices. The financial impact is only being worsened by the cost of living crisis. Those in receipt of social security benefits have faced a real-terms cut in support, which will push them further into poverty and hardship.
Secondly, the failure to include disabled people in policy and decision making meant that decisions were made that led to devastating consequences. For instance, not identifying vulnerable groups resulted in many being unable to access support. If a person was not classed as clinically extremely vulnerable, their support was restricted. The rigid list that was compiled meant that the vast majority of disabled people were left without support, including those with motor neurone disease, and blind and partially sighted people.
Thirdly, inclusion and accessibility were neither considered nor adhered to. Something as basic as producing inclusive information in accessible formats did not happen. That should have been the bare minimum. Throughout the pandemic, communicating key messages, information and guidance with the British people was vital, yet the daily press briefings that we all tuned into did not have any British Sign Language interpretation for deaf and hard-of-hearing people. Imagine if, during those discussions and meetings when decisions were being taken, there was input from disabled people or the organisations that work with them and represent them: just maybe, things could have been different quite early on.
Many testing sites were inaccessible. Home testing kits were, and frankly still are, inaccessible. There was a requirement to read barcodes, and instructions were not available in alternative formats. I know from my own lived personal experience the difficulties of having to use those testing kits. Goodness knows, I could not redo those boxes and send them back—it was impossible.
Finally, mental health and emotional wellbeing were tested to the limit for many disabled people. Prior to the pandemic, disabled people were already experiencing greater levels of loneliness and isolation, and the pandemic only exacerbated that. Two in three disabled people said that their mental health worsened during the pandemic.
Overall, I believe that the treatment of disabled people was well under par. That is why I consistently called for the Government to carry out and publish quality impact assessments, but my pleas went largely unheard. The one time they did publish an impact assessment, it was four months after the enactment of the Coronavirus Act. The inquiry must investigate the lack of impact assessments produced and gain a fuller understanding of what data and evidence was used when introducing policies. Government actions and decisions could have prevented the many devastating consequences that disabled people faced. The inquiry will consider any disparities evident in the impact of coronavirus, including those related to protected characteristics as set out under the Equality Act 2010, but it must also look at how protected groups intersect and the greater and wider impacts, and consider why there was not sufficient thought and planning for those groups.
The inquiry should take a human rights-led approach, such as that set out in the terms of reference for the covid public inquiry in Scotland. The omission of reference to the Human Rights Act 1998 in the UK inquiry has not gone unnoticed. I urge that it is added following the consultation process. I hope the Minister can say in her response why the UK Government took the decision not to include that Act. Does she agree that the only remedy would be to ensure that the inquiry gives due consideration to it?
As with all public inquiries, this one must be fully accessible to the public. Documents have still not been published in accessible formats, including easy read, which is not right. The website should have other formats—not just PDFs, but HTML and Word. It should not be on the user to contact the inquiry to ask, “Please can you send me an accessible version”. Such versions should be available alongside all the other documents. Again, this goes back to basics. To build trust and confidence in the inquiry, the terms of reference should state that an accessible communications policy will be implemented. That would go a long way.
I would really like the Minister to say that all parts of the covid inquiry, including hearings, will be accessible and inclusive, including all audio and visual forms of the inquiry, and for her to confirm that British Sign Language interpretation will be available. Millions of deaf and disabled people would benefit, but it would also show that the inquiry seeks to be accessible.
Will the Minister tell us why there is yet another delay? As I have highlighted, there has been mounting pressure and increasing calls for an inquiry. For public hearings to only begin in 2023—another year for people to wait—is frankly not good enough. We have a chair, but the inquiry has not formally started, and a letter from the Prime Minister is required for it to do so. That must happen now, so that no more time is wasted before we learn the lessons from the mistakes that were made.
When the terms of reference are ready and published, I hope that there will be specific reference to disabled people. I think I have given a pretty decent overview of the impact on disabled people: they have been impacted the worst and the most, and due and proper consideration should be given to them. I ask the Minister to encourage the Prime Minister to establish a panel, made up of experts with experience, to support the chair of the inquiry. She will not be surprised to hear me say that that panel should include disabled people and those who were affected by the pandemic.
Finally, will the Minister give assurances that, when preparing for future pandemics—I am sure the Government will do, are doing or have done that, but I would like her to confirm it—disabled people will not be hammered, disadvantaged and dehumanised, as they have been? I need her to give assurances today that that will never happen again.
I welcome this debate, which is on a subject of vital importance: ensuring that the public inquiry into covid-19 is set up in the most effective way possible, so that we may learn lessons from the terrible pandemic. I congratulate the hon. Member for Battersea (Marsha De Cordova) on securing it. I will try to respond to her specific points, but let me begin by setting out the current position on the inquiry and the next steps.
The current status was given on 10 March, when the Prime Minister published the draft terms of reference for the public inquiry into covid-19. The inquiry will take place under the Inquiries Act 2005 and will have full formal powers. It will be chaired by the right hon. Baroness Heather Hallett, the former Lady Justice of Appeal, who was also the coroner at the inquest into the 7/7 bombings. As it is vital that we get the inquiry’s terms of reference right—the hon. Lady has asked me many questions on this point—the Prime Minister has asked Baroness Hallett to lead a period of public engagement and consultation before making recommendations to him on any refinements. I will say a little more about that process in a few moments, but first I will describe the inquiry’s remit as it is currently drafted.
The draft terms of reference give the inquiry two aims: to find the facts and to learn lessons for the future. Both are crucial to help us all to understand what happened and what we should learn from the experience. In order to fulfil those aims, the inquiry—quite rightly—will have a very broad scope. The draft terms of reference cover preparedness, the response in the health and care sector, and our economic response. It looks at decision making and its implications at a central, local and devolved level. That all aims to ensure that every part of the UK can learn the lessons needed from this experience to prepare for future pandemics.
I am grateful to the Government for establishing the inquiry to learn lessons from this awful pandemic. The Minister deserves great credit for her leadership of that process. Will she add to those terms of reference the death care sector? She will know that funeral directors, morticians, gravediggers—all those involved at the place of burial or cremation—right through to bereavement councillors faced extraordinary challenges during this time. Access to PPE, the organisation of funerals and vaccination as a priority are all things that I hope the Minister will look at as part of the process, so that if we ever face something similar—heaven help us if we should—we will get it right.
I thank my right hon. Friend for asking those questions. In just a minute I will come to an answer for him.
Importantly, the terms of reference require the inquiry to listen to the experiences of those most affected by the pandemic, including bereaved families, and to investigate any disparities evident in the impact of the pandemic and our responses. This point is crucial, because the draft terms of reference are explicit that the inquiry must look at the protected characteristics in particular, as the hon. Member for Battersea asked me more than once. I confirm that those are age, disability, race, sex, marriage and civil partnership, pregnancy and maternity, gender reassignment, and religion and beliefs. Each of those important issues is already in the scope of the inquiry’s terms of reference.
As I have said, it is vital that we get the terms of reference right, which is precisely why the Prime Minister asked Baroness Hallett to consult on the draft. That consultation opened on 10 March and closed on 7 April. Over the course of four weeks, Baroness Hallett and her team travelled to 11 cities across the UK and spoke to more than 150 bereaved families. They also heard from sector representatives, including those representing children, people with disabilities, and frontline and key workers including funeral directors—I will ensure the list has been extended to other frontline workers—about a range of equality issues.
People have shared their views online as to what the inquiry should investigate, what it should look at first and whether it should set an end date for its hearings. Those responding have offered their suggestions on how people who have been severely impacted by the pandemic, or who have lost loved ones, can be given a voice and be part of the inquiry. By the time the inquiry’s consultation concluded, over 20,000 individuals and organisations had responded. That is an incredible level of response, which demonstrates the depth of feeling held on this matter and the importance of getting this work right. I have no doubt that the views expressed here today on refinements to the terms of reference will also have been made through that process.
As regards Scotland, any inquiry set up by the devolved Administrations may only consider devolved matters. This inquiry will ensure that the whole of the UK can learn the right lessons for the future, and in doing so it will seek to avoid duplication with any inquiry set up on a devolved basis.
The inquiry is now collating and analysing all the responses it received. Baroness Hallett has said that she will make recommendations to the Prime Minister on the final terms of reference in May. In the interests of transparency, Baroness Hallett has committed to publishing a summary of the consultation responses received and the many meetings she has held.
Once the Prime Minister has received Baroness Hallett’s recommendations, he will consider them carefully before finalising the terms of reference and making a further statement. As regards the date when the public hearings will start, the important thing is that the inquiry will begin its formal work this spring, once the terms of reference are finalised. As the Prime Minister has always said, from that point the process, procedure and timing of the inquiry stages will be for the independent chair to determine, and it is right that we respect that.
I will finish by saying that Baroness Hallett has set out that her investigations will begin once the terms of reference are finalised. She has said that she intends to gather evidence throughout the year, with public hearings beginning in 2023. The actual inquiry will start before that, but the hearings will begin in 2023. Baroness Hallett has made it clear that she will do everything in her power to deliver the recommendations as soon as possible.
I have only a couple of minutes left. This has been a valuable debate. I hope I have been able to offer reassurance regarding the inquiry’s draft scope, which is very wide and covers the details that the hon. Member for Battersea asked for, and about the breadth and extent of the consultation process that will no doubt lead to further refinements from other frontline workers.
I extend my thanks to every individual and organisation who took the time to engage with the consultation process, whether online or in person. Their views will be crucial in getting the inquiry’s terms of reference right, in how it is run, and, in due course, in shaping our understanding of how the pandemic has impacted families and communities across the UK, and ensuring that the right lessons are learned.
Question put and agreed to.