My Lords, this past year has put into sharp focus the importance of digital connectivity, which has been vital in keeping both people and industries going in these challenging times. In the other place, my right honourable friend the Secretary of State spoke about the potential for 5G and gigabit broadband to transform our lives. The Government are investing billions of pounds into these cutting-edge technologies. However, we can be confident in the technology only if we know that it is secure.
That is why we have introduced the Telecommunications (Security) Bill. The Bill will create one of the toughest telecoms security regimes in the world. It will protect our telecoms networks even as technologies grow and evolve, shielding our critical national infrastructure both now and for the future. I will briefly outline the context for the Bill and why it is necessary, before turning to the intent of its clauses and delegated powers.
The security and resilience of 5G and full-fibre networks is not just in the national security interests of the UK. It is also crucial to the UK’s economic interests and future prosperity. The House will recall that this Government published the UK Telecoms Supply Chain Review Report in July 2019. It found that telecoms providers lack incentives to apply security best practices and recommended a new framework for the UK’s public telecoms providers that will respond to new and emerging threats to the security of our networks. The review also recommended new national security powers for the Government to control the presence of high-risk vendors in UK networks. The Bill is our response to those recommendations.
I will now outline the intent of the Bill’s clauses, which can be broadly separated into two groups. Clauses 1 to 14 introduce a stronger telecoms security framework, placing new security duties on public telecoms providers. Clauses 15 to 23 introduce new national security powers to address the risks posed by high-risk vendors.
I turn first to Clauses 1 to 14. The Bill amends the Communications Act to create a tough new telecoms security framework, which consists of three layers. First, the Bill places strengthened overarching telecoms security duties on public telecoms providers in primary legislation. Secondly, specific security requirements will be set out in secondary legislation. Thirdly, guidance on the detailed technical measures that providers could take to comply with their legal obligations will be set out in a code of practice. The new legal duties in the Bill and the measures in the secondary legislation will apply to public telecoms providers operating within the UK.
To illustrate the specific measures that providers may be expected to adopt, we published an illustrative first draft of the security framework regulations on GOV.UK in January. We have been, and continue to be, in close contact with industry following the publication of the draft regulations. Comments received as part of this engagement are being considered in the drafting of the final version. We will launch a public consultation on the draft code of practice once the Bill achieves Royal Assent. This will ensure that views from all impacted groups are heard ahead of the new framework coming into force.
The Bill provides Ofcom with a new general duty to seek to ensure that telecoms providers comply with their new security duties and builds on Ofcom’s existing security duties. Ofcom will have new powers to assess providers’ compliance. In cases of non-compliance, Ofcom will be able to issue a notification of contravention and, ultimately, financial penalties of up to 10% of turnover. Recognising that Ofcom will have expanded duties, DCMS is working with it to ensure that it has the necessary capability and capacity to deliver those vital functions. We have already increased Ofcom’s security budget for this financial year by £4.6 million to reflect its enhanced security role, in addition to its existing funding. Ofcom will also continue to work closely with the National Cyber Security Centre in the delivery of its security functions. The two organisations have published a statement, available on Ofcom’s website, which sets out how they plan to work together.
Clauses 15 to 23 introduce new national security powers to manage the risks posed by high-risk vendors in our telecoms networks. The Bill includes new powers for the Secretary of State to designate specific vendors in the interests of national security and issue directions to public communications providers. Those directions will place controls on a provider’s use of goods, services and facilities supplied by a designated vendor. Once a designated vendor direction is issued, the Secretary of State can direct Ofcom to collect information from providers and report back so that the Secretary of State can determine whether a provider is complying with a direction. Government amendments were passed in Committee in the other place to bring the powers in Clauses 15 to 23 into force immediately upon Royal Assent.
The Government have announced that UK telecoms providers should cease to install Huawei equipment in 5G networks after September 2021 and remove all Huawei 5G equipment by the end of 2027. We published an illustrative direction and designation notice in November 2020 to demonstrate how the powers in the Bill could be used in relation to Huawei in line with these announcements. Once the Bill receives Royal Assent, any proposed designated vendor directions and notices will be subject to the relevant consultation requirements set out in the Bill.
I will now turn to the delegated powers in the Bill. It contains nine delegated legislative powers to make secondary legislation and two administrative powers. Six of the delegated legislative powers are to amend the maximum penalties specified in the Bill. These are Henry VIII powers and are subject to the draft affirmative resolution procedure. A further two are powers to create regulations setting out specific measures to be taken to comply with the new security duties and are subject to the negative resolution procedure. Finally, one power is to make regulations commencing certain provisions in the Bill and is not subject to any procedure. The two administrative powers are the power to issue codes of practice and the power to give designated vendor directions to providers.
Our approach to the delegated legislative powers is in keeping with precedent. The powers to amend maximum penalties in the Bill are consistent with those in the Communications Act 2003. I appreciate the need for Parliament to have the right mechanisms to scrutinise the powers that we are taking in the Bill. I am confident that the approach we have taken finds the appropriate balance. As the House would expect, we have submitted the delegated powers memorandum to the Delegated Powers and Regulatory Reform Committee. I thank it very much for its prompt report on the memorandum, which I read with interest. The Government will consider the committee’s recommendation concerning the power to issue codes of practice about security measures and aim to respond to the report fully in due course.
To conclude, the Bill has not been designed around one company, one country or one threat. Its strength is that it will create an enduring and effective telecoms security regime that will be flexible enough to keep pace with changing technology and changing threats. I hope that noble Lords on all sides of the House will welcome it. I beg to move.
My Lords, those of you who participated in this House’s consideration of the National Security and Investment Act may, I am afraid, detect a few similarities in the nature of my contributions to this legislation. That is an unfortunate consequence of the Government’s failure to listen to the strength of feeling in the House on the subject of oversight during those debates.
Like that Act of Parliament, the Bill seeks to address concerns first raised by the Intelligence and Security Committee some seven years ago in its report, Foreign involvement in the Critical National Infrastructure, namely that there were serious failings in the way in which successive Governments managed the entry of foreign telecommunications companies into the UK market. Clearly, the Government have been listening to what the ISC, with its unparalleled access to highly classified material, has been able to discover on behalf of Parliament, leading to both pieces of legislation.
The ISC therefore welcomes this Bill. We strongly support the principle behind it and the new safeguards it introduces. However, as with the National Security and Investment Act, we are concerned that the Bill does not provide for sufficient parliamentary oversight of these important new powers. As noble Lords are aware, the Bill provides significant powers for the Secretary of State to designate certain vendors as high-risk and to direct telecommunications providers to abide by certain requirements about the use of equipment from designated vendors. When the Secretary of State issues, varies or revokes a designation notice or a designated vendor direction, he will lay it before Parliament, except when this is contrary to national security.
This is a perfectly reasonable provision. I, for one, would not wish the Government to publish information that would damage national security. However, as things stand, this results in a significant gap in Parliament’s ability to scrutinise the Government’s decision-making and use of these powers. I am sure noble Lords agree that this is not what Parliament expects.
There is a simple and elegant solution to this problem: any designation notices or designated vendor directions that cannot be laid before Parliament for reasons of national security should be provided instead to the ISC for scrutiny. Parliament established the ISC for this purpose. Indeed, it is the only committee of Parliament that has regular access to the most sensitive protectively marked information. ISC colleagues have made these points repeatedly in the other place but they, again, have fallen on deaf ears. The Government’s resistance to this idea, coming so swiftly after their resistance on the NSI Act, gives the unfortunate impression that they are seeking to avoid scrutiny—an impression I am sure Ministers will wish to correct.
The Government have been clear that they do not think the ISC’s scrutiny role should be included in the Bill. This is regrettable. We should not knowingly be passing legislation that has holes in it. However, once again, there is a ready solution to that problem. As noble Lords are aware, the Justice and Security Act 2013 requires the ISC’s specific remit to be set out in a memorandum of understanding between the committee and Prime Minister. The Government told Parliament that the MoU would provide the ISC with oversight of substantially all the Government’s intelligence and security activities. However, with the passage of the NSI Act and now this Bill, the MoU is self-evidently out of date. It is a very simple matter to update it to provide the ISC with oversight of these powers in the specific and limited way I described a few moments ago.
The committee has formally raised this issue with the Government and asked them to take forward updating the MoU to ensure that it meets the commitments the Government made to Parliament during the passage of the Justice and Security Act. For that reason alone, I do not intend to table an amendment that would put the ISC’s essential oversight role on these powers in the Bill. However, the Government should be in no doubt that they must address this issue; the current situation is not tenable. If the Government do not wish to amend the Bill to fill this oversight gap, they must give a commitment to update the ISC’s memorandum of understanding and provide the oversight that Parliament requires in that way.
A large body of opinion from all corners of the House feels strongly about this and, should another Peer table an amendment on it, I would support it. The Minister will recall the strength of feeling in the House when the Government failed to provide for ISC oversight of the powers introduced by the National Security and Investment Act. I urge the Government to work constructively with the ISC on this issue.
My Lords, I thank the Minister for her very clear exposition of the purposes and modus operandi of this Bill. It is a great pleasure to follow the noble Lord, Lord West—Admiral West—and I look forward to working with the noble Baroness, Lady Merron, who is on the Front Bench.
During late summer last year, we debated the Telecommunications Infrastructure (Leasehold Property) Act, when this security Bill was held out as a carrot, largely to try to curtail discussions of a Chinese nature. It did not work, of course, and we had those discussions, but here we are at last with this Bill. As we have heard, it provides the Government with considerable new national security powers to issue directions to privately-held public telecommunications providers, primarily with the aim of managing issues arising from high-risk vendors. As such, the Minister will acquire wide and sweeping powers.
The Bill also gives Ofcom wide duties and legal powers to monitor and assess the security of telecoms providers. For teeth, as we have heard from the Minister, companies that continue to use high-risk vendors could or will face very heavy fines. Perhaps the Bill’s headline outcome is the new controls on the use of Huawei 5G equipment, including a ban on the purchase of new Huawei equipment from the end of 2021 and a commitment to remove all Huawei equipment from 5G networks by 2027.
How will these Benches respond? First, I am happy to confirm that Liberal Democrats are strongly in favour of having secure telecommunications networks. I am sure the Minister is relieved to hear that. Secondly, Liberal Democrats want to see Huawei technology removed as quickly and expediently as possible. However, I note, as the Minister hinted at but did not detail, that the issue is with more than one supplier and more than one country. I add that the issue of the treatment of Muslim Uighurs does not stop with this Bill. The genocide going on there creates much wider implications for our relationship with China than the issue of which technology makes our phones work. These implications are very important, but I understand that they are beyond the scope of this Bill.
Thirdly, Liberal Democrats strongly believe that the Government must now invest in developing telecommunications technology in the UK. We want to see an increase in the diversity of the UK’s telecoms supply chain. We also believe that a strong relationship with the European Union and the intelligence alliance Five Eyes will help us to ensure that security risks are dealt with quickly. Finally, Lib Dems want to see stronger protections for the privacy of people in the UK.
What we will be testing in Committee is threefold. First, does the Bill effectively shut out the technology it is meant to shut out? The trick to making communications secure will be the nuts and bolts of the Bill. Secondly, do the Minister and Ofcom have the right powers, and the necessary checks and balances, to make this Bill work? Thirdly, when it comes to supply chain diversification, can we actually shut out Huawei et al and have an effective communications network?
One at a time, first let us look at the prime intent of the Bill: to keep our networks secure. On the face of it, this is another skeleton Bill. With the presentation of a few statutory instruments here and there, the Government should theoretically be able to react swiftly, but are the Minister and Ofcom placed to pre-empt issues, rather than react to them? There is a technical difficulty here: in 5G particularly, the distinction between the core and edge of networks is blurred. With technology moving faster than government can, that distinction is almost meaningless and the threats will change from week to week. So can the Minister explain how Ofcom can ever successfully be ahead of the game and not chasing issues?
As we know, plans for removing Huawei have been announced, but this does not stop with Huawei. For example, legislation in the US is considerably broader. It identifies specific companies, including Huawei, but also ZTE Corporation, Hytera Communications Corporation Limited, Hangzhou Hikvision Digital Technology Co. Limited and Dahua Technology Co. Limited. Also, US legislation covers telecommunications and video surveillance and services. Given the news this weekend, the Minister might like to review where we source CCTV cameras from in this country—I note that that was discussed in a previous debate. Can the Minister assure your Lordships’ House that this legislation will cover the full range of security threats that we need to cover or will we see another Bill to broaden it yet further into surveillance and surveillance services?
Turning to the powers granted by this Bill, it gives wide-ranging powers to the Secretary of State and next to no oversight to Parliament. Included are sweeping powers to address matters of national security and it is not clear, although the Minister has hinted, how Ofcom will really interact with the intelligence community. Furthermore, as we have heard from the noble Lord, Lord West, the committee, which has express oversight of national security, has been excluded from scrutinising how this legislation will operate. I support the words of the noble Lord, Lord West. In addition, there is no dedicated role for judicial or technical oversight. This is very different from the Investigatory Powers Act 2016, in which such provision exists. I expect my noble friend Lord Clement-Jones to comment more on this issue.
The Bill also gives sweeping powers to Ofcom. We heard from the Minister how Ofcom will be co-operating with the intelligence services, but this creates a conflict of culture within Ofcom and will inevitably lead to more opaque operations which will, in turn, create issues elsewhere. I am still not clear how that interface will work. It will be useful to investigate that in Committee.
Finally, I turn to supply chain diversity. The Minister in the Commons said:
“We must never find ourselves in this position again. Over the last few decades, countless countries across the world have become over-reliant on too few vendors”—[Official Report, Commons, 30/11/20; col. 75.]
Fine words, I am sure, but they come from a Government whose Chancellor and Secretary of State for BEIS have cancelled the industrial strategy and disbanded the Industrial Strategy Council. Undaunted, alongside the Bill the DCMS has published a diversification strategy. I suggest that Oliver Dowden, who adorns that document, is rowing somewhat in the opposite direction from the Chancellor of the Exchequer. Assuming that this strategy makes some headway against a running tide within government, it has three legs: “supporting incumbent suppliers”, “attracting new suppliers” and accelerating “open-interface solutions”.
I will take those legs one at a time, beginning with “supporting incumbent suppliers”. I am bemused by the term “incumbent”. I think it means domestic suppliers, because Huawei is an incumbent supplier and we have heard that it will not be getting support. Assuming domestic suppliers is what is meant—there are world trade rules that make it difficult to preferably treat domestic suppliers, but assuming these can be surmounted —can the Minister give us the current estimate of how many incumbent domestic suppliers are in our network and what percentage, in terms of value, they represent?
To fill that gap, we are going to need pretty rapid innovation. Innovation is not easy and the speedy innovation we have just seen with the Covid vaccine, for example, was helped by two important conditions: first, a very strong existing R&D base in this country and secondly, a guaranteed private sector market for the vaccine. I do not think these conditions exist for telecoms technology. So, what is Her Majesty’s Government’s assessment of telecoms research and development in the UK? How will the private networks be encouraged to guarantee a market for any UK-based and UK-developed products that emerge?
The second strategic leg is “attracting new suppliers”. I suspect this is going to be an easier job than building an industry from scratch in this country. Will the Minister confirm how the vetting process will work? I assume this will be in the code of conduct. Will the networks have to be externally cleared? Will they be subsequently audited, and how deep does approval go? Does every component of every sub-assembly need to go through a process, and how will this all unfold in building the networks? It begins to sound quite cumbersome if there is going to be a nuts and bolts check of the technology.
The third leg is accelerating “open-interface solutions”. The Government are moving ahead at speed with open-access radio networks and open RAN piloting, and should be congratulated. If it goes to plan, when will we start to see this becoming significant? How will the Government get the existing vendors to increase the scope of their interoperability? What, in a sense, is in it for them?
We overwhelmingly support the objectives of this Bill. There are serious issues, particularly in the absence of detail and scrutiny. The regulations remain a mystery until they are published, and the process is potentially pretty bureaucratic. I think the Government have recognised that there are issues, which probably reflects why there are four days in Committee ahead of us. We may need all four of those days.
My Lords, I welcome this Bill. It is not only necessary, it is also overdue, but it is just one step on a path along which we have much further to go. By itself the Bill will have only a limited impact. If we are to realise its benefits, we need to think about the wider questions it leaves unanswered. Addressing these questions is crucial to our future safety and prosperity.
Throughout history, technological advances have brought with them exciting new opportunities, but they have also introduced serious vulnerabilities. Meanwhile, as our society has grown more complex, interconnected and interdependent, so its ability to weather shocks has grown more fragile—to the point now that serious technological disruptions could have catastrophic consequences. This should not be taken as an argument against embracing technology and the benefits it confers. It should, though, make us think very seriously about the new vulnerabilities we create and how we might mitigate the associated risks.
The Bill goes some way towards meeting that responsibility, but it does not provide the whole answer. As the title of the Bill tells us, the issue we confront is one of security, but we have to ask ourselves what exactly we mean by that term. In my view, we do not mean invulnerability. We should certainly seek to defend critical areas such as our telecommunications from attack, but a defender always has certain disadvantages. The choice of when, where and how to attack lies with the assailant and the defender is, at least at first, on the back foot. This problem is particularly acute when the space or activities to be defended are widely spread, as with our telecommunications network. We cannot therefore assume that an attack will fail, no matter how well we prepare. Quite the opposite: we have to assume at least a degree of success. So, the security of our national telecommunications infrastructure becomes a question less of how to prevent attacks entirely and more of how well we can absorb and recover from them.
In its first report of May last year, the National Infrastructure Commission acknowledged as much and recommended an architecture which can “anticipate” challenges, “resist, absorb” and “recover” from attacks and adapt accordingly. It calls on the Government to set “resilience standards”, appoint regulators to “oversee regular stress testing” and require that:
“Infrastructure operators produce long term resilience strategies”.
Can the Minister tell the House what progress has been made in implementing these recommendations?
All of this seems to throw up two different categories of question: what policies and actions would best protect our infrastructure from attack and achieve the necessary resilience, and how do we provide appropriately rapid assessments and directions to counter the effects of such attacks?
On the first point, at which this Bill is aimed, the Huawei experience would seem to suggest restricting the provision of parts of our infrastructure to trusted suppliers and operators, but who are they and how are they to be engaged? They cannot be drawn solely from the ranks of “British” companies—whatever that means in today’s globalised business environment—since we do not have the mass, the spread or the technologies within our economy to meet all our own needs. It is certainly possible to identify less risky 5G suppliers than Huawei, but not ones that are risk free.
Even where we do have a national capability to provide and operate parts of our infrastructure, problems remain. Are the Government to identify such national champions in selected areas of business? This may be necessary in some very restricted areas, but such dirigisme has a poor track record in the UK for two principal reasons. First, the Government are not very good at identifying winners. Secondly, in order to remain in business, such champions need a regular drumbeat of UK orders, which, in turn, stifles competition and efficiency. There are many salutary examples of this in the history of defence procurement.
A more productive approach might be to decrease reliance on one or even a few suppliers and thus build a degree of redundancy into the most critical parts of our infrastructure. This would not be the cheapest solution, at least in the short term, but the level of insurance that it provides might be well worth paying for. The Government need to develop an approach that balances cost, risks and resilience—that constantly monitors and rebalances this equation in the context of our complex and dynamic world.
This requirement, alongside the observation that some of our judgments will inevitably prove to be wrong, and in the expectation that some attacks will succeed, at least in part, brings me to my final point. Things move quickly in the world of technology, and they will move even faster during a determined attack on our telecommunications infrastructure. If we are to respond successfully, if we are to absorb the first blow, recover from it and reshape ourselves for the future, we will need two things: agility and adaptability. Agility in this sense is our ability to respond quickly to those things we did not or could not foresee—to change our systems, plans and, indeed, our thinking on the fly to check and outmanoeuvre our opponents. Our resilience and ability to recover will depend on this. Adaptability, by contrast, is about our ability to change our longer-term posture in the light of emerging threats and opportunities and to learn from both failure and success. Agility keeps us in the fight and helps us master immediate challenges. Adaptability maintains our readiness in a changing world.
Provision of these crucial attributes cannot be left to the individual service providers, but neither can they be delivered by the Government or by a regulatory body such as Ofcom. Those organisations can and should formulate policies, allocate resources and check compliance, but we also need a much more flexible arrangement to provide effective command and control of both our detailed preparations for, and our response to, attacks. Perhaps there is a role here for an expanded National Cyber Security Centre. So, while I welcome and support this necessary Bill, I urge the Government to view it as just one stage of a much longer journey. It is a good plan, but like all plans it will not survive first contact with the enemy. If we are safely to reap the benefits of new technologies, we need ways not just of regulating them but of dealing swiftly and competently with the dangers presented by their malign exploitation. This Bill goes only so far; we need to go much further.
My Lords, it is a pleasure to speak in this debate. In the time available, I want to welcome the Bill, which, as we have already heard, delivers on promised made by the Government and Ministers in 2019 and 2020: that a comprehensive telecoms security framework would be put in place. As my noble friend the Minister said, this is a comprehensive security framework that will provide an opportunity to look beyond just one company or one country of concern. As we have heard from previous speakers, over the years there will of course be more threats and more areas and companies of concern that will arise.
I agree with the noble and gallant Lord, Lord Stirrup, that of course this is a first step. As we know, with security threats and with emerging technology, over the years a more comprehensive response will be needed, but I think the Government are to be congratulated that the midst of the disruption over the last 15 months, this telecoms security framework Bill has been brought forward as was promised. The other side to this, as we have already heard, is noble Lords’ desire to hear about the pace and rollout of the diversification strategy. My noble friend the Minister will, I hope, be taking this from the House and be able to address it in her comments.
As noble Lords will be aware, the use of 5G technologies, the importance of 5G to the delivery of the internet of things, the use of artificial intelligence and other technologies, are only going to grow. Just this morning, I was part of this House’s Covid-19 Committee listening to evidence about the increase, as we have seen, of course, of people working from home over the last year, running their businesses from home and, as some of us have seen more closely than others, home schooling—which we all hope there will be no need for again in future. Without secure, reliable and resilient broadband internet and 5G connectivity, we will put ourselves at a disadvantage as a country.
The need for that resilience—as well as having secure networks—means that if we are asking companies to take out the technology from a particular other supplier, or to not use technology from particular countries in future, for extremely understandable, wise and prescient security reasons, we will need to make sure that we build up a secure, long-lasting and sustainable supply chain strategy in this country. This may not relate only to domestic companies; we have allies around the world and will want to be able to work with other companies and countries around the world to make sure we have that diversity of the supply chain. The lack of diversity has been referred to as a market failure, and I think that was correct. The Government have now very much got on top of this and got ahead of this. I hope the Minister will, as the Bill goes through this House—I will have great pleasure in supporting it as it does—and in future, be able to keep the House updated about the delivery of that diversification of the supply chain, as was announced by my right honourable friend the Secretary of State in November last year. I wish the Bill every success as it proceeds.
My Lords, I hope to be very brief. We ought to remember three things. First, our lives are very short—although I am 85—in comparison with the 300 years of the Industrial Revolution. Secondly, that is 0.1% of Homo sapiens’ existence on this world. Thirdly, the world is much older still. Is the Minister assured that the development of innovation that is part and parcel of what we want to see over the next few years is going to continue, or is this going to be a block on the continuation of that?
More importantly, much of what Ofcom deals with is international, not national. Therefore, it is going to be much more difficult to respond to an entitlement of that nature internationally than nationally. It is easy to deal with four or five companies that deal with telecommunications within this country, but it is not so easy to deal with them internationally, particularly with Facebook and Twitter and all the other things that go with that. I have no idea where they come from. Does anybody know where they come from? Netflix is a massive organisation, now producing more than the BBC, but where does it come from? Where exactly is it, in terms of telecommunications generally? Amazon Prime—again, where does it come from? I pay my bill to Amazon Prime regularly, but where on earth do I pay it to? Where does it go?
I suggest three things: first, that we deal with the international issue; secondly, that we deal with the issue that I raised to start with; and thirdly—more importantly—that we ask whether our democratic system keeping up with the improvements in science and technology that are happening around the world at present. Yes, in 1820, two-thirds of people in Britain lived below the level of absolute poverty. Now, the United Nations is talking about abolishing that term because that level no longer exists. Poverty exists, of course, but absolute poverty does not exist. On vaccines, even in the present crisis, the number of people who are vaccinated now is higher than in the past. The number of people who can read and write is also higher. So, why are we not tackling the problem of changing our constitution to ensure that we keep up with the scientific and technological improvements happening around the world?
My Lords, I am grateful to the Minister for her clear and convincing explanation of the need for this Bill, which I support. I have a possible interest as a beneficiary of the British Telecom pension scheme but, as it was a nationalised industry when I worked for it and our main preoccupation was the introduction of subscriber trunk dialling in the 1960s, I fear that much of my knowledge of the technical side of the telecommunications industry is 60 years out of date.
I mention in passing the report by the Delegated Powers and Regulatory Reform Committee, which says, on the power in Clause 3, that the committee is unconvinced by the department’s case and recommends a negative procedure for the code of practice. That seems to me to be a concession that the Government could consider. I noticed with approval the Minister’s conciliatory response when she spoke about the committee’s report.
There are three issues I want to raise briefly. The first concerns whether the Secretary of State’s directions and designations under the Bill are justiciable and whether issues of national security could end up being decided not by Ministers but by the courts. For example, could a potential supplier, such as Huawei, assert that there was no risk to national security in any ministerial designation, that decisions were being taken to protect domestic suppliers and that no reasonable Secretary of State could have reached such a conclusion and seek an injunction? In which case, despite the passage of the Bill, we would find that there was extensive and time-consuming litigation, during which time investment in telecoms infrastructure would be frozen and potential security issues would be ventilated in the courts. Can my noble friend say that every precaution has been taken to avoid such a scenario?
Related to this is whether the Secretary of State has to give reasons for his decisions. We are told in the Explanatory Notes:
“Designations and directions may only be made in the interests of national security.”
Paragraph 35 then sets out the factors that the Secretary of State will take into account, which presumably could give ammunition to a potential litigant. Subsection (5) of new Section 105Z1 of the Communications Act 2003 inserted by Clause 15 says:
“A designated vendor direction must specify … the reasons for the direction”.
However, the next subsection says that “specifying reasons” need not be given if it
“would be contrary to the interests of national security”,
while, in new subsection (2)(1) we are told that a direction can be given only
“in the interests of national security”.
So, we seem to be going round in circles. I wonder whether my noble friend can shed some light on this paradox.
My second question relates to responsibility for telecommunications security within the Government. The Explanatory Notes tell us:
“The security of telecoms infrastructure needs to be considered within an international context”
and we read how cyberwarfare is going to displace conventional warfare. The powers given to the Government in the Bill to protect the integrity of our communications network rest with DCMS but, at the moment, the Secretary of State is not on the National Security Council, which to me seems a surprising omission. The National Cyber Security Centre, whose work is central to the operation of the Bill, is part of GCHQ, which reports to the Foreign Secretary. The Cyber and Government Security Directorate sits within the Cabinet Office, leading on the co-ordination and delivery of the classified national security risk assessment, which assesses the most significant risks to the UK. When I answered Questions for the Cabinet Office in Your Lordships’ House, I had to answer Questions about Huawei—or, if I did not answer them, I at least replied to them. Finally, a significant proportion of telecommunications research is led and funded by the Department for Business, Energy and Industrial Strategy and its external bodies, such as UK Research and Innovation and Innovate UK, report to BEIS. Can my noble friend explain, perhaps in a letter, the inner wiring of responsibility for dealing with cyberwarfare between the FCDO, the Cabinet Office, the MoD, BEIS and DCMS?
My last point concerns the ambition to create one of the toughest security regimes in the world and set up the UK as a global leader in the telecoms supply chain, a point made by my noble friend Lady Morgan of Cotes. I very much welcome this. Other countries in the free world face the same challenges as the UK in protecting the integrity of their national networks and others are reducing their dependence on Huawei. So, there is a real opportunity here to win new markets, create fresh investment and employment in the UK on the back of this Bill and build back better. To what extent is the UK liaising with other countries to ensure that the standards—the codes of practice mentioned in the Bill—are recognised by other countries, so that the new supply chains that we plan to create in the UK enable us to penetrate new markets? Can my noble friend amplify what she told us in her letter of 2 June about the steps we are taking to set up the UK as a global leader in this field? What progress has been made in attracting new suppliers to the UK market? What is the follow-up to the telecoms diversification task force under my noble friend Lord Livingston? It reported in April with a wide range of recommendations: the co-ordination of government activity, a targeted international engagement strategy, joint working on standards and buy-in by other countries.
I conclude by quoting from that report—-:
“It is therefore essential that the UK coordinates its efforts with like-minded nations and focuses investment in areas that can succeed on an international, not national scale. … If the Government is to move the dial towards the UK’s long-term vision for the market, it will require buy-in and support from a critical mass of nations.”
I have not seen a government response to those thoughtful and wide-ranging recommendations. Perhaps, again in a letter, my noble friend could set out how we plan to build on the recommendations in that report.
With these comments, I wish my noble friend well as she pilots this Bill on to the statute book.
My Lords, I thank the Minister for her very fair introduction to the Bill. As a former member of Huawei’s international advisory board, I am somewhat conflicted in a discussion about the principles of the Bill, especially following the various twists and turns in government policy. I very much support the 5G supply chain diversification strategy, but the questions raised by my noble friend Lord Fox and the noble Lord, Lord Young, need to be answered. How it is progressing and where any financial support is going need to be the subjects of regular report by government, given that in the short term we are faced by a stark dual-supplier market.
As my noble friend Lord Fox has indicated, however, I want to focus on, and confine myself to, a debate about the wide-ranging new powers in the Bill for the Secretary of State and Ofcom and the lack of adequate checks and balances, especially in terms of oversight, whether parliamentary, judicial or, indeed, technical, which permeates the Bill. If there are going to be these extensive new powers, we need to make sure that they are exercised properly and with due process and consultation.
The Delegated Powers Committee report referred to by the noble Lord, Lord Young, is just the tip of the iceberg. It draws the attention of the House to the proposed new Section 105E of the Communications Act 2003, which gives the Secretary of State power to issue, revise or withdraw codes of practice about security measures that should be taken by providers in the performance of their duties to prevent security compromises. There is a duty to consult with Ofcom and providers but no oversight or approval role for Parliament.
I am glad to say that the committee, in the light of the importance of the code in assessing compliance and in enforcement by Ofcom, was unconvinced by the department’s claim that this was too detailed and technical, and “not legislative”. As the committee says,
“The Bill provides for codes of practice to play a significant role–both in relation to the exercise of OFCOM’s regulatory functions and in legal proceedings - in supplementing the important duties to take security measures that the Bill imposes on providers.”
“In our view, it is unacceptable for codes of practice that will have the significant statutory effects provided for in this Bill to be subject to no Parliamentary scrutiny procedure.”
I differ from the committee simply in that, in my view, the procedure to be adopted must, at minimum, be the affirmative procedure. As Comms Council UK has pointed out, Section 105E is not the only proposed new section which gives the Secretary of State extensive powers; there are others. Proposed new Section 105Z1, for example, gives power for the Secretary of State to outlaw the use of individual vendors, where there is potentially no parliamentary oversight, if the Secretary of State considers it would be contrary to national security—as has been referred to by other noble Lords. Surely that is exactly where oversight by the Intelligence and Security Committee, as the noble Lord, Lord West, has so cogently said, or by the Investigatory Powers Commissioner, as the Constitution Committee has suggested, would be not only appropriate but essential. The whole area of enforcement of compliance and, under proposed new Section 105Z27, as regards power to require information and the requirement not to disclose, needs similar oversight.
Nor is there any dedicated role for judicial oversight. Unlike similar legislation, such as that under Part 8 of the Investigatory Powers Act 2016, there are no provisions for judicial oversight of the Secretary of State’s powers. This is compounded by the fact that, under Clause 13, in any appeal to the Competition Appeal Tribunal, the tribunal cannot take account of the merits of a case against the Secretary of State, the rationale for which, as the Constitution Committee says,
“is unclear and is not justified in the Explanatory Notes.”
Can the Minister make a better fist of the explanation today?
With regard to Ofcom’s new powers to ensure compliance with security duties, as set out in the proposed new Section 105M, how will these relate to Ofcom’s existing powers under Sections 3 and 6 of the Communications Act 2003? Will this duty and the new powers Ofcom is being given still be subject to good regulatory practice so that, for example, it still must have regard to the principles of transparency, accountability, proportionality and consistency, and not impose unnecessary burdens? How will this fit in with the statement to be made by Ofcom under proposed new Section 105Y? What assurance can the Minister give? Will we see a draft during the passage of the Bill?
Similar considerations apply to the new Ofcom powers to assess compliance under Clause 6 and in regard to inspection notices under Clause 19. As the council has also pointed out, there are no clear mechanisms for technical feedback or expertise to be fed in. It observes that many of the technical requirements that will be placed on its members are not in the text of the Bill but in accompanying documents which are either yet to be published or are receiving very little scrutiny.
Already it is clear that, in the draft Electronic Communications (Security Measures) Regulations, which are to be made by virtue of the proposed new Sections 105B and 105D, giving the Secretary of State power to make regulations to require telecoms companies to take “specified security measures” and “in response to security compromises”, there are real issues with regard to provisions about patches and supply chains and definitions regarding audit and monitoring of foreign network operations centres, and it is not clear that expert technical industry comments are being taken on board. What further consultations are planned? Is this not exactly where a technical advisory board and/or panel, as under the 2016 Act, is needed? Will they even be subject to the affirmative procedure in Parliament?
This lack of clarity and transparency is causing a great deal of uncertainty within the industry. Measures are being proposed that are either technically unworkable or potentially damaging to the strength and health of the UK telecoms industry. Particular concerns arise for providers whose networks are not based purely in the UK and who do not have the relationships with the department, Ofcom and the NCSC that domestic providers may have if there is no structured consultation, oversight and update process when codes are being drawn up. BT itself says:
“we believe greater clarity is needed on OFCOM’s planned approach, with safeguards introduced in the Bill to ensure operator burdens are proportionate.”
It also makes the point that the flexibility in the Bill should not be used to bring forward any deadlines for removal of equipment. What assurance can the Minister give on this?
As well as concerns about the new powers, there is also concern reflected by the Constitution Committee about the width of crucial definitions such as “security compromise” and “connected security compromise” contained in the Bill, and the consequences that flow, particularly as regards planned outages and the need to make a clear distinction between reporting on security compromises and on resilience.
I think that I have gone into enough detail at this Second Reading to amply demonstrate that we have quite an amendment job ahead of us in Committee and on Report.
My Lords, I thank the noble Baroness, Lady Barran, for making time to see me and the noble Lord, Lord Forsyth, last week. The noble Lord is chairing his Select Committee this afternoon but intends to speak at later stages. By way of follow-up, the Minister will have seen the letter to her from the right honourable Sir Iain Duncan Smith MP, sent yesterday. Like them, I want to speak about human rights, which was referred to by the noble Lord, Lord Fox, and the strengthening of national resilience and diversification, referred to by the noble Baroness, Lady Morgan of Cotes.
On its front cover, the Bill begins with a declaration from the Minister referencing the Human Rights Act 1998 and stating that the Bill is compatible with the European Convention on Human Rights. The European Convention for the Protection of Human Rights and Fundamental Freedoms—to give it its full title—was originally proposed by Winston Churchill and drafted mainly by British lawyers, and it is based on the Universal Declaration of Human Rights. Among other things, the convention insists on the right to life, freedom from torture, freedom from slavery, the right to liberty, the right to a fair trial, the right to respect for family and private life, freedom of thought, conscience and religion, freedom of expression, freedom of assembly, the right to marry and start a family, the right to participate in free elections, and the abolition of the death penalty. In considering a Bill which has been framed to explicitly rule out, in 5G provision, the future involvement of a company with close links to the Chinese Communist Party but which enables other links with other companies, it needs to be restated that every single one of these articles are broken each and every day by the Chinese Communist Party, and that they affect citizens outside its territory as well.
Although the Government may say that the ECHR is not the instrument with which to test their commitment to human rights, the compatibility statement should be read in line with other international law obligations, not least the prohibition on violating peremptory norms of international law, genocide, crimes against humanity, slavery and torture. The UK is, of course, a signatory to the 1948 Convention on the Prevention and Punishment of the Crime of Genocide and is bound by its own law on modern slavery. All provisions of customary international law and conventional law are binding on the UK Government, so we need to know what due diligence has been undertaken when considering their duty to prohibit and prevent genocide, along with the commissioning of other grave crimes.
The inadequacy of the compatibility statements led to an amendment to create a human rights threshold being tabled to the Telecommunications Infrastructure Bill. Later, in the Trade Bill, the House voted overwhelmingly for the all-party genocide amendment. Perhaps the Minister can say what has happened to the promised committee to examine genocide determination. In this context, the Joint Committee on Human Rights should re-examine the purpose of those declarations.
One year ago, the Minister pointed me to Section 54 of the Modern Slavery Act, and she will recall promises to examine supply chain transparency and export controls. As I was assured:
“The Home Office keeps compliance under active review.”
Supply-chain transparency has been referred to in our debate by the noble Lord, Lord Young of Cookham, and the noble Baroness, Lady Morgan of Cotes. In the absence of any progress on that promise to tackle the issue of supply-chain transparency, on 15 June I presented a Private Member’s Bill in your Lordships’ House to amend the Modern Slavery Act. To honour the Government’s undertaking, perhaps the Minister will consider adopting that Bill and providing it with parliamentary time.
Although this legislation is not specifically about China or Huawei, those were the country and company that have featured heavily in our debates. I welcome the explicit references to Huawei in the illustrative draft designation notices and designated-vendor direction to which the noble Baroness, Lady Barran, referred in her introductory remarks.
The situation in Xinjiang has not improved. The Government continue to say there are
“systematic human rights violations in Xinjiang, including credible and growing reports of forced labour”,
and the Foreign Secretary says this is “on an industrial scale.”
In 2019 and 2020, I specifically asked about Huawei’s compliance with the Modern Slavery Act and drew attention to China’s national intelligence law requiring Chinese organisations such as Huawei to support, assist and co-operate with state intelligence work. I also asked about reports that UK investors hold shares totalling £800 million in companies that supply CCTV and facial-recognition technology used to track Uighur Muslims in Xinjiang. The Government admitted that they were aware of those reports but complacently said they had
“not undertaken analysis of British investor shareholdings in Chinese surveillance companies.”
Meanwhile, however, Foreign Office Ministers were telling me the department had
“serious concerns about the human rights situation in Xinjiang, including extensive and invasive surveillance targeting Uyghurs and other ethnic minorities. An extensive body of open source evidence suggests such surveillance, including the use of facial recognition technology, plays a central role in the restrictive measures imposed in the region.”
The House should recall that the House of Commons Foreign Affairs Select Committee wrote to the Foreign Secretary, Dominic Raab, urging him to
“cease consideration of Huawei as a contractor or partner for the UK’s 5G infrastructure until investigations have been conducted into Huawei’s work in Xinjiang and its relationship to the mass persecution”.
Has that investigation taken place, and what were the conclusions?
Professor Adrian Zenz, a German scholar who recently gave evidence to the independent Uyghur Tribunal, says:
“Huawei is directly implicated in Beijing police state and related human rights violations in Xinjiang … it has lied to the public about this … In 2014, Huawei received an award from Xinjiang’s Ministry of Public Security for its role in establishing citywide surveillance systems.”
Professor Zenz says that Xinjiang represents
“the largest detention of an ethno-religious minority since World War II.”
The Australian Strategic Policy Institute meticulously details the global expansion of 23 key Chinese technology companies. One of its researchers, Vicky Xu, says the idea that Huawei is not working directly with the local governments in Xinjiang is “just straight-up nonsense”.
Since the Second Reading of this Bill in the Commons last November, there have been a number of developments that make it even more important to address the implications of being joined at the hip with any company operating under the auspices of the CCP. How do we justify deepening trade relations, as the noble Lord, Lord Grimstone, has told us he is seeking to do, with a country found by the House of Commons, in a vote on 22 April, to be complicit in events in Xinjiang where a genocide is under way? That was a vote in the House of Commons. It is not just my view or that of a group of human rights advocates; it is a view reached by the Commons. What action have we taken following that vote?
Last month, following that vote, Amnesty International issued a devastating report detailing arbitrary detention, forced indoctrination, torture, mass surveillance and crimes against humanity while the Daily Telegraph recently carried major first-hand reports from Xinjiang, including the destruction of 16,000 mosques. Harrowing evidence has been given to the independent Uyghur Tribunal, chaired by Sir Geoffrey Nice QC, some of whose sessions I was able to attend with the noble Baroness, Lady Kennedy of The Shaws, and whose brave witnesses and their families are now experiencing threats and intimidation.
If we add to the charge sheet reports of forced organ harvesting and the destruction of the rule of law, free speech and democracy in Hong Kong, along with the outrageous incarceration of legislators, lawyers, journalists, and campaigners, it is obvious that as well as security questions the House should give close attention to the human rights dimensions of this Bill. Although Huawei equipment in respect of 5G must be removed by 2027, and since the beginning of the year there have been prohibitions on purchasing any Huawei equipment, I hope we will probe how the installation prohibition will work from September and whether companies have been purchasing stockpiles with the intention of installing such equipment until 2027. How will the Government monitor this? Will some parts of the network—the most sensitive parts—be prioritised?
Earlier this month the Sunday Telegraph revealed that UK local authorities will review contracts for CCTV equipment from Hikvision, a Chinese tech firm that makes cameras used to monitor Uighur Muslims in China’s detention camps. The company is blacklisted in the United States but not here. This weekend the Washington Post reported on how Hikvision had recruited former legislators to extend its power and influence despite President Biden banning Americans from investing in the company, citing its links to the Chinese military. The UK is not immune to the influence of organisations such as The 48 Group Club, with a network of links to former and current politicians—including one who now publicly urges us to tone down our criticism of the treatment of Uighurs.
Beyond such influence, the role of hidden cameras was dramatically illustrated last week, as others have said, from the office of the former Secretary of State for Health. Yesterday the Lord Speaker wrote to us all saying that there are several hundred CCTV cameras in Parliament. I hope that in Committee we will consider the implications for civil liberties of placing such power in the hands of companies that install or own these cameras.
We should also consider the implications for security of giving such power to a regime intent on the overthrow of parliamentary democracy and which makes no secret of its goal of global hegemony. The hidden hands on the levers of power was a theme explored by the admirable Dr Julian Lewis MP, chair of the Intelligence and Security Committee, at Second Reading in the Commons. He asked
“in view of the revolving door, via which too many businessmen and ex-civil servants effortlessly glide between their former roles and the Huawei boardroom, what assurance can we have that the Government will be immune from lobbying campaigns by those on the payroll of high-risk vendors?”—[Official Report, Commons, 30/11/20; col. 84.]
That question was not answered in the Commons, and I would like to hear the Minister’s opinion on it. I have another question that I shall ask her directly: why have not we, like the United States, banned Hikvision? The company has been accused of helping to build the CCP’s surveillance state and profiting from human rights abuses. Does the Minister agree with that description or not? What will the Bill do to take back control of CCTV equipment in our high streets, public buildings and even government offices?
I shall speak briefly about the implications of this Bill for diversification and national resilience. During the Commons stages, Oliver Dowden, the Secretary of State, said the Bill recognises that there are real threats to the UK’s security and interests, a point that my noble and gallant friend Lord Stirrup explored in his excellent speech. I welcome what Oliver Dowden and my noble and gallant friend have said about security and diversification. In addition to the diversification of telecoms to companies such as Ericsson and Samsung, is that not a principle that should be applied across government?
I will give two brief examples. In May, I asked how many Covid lateral flow tests we had bought from China. The answer was a staggering 1 billion—not 1 million but 1 billion. The Government declined to say how much they had cost taxpayers or to reveal the names of the companies involved, saying “It’s commercially sensitive”. I tabled a further Question asking why we could not be told how much 1 billion lateral flow tests had cost us and which companies had carried out that trade. Are we seriously saying that we could not have used taxpayers’ money to make those tests in the UK and to give British workers jobs doing it?
My second example raises equally troubling issues. I was recently contacted by a librarian in Wigan, a lady of 34 years’ standing, who has been suspended after using social media to criticise her council’s decision to award redevelopment contracts to Chinese companies. She was fearful that they might have links to Xinjiang.
The Communities Secretary, Robert Jenrick, should require all local authorities to provide details of such deals, and demand to see whether subsidised lowest bids for council developments have undercut unsubsidised UK companies, just as has happened in the telecommunications sector.
The persistent breaking of WTO rules on subsidies and competitions has enabled CCP dominance in telecoms, and now it is happening in other sectors as well. The Minister should tell us when we are going to raise this at the WTO and across Whitehall. Does he personally believe that it is ever licit or right to deepen trade with a country credibly accused of the crime-above-all-crimes: genocide. Diversification, national resilience and the upholding of our values, especially on fundamental human rights, are all reflected in the way we trade. Genocide is a line we should never cross. I support the Second Reading of this Bill today. I hope to return to these and other issues when we get to Committee and later stages.
My Lords, it is a privilege to speak after my noble friend Lord Alton, following his extraordinary commitment to the Uighur community and to issues of human rights. I too will speak in support of this hugely important and timely Bill.
The UK stands at a reset moment in an increasingly changing world. We have delivered on Brexit, confronted a global pandemic and have an ambitious levelling-up agenda. It is in this context that we are looking now to empower those who have been left behind, revolutionise our critical information infrastructure with the rollout of 5G and see us become a more prosperous and innovative nation. Yet, as we get ready to build back better, it is also time for a rethink of our geopolitical, strategic and technological approaches to make a more honest assessment of the world we find ourselves in, ensuring that we harness the opportunity to become stronger, safer and more prosperous than before.
I support this Bill, as it is the first of many steps that will be needed in adapting to our changing geopolitical landscape. The provisions in the Bill are necessary, as we need to act quickly to ensure our security apparatus is configured for today’s challenges. According to MI5, the UK has at least 20 foreign intelligence services actively operating against the UK’s interests. The Government’s own telecoms supply chain review, published by DCMS in 2019, found that the telecoms market was not working in a way that incentivised good cybersecurity. In its October 2020 report, the Defence Committee concluded that the current 5G regulatory situation for network security was “outdated and unsatisfactory”.
We have a world-class security and intelligence community but, as we enter this new era, we must accept that enabling it to adapt to emerging threats will be the defining feature of its success. This Bill needs to mark a national security turning point, where key infrastructure decisions are based on fact-based risk assessments, and not on commercial or political convenience.
This Bill also recognises the threat posed by high-risk vendors such as Huawei. We have known that Huawei is a security risk since 2013. A report from the Intelligence and Security Committee concluded back then that Huawei posed a risk to national security and that private providers were responsible for ensuring the security of the UK telecoms network.
According to Ofcom, Huawei accounted for about 44% of the equipment to provide superfast full-fibre connections directly to homes, offices and other buildings in the UK. Although it is not in the text of the Bill, the Government have now accepted, as we have already heard, that 2027 needs to be the end point for Huawei as a provider. This is an important moment in taking back our information technology sovereignty.
The reason behind this is clear. We have entered into a new era of geopolitics, with the battle for control of information technology at the forefront. The recent integrated review acknowledged that China’s growing international stature was by far the most significant geopolitical factor in the world today, with major implications for British values and interests and for the structure and shape of the international order. It recognised China as the biggest state-based threat to the UK’s economic security. Yet that same review remains ambivalent as to the action we should take. We need to rethink our relationship with China into a more robust foreign policy strategy that prioritises both our security and our sovereignty.
While I support this Bill, there is more that needs to be done. There needs to be a more formal structure embedded in the Bill with regard to the powers given to Ofcom and the Secretary of State, as other noble Lords have said. Could the Minister outline what powers the Government intend that Ofcom and the Secretary of State should have, and how they will work with the ISC and the security sector to ensure accountability and to ensure national security is not compromised through lobbying?
Even beyond the Bill, we also need to invest in diversifying competition. As part of this Government’s ambitious levelling-up agenda, they have promised the nationwide rollout of 5G across Britain. But we have become hamstrung by our dependence on Huawei for this critical infrastructure. It did not need to be this way. This situation has been constantly described as a “market failure”, but it was not really a market failure. The failure was in the reality of one country breaking WTO rules on subsidies. The key problem has been that China has subsidised its providers dramatically, destroying the market over the past 10 years.
The diversification of our telecoms network, working in close partnership with our Five Eyes allies, needs to be a priority for this Government and an integral part of Ofcom’s reporting. When we genuinely open up the market to competitors, we create the environment for the innovation and dynamism that will be required as we move into the next quarter of the 21st century.
Huawei, however, needs to be stripped out quicker. While it is encouraging to see that the Government have set the 2027 target as the date by which Huawei should no longer be a provider, we cannot afford to wait until 2027 to remove Huawei from our existing networks. The process of removing Huawei’s influence from the UK is an extensive task, but an absolutely necessary one.
The Government should take the opportunity to consider other high-risk vendors such as TikTok and other companies operating here. This problem goes beyond Huawei. We face the existential question of how we coexist in a world with a technological superpower that does not share the same values of privacy of personal information, freedom of speech and democracy.
Chinese national intelligence laws dictate that private companies must share their data, when asked, with the CCP. The White House has sanctioned 11 Chinese companies, including suppliers to Apple, Google, HP and Microsoft. The list features companies that work with major fashion brands, along with technology giants such as Amazon, according to a report by the Australian Strategic Policy Institute. I would like to ask the Minister what assessment the Government have made of other high-risk vendors that could compromise UK citizens’ safety and security due to reporting requirements that exist in China.
Although this Bill encompasses all security threats and high-risk vendors, it is impossible not to address the need for a reshaping of our relationship with China. That country has overtaken Germany to become the UK’s biggest single import market for the first time since records began. The worth of goods imported from China rose 66% from the start of 2018 to £16.9 billion in the first quarter of this year. As we witness events in Hong Kong, which absolutely break my heart, because I used to live there, and we learn more about the ongoing genocide against the Uighur people, observe the breaking of WTO protocols in ongoing trade wars with our closest allies and uncover espionage across our universities, tech and innovation sectors, it is perplexing to me that we continue to sit on the fence.
The much-vaunted belt and road initiative has united authoritarian leaders across Eurasia in providing a forum to plan strategically, without being held back by discussions of human rights, freedom of speech or rule of law. It is in that policy programme that China’s tech giants, such as Huawei, export their communications infrastructure. I would encourage us to take the lead in the build back better world initiative, as discussed in the G7, to create stronger diplomatic alliances across Africa and the developing world but also to facilitate a viable alternative to the belt and road initiative, which threatens our geopolitical and economic security. The UK also needs to strengthen its ties with its Five Eyes allies and south Asian neighbours in the region such as Japan, India and South Korea, as well as approaching this issue with our European friends.
Safety and security is the first building block for the prosperity of a nation. Without secure defence measures at the heart of our critical infrastructure and online, our country runs the risk of opening itself up to foreign intelligence working against our nation’s interests. This Bill is an important step to creating that foundation, and I encourage the Government to use its passage to ensure that the foundation is as strong as possible.
My Lords, it is a pleasure to follow the noble Baroness, Lady Stroud. I find myself in agreement with everything that she said.
Anything that improves the security of our tele- communications systems must be welcome, so I support this Bill, but I think it misses a golden opportunity. Telecommunications security covers a wide range of risks: from the resilience of the system to risks such as weather or power outages, through resilience to malicious attacks from hostile states or criminals, to the misuse of systems to access, alter or destroy data. From a consumer point of view, all those are really important, but the one security risk that impacts on people’s daily lives the most is the misuse of telecommunications networks and services by criminals and, apparently, by certain states, to facilitate fraud.
I explained during Second Reading of the Online Safety Bill that fraud is so widespread because it is easy, and it is easy because there is no incentive for a whole range of service providers to take the necessary steps to stop it. Those service providers include the search engines and social media companies, web-hosting companies, banks and more, but the list also includes telecommunications companies, which in effect facilitate fraud through three key weaknesses.
First, the most serious weakness is when a criminal is able to convince the service provider to transfer someone’s phone number so that they can control it. This is known as sim-swap fraud, which gives the criminal complete access to the victim’s emails, bank accounts, one-time passwords, contacts and so on. Indeed, with the ever-growing list of things that we can access and control from our phones, it could also give access to our front-door locks, our burglar alarms, our cars, which can now be unlocked and started by phone, and more. In fact, imagine the possibilities for criminals once we have genuinely self-driving cars all connected by 5G.
The second security weakness that telecommunications companies are allowing is the falsifying of caller IDs, when a criminal is able to appear to be calling or texting from a legitimate number, such as a bank or HMRC. As a result, the victim, believing the call to be genuine, is persuaded to provide bank details or transfer money.
The third security issue is allowing criminals to send out bulk malicious texts and calls using the networks, often in conjunction with false caller IDs. We are all bombarded with these all the time. I received one that I had not heard before just this morning; apparently, my national insurance number is being used for criminal purposes, and I must call the number or I shall have my assets seized and be arrested—so there we go. The calls can lead to fraud being perpetrated, and texts can include links that result in malware being loaded on to the victim’s phone, which allows access to emails and bank accounts. As well as fraud, they cause very real anxiety, yet we seem to have to accept them as an irritant of modern life. I probably receive more fraud calls than genuine ones, which might be a reflection on my social life. I have not been able to find any reliable statistics, but it seems that at least a material proportion of all calls and texts made over the networks are fraudulent.
This Bill seems to be a perfect opportunity to try to make life harder for the criminals who are exploiting mobile phone networks and services to perpetrate fraud. The best way in which to do this is to provide a real incentive for the telecommunications providers to prevent it; they should be liable for the penalties—although I hesitate to use that word, given what is happening in an hour or so—and for the losses incurred as a result of allowing the service to be misused, unless they have taken reasonable action to prevent it. At the moment, it is arguably in the telecommunications companies’ interests to allow the activities to continue, as they are being paid by the criminals for all the calls and texts.
Reading the Bill, I find myself unsure as to whether it covers these types of risks or not. I understand from a letter that I received from the Minister earlier today that it is not intended to, although I think that it could with not much change. Her letter, for which I am grateful, only refers to the issue of fraudulent calls and texts; it does not cover the other risks that I have mentioned. Clause 1 introduces a duty on communications networks and service providers to take measures to identify and reduce the risks of security compromises occurring. It then goes on to define what a security compromise is, with a pretty wide range of definitions. Among them, new subsection (2)(f) refers to
“anything that occurs in connection with the network or service and causes any data stored by electronic means to be … lost … unintentionally altered; or … altered otherwise than by or with the permission of the person holding the data”.
As far as I can see, nothing in the Bill limits security compromise to those that come from hostile states, and that is a good thing, since security compromise could well come from criminals. The risks that I have described do occur in connection with the network or the service, and they may cause electronically stored data to be lost or altered. So on my first reading, it appears that the risks that I have described may be covered or could easily be covered in the Bill if a suitable code of practice was issued.
In passing, on that subject, I share the concerns raised by the Delegated Powers and Regulatory Reform Committee that the codes of practice will not be subject to meaningful parliamentary scrutiny.
If the security risks that I have described are not intended to be covered by the Bill, we are missing a golden opportunity to make it harder for criminals to use our communications networks and services to perpetrate fraud on consumers. The Government are planning to produce a fraud action plan, but not until after the spending review. In the meantime, people will continue to lose their money, with all the mental and personal impacts that brings. It may not currently be intended to do this, but this Bill with very little change could be used to cut off one of the major facilitators of fraud with very little delay. Would the Minister be willing to consider how the Bill could be amended to meet that goal, and would she be willing to meet to discuss what actions we can take to safeguard users of the services from criminal misuse of telecommunications networks or services?
My Lords, I am grateful to have the opportunity to take part in this important debate. This Bill is, broadly speaking, uncontroversial. No one would seek to oppose legislation that makes our telecommunications networks in the UK more secure. Certainly, if one looks at the debates in the other place, amendments were very few and far between, and they were tweaking amendments rather than fundamental.
It is a great pleasure to follow the noble Lord, Lord Vaux, and I have a great deal of sympathy with what he said about combating online scams; whether the Bill can be used as a method to test the Government’s resolve in combating this issue remains to be seen. I certainly recall when I was the telecoms Minister working closely with Ofcom and the Information Commissioner’s Office to try to combat nuisance calls. There are a variety of factors in play in trying to combat this kind of plague. One is the willingness of the regulators to roll up their sleeves and get their hands dirty in carrying out prosecutions, and another is certainly technology solutions, which can and should be encouraged by all the operators.
The third—the noble Lord referred to the Government’s review of action on fraud—is a much wider landscape approach from the Government on how to combat this. For example—and this is no criticism of the police—it seems to me that we still have a Victorian police structure in the 21st century. We should be thinking about leaning in and recruiting cyber specialists far more effectively to work in the police force to combat these kinds of crimes, not simply bringing people to justice but combating this kind of work on the network.
I will begin with one of the elements that lies behind this Bill: the concern over Huawei and its presence in our telecoms network. Many noble Lords have set out strong views on Huawei and the Chinese industry in general during this debate. I was particularly struck by the excellent speech of my noble friend Lady Stroud. When I was a Minister, I worked closely with Huawei, in the sense that we had in place a protocol with the security services to check the kind of equipment Huawei was installing in the networks. It was a transparent process; nobody was pretending that Huawei was not involved in selling equipment to our telecoms providers, nor that it was not being installed in the UK telecoms networks. That equipment was reviewed in a very transparent way and Huawei was forced to put in place a UK board made up of UK citizens to supervise its work.
While I wholly condemn Chinese behaviour as far as the Uighurs and Hong Kong are concerned, one should be cautious in assuming that every piece of Chinese commercial activity is somehow linked to espionage. I certainly do not think that, when one of my children uses TikTok, they are somehow being caught by the Chinese state. There is some irony that we often debate these issues while looking at our iPhones, which of course are manufactured in China, or perhaps using a Dell laptop supplied by the Parliamentary Estate, which has been made in China as well. One must be open-eyed and transparent about this, but not assume that everything coming from China will undermine our national security. Nevertheless, I wholly agree with my noble friend that one of the problems with Huawei was that it was effectively an unfair competition. Our markets are much more open to foreign investment than the Chinese market, and Huawei was certainly heavily subsidised by the Chinese state, so a pushback in that sense is very welcome.
The key to this Bill is ensuring that we have secure telecoms infrastructure, and I echo the remarks of noble Lords about the general resilience of our infra- structure. It is not only state actors who can provide malign effects on it; we have only to look at the recent SolarWinds attack on a critical piece of US infrastructure to see how easy it is for criminal groups, sometimes tacitly supported by the states in which they reside, to attack our networks. To make those as robust and secure as possible must be an absolute priority for the Government as we move more and more into the digital age.
It is quite right that this Bill comes forward to put security duties on our telecoms companies for the first time. I note that the detail of those security duties will be contained in regulations and hope that the Minister will bring us up to date on how those regulations are progressing. I also note that Ofcom will take a key role in overseeing how those duties are fulfilled, working closely with the National Cyber Security Centre. I am delighted to see that Ofcom’s budget has been increased to take account of those new duties.
Given the recent political furore over Ofcom, this is a useful reminder that it is not a political regulator; it is a boring but essential regulator that carries out vital work to keep our network secure and our communication markets competitive. I hope the Government take that point on board and give Ofcom as much freedom as possible to carry on doing the excellent work it has done for some 20 years. Ofcom is working more and more with other regulators such as the Information Commissioner’s Office and the Competition and Markets Authority. This is partly out of necessity, because to hire the talent that these regulators need, they will sometimes now have to hire employees who work across all three regulators. It is an illustration of how regulation is becoming more and more intertwined.
With that in mind, I hope that the Minister will bring us up to date on how Ofcom is working with other regulators to keep all our essential infrastructure secure—and with regulators across the world, because this affects us all, particularly western democracies. I also hope the important work carried out by the noble Lord, Lord Livingston, on supply chain diversification will be leaned into. I particularly support his call for government-sponsored research into how open RAN networks can play a vital role.
Finally, can the Minister bring us up to date on how well new vendors are doing in coming into the market? With Huawei effectively expelled from our market over the next five years, I hope we will see many more European vendors able to take up the slack and provide the equipment that our infrastructure providers need.
My Lords, this Bill is generally welcomed and very well intentioned, but it really lacks any effective parliamentary or judicial oversight, as has been quite forcefully pointed out. I agree with everything the noble Lord, Lord West, said on this issue. We should use the ISC for this. As regards the excuse that designating a vendor or something might leak too early, it will leak anyway—something as big as that will be all over the place in five minutes.
This is not without cost and pain, and we are already seeing it. The Government have already revised their target for rolling out full fibre from 100% coverage to only 85% by 2025. The disruption caused by a rule to, say, extract Huawei or anything from the network has far-reaching consequences. After all, way back at the end of the 1990s, I think, we gave the contract for redoing the BT 21st Century Network to Huawei and not Marconi. We bankrupted a British company and gave it to China. That decision was taken a long time ago, so it is embedded in all our ordinary telecoms at the moment—not 5G, but the ordinary stuff that our telecoms are running over. We must be careful about this revising down of our targets, because it will affect our global competitiveness. We must be careful not to cut off our nose to spite our face. It is very easy to take a high moral stand, but at the end of the day we also have to survive on the global stage.
What this Bill does may be very effective for blocking foreign access, in trying to ring-fence the UK, but we could also create a single point of failure if we are not careful. There are not many suppliers of equipment of the type that will run the backbone of the internet. We are basically talking about Cisco and Huawei; Samsung also has a whole load of stuff out there; there are a whole lot of others—such as Nokia, Juniper and Hewlett Packard Enterprise—but nothing is quite as big as Cisco and Huawei. One of our problems is knowing whether Cisco is okay; some of its components, such as motherboards and other things, are manufactured in China. With the global supply chain, it is not as simple as it seems.
The second thing that worries me is this assumption that, just because we do not have Chinese equipment in the UK network, we are safe. First, China is not necessarily the only one interested in what we get up to; when you get into trade wars, many people who may appear to be our allies are maybe not on our side entirely when we are negotiating international contracts, so we should be careful of that. The other thing is that, if we create a monolith with one supplier—it does not matter who it does not include—it is vulnerable. The way the internet works at the moment is that, if you have multiple suppliers sitting in Britain, it does not matter whether they are hostile or not. Routing over the internet is inherently vulnerable because of the way it is constructed. However, it splits your message up into lots of packets that go over different routes. If they are going through lots of different people’s equipment, it is impossible for any of them to get the whole message; if it is all with one supplier, there might be technical ways they could do it. Funnily enough, one of the better security solutions is to mix them all together and keep it that way.
Next, there is a lot about trying to have the right rules and regulations and all that, but ensuring best practice cannot guarantee network security. Our current communications network has grown like Topsy; it is a mixture and mishmash of digital infrastructures all sitting on top of a whole lot of analogue stuff. It is very complex, with lots of ill-defined interfaces sitting in there. If you are going to start ripping some of it out and say that we have to do it by a deadline, you need to know what is there before you do it. This means we will have to maintain very accurate and secure databases—otherwise that is a vulnerability—probably down to component level, but certainly batch level, of what is in there, so that if you suddenly discover a vulnerability somewhere, you can get the other stuff out as well. We must do this categorisation of our assets in the network. That in itself is a security risk because it is very interesting to a foreign supplier, so that part of it is very difficult.
As for Ofcom—I am interested in this—we need some further clarity on how it will interpret the legislation, impose penalties and all the bits and pieces like that. The manner in which it develops its role as regulator will be vital for it to be a success, and how it decides what the significant risks are will be very important. On my noble friend Lord Vaux’s point, I have been told by someone that Ofcom’s reach could be extended because the legislation is very generally written to cover services—for instance, they were talking about banking fraud—and public electronic systems. In fact, it could drag in non-telcos, because they are services. It is not just about the hardware and equipment behind it, though it all started off with Huawei. There is a lack of clarity.
Someone had a very good idea, which has been adopted for some fintech stuff, that we could maybe have sandpits, where new entrants to the market could develop new stuff—new equipment, et cetera—and try out their ideas in a realistic environment to make sure that they are okay and will work before they put them into the network, if it is a secure network. I think that is a very good idea. Another very good idea put to me is that we should have the assistance of an independent commissioner and a technical panel overseen by Parliament and the judiciary. It is needed here. This model is used by the ICO and would probably be very helpful, so I would like it considered.
My Lords, I should perhaps declare my position as the co-chair of the All-Party Parliamentary Group on Hong Kong. I will begin with a short list of things to agree with. I very much agree with the comments of the noble Lord, Lord Fox—not currently in his place—and particularly his remarks about privacy. I associate myself very much with the remarks of the noble Lord, Lord Alton of Liverpool. When we are talking about trade and commerce, we have to think about the human rights aspects as well. That and the environment, as in the Environment Bill, all interlinks together. The targeting of the Uighurs—the situation in what the locals called Altishahr—is a situation of genocide, and we simply cannot stand by.
To finish the tick list of issues that were covered in the other place and that a number of noble Lords have also covered, once again we find ourselves, as we do on pretty much every Bill, saying that there is not adequate scrutiny of the Secretary of State’s powers. Whether Ofcom will have the resources to complete the role foreseen for it in the Bill is a very familiar story. We also do not have sufficient consultation with devolved Governments written into the Bill.
However, I want to start today’s remarks with a bit of a longue durée perspective, an overview, because we are once again in the context of privatisation. We are talking about what used to a public service run for public good—our telecoms network—which was, for ideological reasons, handed over to the private sector through a privatisation that has been allowed to become a wild west. Now we are trying—to coin a phrase—to take back control of that wild west. It is increasingly clear, and the Government are acknowledging this by actions if not words, that telecoms are now an essential service or a utility just as much as water or energy supplies are, and that we need to think about these issues for a larger future and about running them for public good, not private profit.
I will focus particularly on Clause 1 of the Bill, which amends Section 105 of the Communications Act. The focus here is on compromising security. The noble Baroness, Lady Morgan, and the noble Lord, Lord Vaizey, among others, talked about the idea of security being comprehensive. Indeed, new subsection (2)(a) says that a security compromise is
“anything that compromises the availability, performance or functionality of the network or service”.
To think about what might compromise our services, I invite noble Lords to look across at America right at this moment: there is a massive, record heat wave. To cite one set of figures, the city of Portland has had three days in which it has broken record temperatures—not by points of degrees but by degrees. Today, the top temperature in Portland is 46.6 degrees Celsius. For those who prefer a more old-fashioned system, like the Americans, that is 116 degrees Fahrenheit. The infrastructure is melting in a very literal sense. You have what are being described as non-linear and threshold effects, where systems go utterly, totally and completely down because they just cannot cope with the environmental conditions.
Looking back to new Clause 1(2)(a) on compromising
“the availability, performance or functionality of the network”,
I agree with Boris Johnson, who said as he was chairing the UN Security Council earlier this year that climate change is a threat to our security. It seems to me very clear that the Bill should tackle these kinds of issues. I ask the Minister: do the Government regard it in this way? If they do not, what other steps are the Government taking to tackle these issues?
I stress that I have seen this first hand, not just in distant structures. I happened to be in Lancaster a few days after it was affected by very serious floods—well, the flooding was not that serious; what was really serious was that it took out the city’s electricity supplies for about two and a half days. When I saw the people about a week or so later, the city was shocked about all the effects that no one had really thought of. Nearly all the student accommodation had electric security doors; with no electricity you have a massive access problem. In a flood, you normally put people into emergency accommodation in hotels, but with electronic key cards there is no access to hotel rooms without electricity. Of course, the cash machines went down, and the pumps did not work at petrol stations.
I come to a broader question about security and telecoms, and indeed our whole increasingly digitalised world. I think we are all agreed that this is a fairly small and modest Bill, but we also know that the Government are planning what is being described as an internet of things Bill; I believe it is called the product security and telecoms infrastructure Bill. These are big, existential issues about our security, our survival and the ability of our basic systems to function—to provide people with food, water and the essentials they need. I think this is an ideal time to ask the Government whether they have really considered how much IT, telecoms and digital integration we actually need. I refer here to the words of the noble and gallant Lord, Lord Stirrup; he said we cannot assume that any attack will fail. The kind of breakdowns I am talking about are not necessarily an attack in those terms, but they can be absolutely disastrous, as Lancaster illustrated.
Yesterday, in debating the Environment Bill, the noble Lord, Lord Berkeley, talking about damage to the environment, said that the first question we should ask is: do we actually need the thing we are building that is destroying the environment? We really have to ask about the digitisation of our society, the incorporation of everything linked together through 5G. Do we actually need these linkages, and what vulnerabilities are they creating? That is the main point I want to make, but I shall pick up a couple of other small points.
I forget which noble Lord said that what we have now is a situation of market failure. The Government are saying explicitly, associated with the Bill, that they have a diversification strategy to see that we have more different producers and suppliers. Are the Government looking at direct research funding—direct support for that kind of diversification? Market failure has got us into the situation where there is very little diversity, and relying on the market to fix that is, I suggest, very difficult and will not necessarily be successful. I point out that if we go back to the origins of all the things that got us to this point today, it was government funding that created the TCP/IP protocol and that funded the people whose research created the world wide web. We really have to think about ensuring that we put government funds into things if we really believe that they are needed.
That is pretty well all I wanted to say, but I have one final thought, coming back to the issue of resilience. We are in a situation now of huge supply problems. We are talking about not allowing certain supplies into the country, but we have a global chip shortage. I am relying on anecdote here, but I have a friend who is a manager in a fairly large public service and who simply is not able to upgrade the wi-fi because it is impossible to get the technology, to buy the bits of kit needed to do that, because of the chip shortage. Going beyond anecdote, there was a report in the Financial Times quoting the major infrastructure manufacturing company, Flex, which says that this chip shortage is likely to continue for another year. We are stuck in a situation where we have very fragile, just-in-time, complex supply chains, we are saying there are companies we cannot use any more, and we are in a situation where resilience needs to be thought about a great deal more.
My Lords, one of the great advantages of speaking late in a debate is that virtually everything has been said. I just want to light on a couple of things that have been said but I think could be said again.
First, I welcome the Bill. It is a useful Bill, but I do not think we should exaggerate where it is going to take us. At most, it covers a few bases. I was very pleased to hear the contribution of my good friend, the noble Lord, Lord Alton, because we do need to start looking much more carefully at the human rights and social practices in the countries we are buying from. The fact that it will take until 2027 for Huawei to be eliminated from our system shows just how interdependent we have become in this very small area, and how inter- dependent the whole world is becoming.
I was recently on a conference call with some people in Taiwan. One of the advantages that Taiwan has in its stand-off with China is Taiwan’s production of chips, just mentioned by the noble Baroness. The interdependence of this technological world is now really quite enormous. My concern, looking at the Bill, is that it is fine for us but it does not actually advance our security outside the United Kingdom.
Some years ago, when I was in a different party from the one I am in now, I was given the job of being defence spokesperson for the Labour Party in the European Parliament. If there were ever a non-job, that was it, because of course the European Parliament had no defence capacity whatever, and at that time the Labour Party thought that anything more advanced than a bow and arrow was not really an acceptable means of defence anyway. John Smith rescued me and I became, for my sins, the first leader of the European Parliament delegation to NATO—or the NATO Parliamentary Assembly, to be exact. One thing we had to look at there was the list of prohibited exports. If we are to safeguard our future, we will have to look again at getting like-minded countries together to look at how we can restrict the export of certain technology. It is going to be even more difficult now because technology is much more a worldwide thing.
There is a tremendous fragmentation of views in Europe. Germany still thinks it should be co-operating with China. It still thinks that the business side is more important than the human rights or the social side, but we have to bring the Germans back on board. We cannot force them; we do not have any levers any more. In fact, now that we are not in a place that is never mentioned any more in this Chamber, we do not even meet them in political co-operation. We do not meet them, and we never really understood how important it was that, on a regular basis, all our Ministers met European Ministers to exchange views, to keep up to date and just to keep knowing each another. We never seemed to grasp that and we have now lost it. Everything we do can move forward only if we can carry other people with us.
I make no excuse whatever for saying, as I have said in this Chamber several times before, that China is going to be the main threat, probably for the next 50 years, and it is going to get worse. We have to get ourselves a foreign policy that actually makes sense. A foreign policy that concentrates on a country with the GDP of Italy and the social organisation of, let us say, southern Italy—namely, Russia—is not the way forward. These people have to somehow be brought on board and that is what I, in my own small way in the Council of Europe, as a delegate, tried to do—to intervene in this huge debate that is going on in Russia: should we look west, should we look east? That is a debate, but at least it is a debate: it is not a debate in China.
If we look at the countries between the two—the “stans”—they are also countries that we have to put some diplomatic effort into. It is no good pretending that we do not know they are there; we have to put some effort into them. That is some way away from the Bill but it is part of what the Bill is about—trying to build a secure world. I would say, in the words of the old film, “You ain’t seen nothing yet.” We have not really had a sustained cyberattack in this country. Our cashpoints have not stopped working yet. The computer system has not crashed completely yet, but the technology is almost there to make it happen, and that has to be part of our challenge.
I have great admiration for the Minister, but I question whether DCMS is the correct department of state to be looking at our future and our preparations to deal with the technological, technical challenges that lie ahead. I have a lot more confidence in looking at the noble Lord, Lord West, and the strategic and security services to lead on this measure than in DCMS, which I think has a very different job and I am not sure, frankly, is the right department to be handling this. Having said that, I look forward to helping my noble friend the Minister get the Bill through the House as a contribution—I think it will turn out to be a very small contribution—to the journey that we have to embark upon.
My Lords, it is a pleasure to follow my noble friend Lord Balfe and I declare my technology interests as set out in the register.
I have four quick points for this stage of the debate. First, on diversification, it is clear that if there is a monopoly, duopoly or triopoly, it does not matter what the market is, the results are highly likely to be suboptimal, and that is what we see in our modern telecoms situation. Can my noble friend the Minister update the House on what is happening on the national telecoms lab and what is at the core of its mission? To build on the words of the noble Earl, Lord Erroll, I completely agree on the need for a telecoms sandbox and to build on the firms that would go through it. A scale box to follow on from that would seem an excellent idea for the United Kingdom. As he said, it has worked tremendously successfully in fintech, led by the Financial Conduct Authority, and could have a significantly positive impact on our telecoms business.
As many noble Lords have commented, cyber is the future, and that future is now—whether it comes from fraud by individuals or from state actors, it will become an increasingly invasive part of everything that we do. Does the Minister believe that we are doing everything that we can to leverage the cyber capabilities we have in this country, not just those excellent public resources at GCHQ and the NCSC but across the private sector? On that note, can she update the House on when the review of the Computer Misuse Act may be coming through and what positive impact it will have for all the people who work to try and keep us safe in cyber- space?
Other noble Lords have mentioned the levelling-up agenda, and mobile telephony is certainly not just a part but a critical part of that. If one does not have that connectivity or the skills to operate in that world, what hope is there of securing the employment, lives and social connections that everyone should be entitled to have a right to aspire to and achieve? I give one small specific example in terms of telecoms security. BT is due imminently to shut down the copper network, which is what we all consider to be landlines. Is my noble friend the Minister assured that everything is being done to protect all, not least vulnerable, citizens, particularly those currently at the sharp end of digital exclusion? What is being put in place to ensure that when that copper network is switched off—“retired” is the term being used—those citizens are not left at the extraordinary sharp end of exclusion? Imagine, for example, in the area of security, if they find themselves in need of a 999 service and need broadband to have a new connection, or they do not have the digital skills. What will occur if that is the case?
Finally, building on what my noble friend Lord Young talked about on the justiciability of decisions, does the Minister agree that if the Secretary of State had alongside him the NSC, that could only be positive in terms of the determinations that would be likely to come out of those deliberations?
Telecoms matter massively, as do all new technologies that we have in our hands. The crucial thing is that there are threats that we can know about, Rumsfeldians that we could go into and much that we cannot know about the future. But the most important thing that we can know is that the future is in our hands—all our hands.
My Lords, this has been a thoughtful debate, with contributions from several former Ministers who have worked in this area, including the noble Lords, Lord Young and Lord Vaizey, and the noble Baroness, Lady Morgan. Their insights into the challenges here are welcome. As this Second Reading has shown, we have a problem and the Bill is put forward as the solution. I thank the noble Baroness, Lady Barran, for laying out its provisions and intentions clearly.
The problem identified is the security risk potentially embedded in our telecoms systems, as exemplified by Huawei and other companies. Set against that, especially as we seek to make our own way outside the EU, is the Government’s aim that the UK should be at the forefront in science and technology, as laid out as the strategic direction for the UK in the integrated review. Therefore, there is a need to draw on the best telecoms systems, as the noble Baroness, Lady Morgan, clearly laid out.
However, in addition, balancing the ability to use whatever is best in the market globally and the need to protect our security is another vital strand. We cannot and must not use technology built on human rights abuses and thus become complicit in those abuses, rather than fight to address them. Noble Lords have set out the challenges, particularly from the rise of China, as well as the necessity of not using companies built on abuse. The experience of the middle of the 20th century marks a huge warning to us. We need only look at the history of the chemical and pharmaceutical giants that multiplied in size in Germany and were built on the appalling slave labour in the extermination camps.
We know that genocide and gross human rights abuses are not things of the past. We need to be ever vigilant. Up to 1.5 million Uighurs have been forcibly removed by the Chinese state by mass transit and put into forced labour camps in which components used in Huawei technology are made. The noble Lords, Lord Alton and Lord Balfe, and the noble Baronesses, Lady Bennett and Lady Stroud, all emphasised those important points. When the Minister winds up, as the noble Lord, Lord Alton, requested, I should like her to outline what further action the Government will be taking that regard, given the international obligation to take such action once a country becomes aware that genocide may be occurring. We have signally failed to challenge China in regard to Hong Kong. What lessons have we drawn from that? Does the Minister agree that the Bill should not simply set technological advance against security but incorporate that concern? Can any other position be justified?
The key issue is whether the Bill achieves what it sets out to do and whether it brings its own risks and possible unintended consequences. As my noble friend Lord Fox and others have said in this Second Reading debate, we support the principles of the Bill. I note that the noble Lord, Lord West, the House of Lords member on the Intelligence and Security Committee, said that the Bill rightly seeks to address concerns first raised by his committee seven years ago in its report, Foreign Involvement in the Critical National Infrastructure. He feels that the Government are finally listening to those warnings. However, as with the National Security and Investment Act, he reports that his committee is
“concerned that the Bill does not provide for sufficient parliamentary oversight of these important new powers.”
The noble Earl, Lord Erroll, and others also warned on that.
The noble Lord, Lord West, made the sensible point that if the material is sensitive, it should be submitted to the ISC—that is the very purpose of the committee. The noble Lord, Lord Holmes, just reiterated that. Alternatively, of course, we could just look behind bus stops in Kent and then gather it up and pass it to the noble Lord, Lord West.
The theme of scrutiny came through from other noble Lords. The Delegated Powers Committee has expressed reservations and my noble friend Lord Clement-Jones went further in his criticism in this regard. The Bill gives Ofcom new powers to monitor and assess the security of telecoms providers, with very heavy fines if companies are deemed to have transgressed. It introduces new controls on the use of Huawei 5G equipment, including a ban on the purchase of new equipment from the end of 2021 and a commitment to remove all equipment from 5G networks by 2027.
My noble friend Lord Fox set the Bill several tests. He asked whether the Bill’s effect can be shown to shut out the technology it is meant to shut out. Can we be assured that the Government and Ofcom have the right powers, the necessary checks and balances, and the resources to do such work? When it comes to supply chain diversification, are we able to shut out Huawei and others but still have 5G in a timely manner? My noble friend Lord Fox, the noble Baroness, Lady Morgan, and others also noted the lack of diversity we face here—the noble Baroness, Lady Morgan, identified it as a market failure—and the risks that this poses to the economic position of the United Kingdom. The noble Lord, Lord Young, pointed to the report of the noble Lord, Lord Livingston, which sets out clearly the ways in which the UK might be able to develop this industry and how that requires working with other like-minded countries so that there are common standards and codes of practice. I look forward, as no doubt others do, to receiving the letter which the noble Lord suggests the Minister should write on the matter.
We have already heard concern about the powers given to the Government and to Ofcom. We also hear of concerns about the lack of clarity and transparency, which, as my noble friend Lord Clement-Jones said, is causing great concern within the industry. The criticism is that the proposed measures are either technically unworkable or damaging to the industry. One area which my noble friend flagged is in relation to providers whose networks are not based only in the United Kingdom and which would therefore find it challenging to engage as codes might be drawn up if there is no formal structure through which this might be done. My noble friend argues for a technical advisory board, and I note also that concerns were expressed about the flexibility and future-proofing of the Bill.
The Minister spoke of the Bill applying not just to one company, one country and one threat. That clearly must be the case. I note, for example, what the noble Lord, Lord Young, said about the number of departments which might be relevant here and the newly pressing risks of cyber rather than conventional warfare, yet the absence of the DCMS Secretary of State from the National Security Council points to our being behind the curve.
Questions have been raised which will need to be considered in areas beyond the Bill. There is a wide challenge here, as the noble and gallant Lord, Lord Stirrup, the noble Lord, Lord Balfe, and others emphasised. As we move to green technology, China is far ahead of us, controlling the raw materials as well as the technology needed to power it. That competitive advantage has probably been given rocket boosters by the pandemic, as the noble Lord, Lord Alton, noted in relation to lateral flow tests. I took one the other day; it was a sort of strange little pregnancy test. Clearly, all this has brought economic benefit to the Chinese economy from our reliance on its traders for so much of the resources needed in the pandemic. As the noble Baroness, Lady Stroud, pointed out, we are moving into a different geopolitical landscape, although the noble Lord, Lord Maxton, put us as perhaps a little point in a very long historical process.
We are indeed in challenging times, out of the EU and unable therefore to strengthen our position as we could before as part of the richest trading bloc in the world. Instead, we need to find allies as the headwinds of changing superpower strengths buffet us. How closely then are we working with the EU on this as well as with the United States? The Bill marks a recognition of that challenging position, but in Committee and on Report there will no doubt be challenges as to whether it can deliver that security and moral compass which the Government claim, at the same time as we face major financial pressures, out of the EU and recovering from the pandemic. I look forward to the Minister’s response.
My Lords, new technologies have long transformed the way we work, live and travel, but our experiences during the pandemic have upped the ante on the degree to which we rely on telecommunications networks. Today we have heard an enlightening and probing debate in which noble Lords have considered the number one priority of any Government: our national security.
The risk we face is as significant as it is real. The noble and gallant Lord, Lord Stirrup, spoke with insight about the need for agility and adaptability to meet the risks that we face in a resilient manner. The most recent UK Cyber Security Breaches Survey found that 62% of information and communications companies surveyed identified breaches or attacks in just the last 12 months, compared with 46% across all sectors. Many of us have first-hand experience of these security risks, as described in the Bill’s impact assessment. The noble Lord, Lord Vaux, thoughtfully brought that reality to life by describing the horrors that so many people face, day in, day out, which will be very familiar to many of us in this House.
When O2 suffered a major network failure in 2018 due to an expired software certificate, over 32 million users in the United Kingdom had their data network go down for up to 21 hours. In 2015, hackers targeted TalkTalk, stealing the personal data of over 1 million customers. In the same year, security was undermined when internet traffic for BT customers, including a UK defence contractor that helps deliver our nuclear warhead programme, was illegally diverted to servers in Ukraine. Understandably, these incidents and many others generate deep unease and a lack of national and individual security, which the Bill must address.
We can reflect that a sector that should have been subject to rather more attention over a decade ago is now the subject of this Bill. During this period we have lacked a telecoms industrial strategy and have seen a focus on foreign investors over and above our national security. Since 2010, successive Governments have allowed the sector to be dominated by a high-risk vendor, taking us from what were golden times to the current ice age. Regrettably, competition on price rather than security has become the order of the day, while security has been left to the market.
As the impact assessment identifies, the telecoms industry provides opportunities for new and wide-ranging applications, business models and increased productivity, whereby 5G will be used for everything, from autonomous cars to remote medical examination and health monitoring. This is crucial. Clearly, we will not achieve the Government’s aim of becoming a science and tech superpower by 2030 without it.
Let us also remember that the complex UK telecoms industry contributes £32 billion to the economy and directly provides nearly a quarter of a million jobs. It is therefore important that we legislate for the Government to have the power to act to prevent dependency on high-risk vendors such as Huawei, and to recognise the blurring of the lines in the grey zone, where cyber- attacks on critical infrastructure will become, regrettably, increasingly regular.
This Bill is a necessary step and, in general, we welcome it. However, I have some words of caution, many of which chime with the themes highlighted during this debate. There cannot be a scattergun approach to security, and it is the absence of a joined-up approach that I want to pursue first. I was interested that the noble Lord, Lord Young, raised points about the number of departments that telecoms security touches and the need to resolve this interface in a co-ordinated fashion. I hope that the Minister can explain how this will be resolved and how this Bill interacts with the National Security and Investment Act, which recently passed through this House. How will the Government’s stated intention of having complementary regimes that protect telecommunications’ critical national infrastructure from national security threats be achieved?
The Government have said that the National Security and Investment Act was needed as the Tele- communications (Security) Bill does not extend to investments in the communications providers themselves or investments in other infrastructure used to provide communications. It also cannot prevent the acquisition of vendors by hostile actors. To this end, are the Government actively considering further redrafting of the communications supply chain definition, potentially listing the specific components of the supply chain that should be caught? When will we see the final sector definition for the communications sector?
Concerns have been expressed today, which I share, about what is not in the Bill as much as what is in it. The exclusion of the cross-party Intelligence and Security Committee from oversight of the measures in the proposed legislation, despite its remit in relation to national security, is baffling at best and deliberate at worst. As my noble friend Lord West so ably highlighted, this came up in the National Security and Investment Act and yet the relevant parliamentary committee is well and truly parked out of sight. It is hard not to suggest an unhealthy aversion by the Government to the committee since failing to secure the post of chair for their preferred candidate, which, if so, would be a failure of duty to do the right thing. On the matter of scrutiny, I was interested in the thoughtful considerations from the noble Earl, Lord Erroll, and I am sure these matters will be debated further.
On the continuing theme of what is missing, diversity of suppliers is needed at different points of the chain with sufficient support for the UK’s own start-ups. However, the Bill does not even mention supply chain diversification or the diversification strategy, even though we all agree that we cannot have a robust and secure network with only two service providers, which is the number that we will have left once Huawei is removed from our networks. Support for Britain’s start-ups is needed to deliver this diversity, but the Government’s investment of £250 million will surely not be enough. As the Science and Technology Committee has called for, will the Government produce an action plan with clear targets and timeframes for how that funding will be spent?
This Bill provides a vast and continuing expansion of Ofcom’s remit. It also gives the regulator sweeping new powers and responsibilities. However, Ofcom lacks experience in national security. These changes will demand the recruitment of people with specialist skills and the required level of security clearance. How will this be handled? The impact assessment states that the cost of monitoring compliance for Ofcom is up to £49.4 million from now up to 2029. Can the Minister assure the House that Ofcom will have the relevant resources?
The security of our telecoms network sits firmly within an international context, as my noble friend Lord Maxton said. As the impact assessment states:
“The most significant cyber threat to the UK telecoms sector comes from states. The UK Government has publicly attributed malicious cyber activity against the UK to Russia and China as well as North Korea and Iranian actors”.
This concern is clearly shared with our key allies, as confirmed in the recent NATO summit’s communiqué.
This Bill was published in November—before the integrated review of security, defence, development and foreign policy had concluded. The review states:
“Under the provisions of the Telecommunications (Security) Bill, supported by the 5G supply chain diversification strategy, we will … work with partners, including the Five Eyes, to create a more diverse and competitive supply base for telecoms networks.”
Can the Minister advise how this work is proceeding? How many companies in our supply chain sector have Russian or Chinese owners?
The noble Lord, Lord Alton, made a powerful intervention, echoed by other noble Lords, about the need for due diligence in respect of human rights—something that has been of great and continuing concern to this House. The continuing persecution of the Uighur Muslims and their plight shames the world. I am sure that the Minister will wish to reflect on this matter.
In the course of this debate, your Lordships have heard much about Huawei being the perfect illustration of why this Bill is needed. We support the action to protect the UK from the threats presented by this high-risk vendor that has huge strategic significance. As a Chinese company it could, under China’s national intelligence law of 2017, be ordered to act in a way that is harmful to the UK, and the Government state that,
“the Chinese State (and associated actors) have carried out and will continue to carry out cyber attacks against the UK and our interests”.
Despite this clarity, the telecoms supply chain review of 2018 recommended that Huawei equipment should be removed only from the sensitive part of the core network and could still make up a maximum of 35% of the non-core systems with a deadline of 2023.
In 2020, UK telecoms companies were latterly told by the Government that they would be banned from buying Huawei’s 5G equipment from January 2021 and that the Government want complete removal of Huawei equipment from our 5G networks no later than 2027—as we have heard, at a cost of £2 billion and a delay to 5G rollout by two to three years. Can the Minister indicate how the UK is going to benefit from the costly debacle of ripping out Huawei?
On spreading the risk, the Government’s vendor diversity task force said that the UK must ensure that smaller telecoms equipment makers become key suppliers of Britain’s 5G mobile phone networks once kit from Huawei is stripped out of the infrastructure. It said that smaller equipment manufacturers should provide 25% of the kit used in 5G networks. Have the Government accepted this target? We cannot end up in a similar situation again as we saw with Huawei.
This Bill must be future-proofed and provide for a horizon-scanning function to identify emerging threats and potential weaknesses in UK telecoms providers’ asset registers. We will be seeking amendments to the Bill that fill in the many missing gaps and will work across all parties to do so. As I have said, it is as much about the glaring omissions as it is about what the Bill contains. The UK cannot end up in another costly security debacle as we did with Huawei. The Government need to look to the future rather than letting it continue to overtake us. Let us hope that this Bill can do that job.
My Lords, I thank all noble Lords who contributed to this rich debate for their contributions, for the warm welcome they offered the Bill, and for the way in which, in very different ways, they highlighted the importance of the issues which the Bill seeks to address.
Today’s debate has been wide-ranging. We have debated the principles and the practice of the Bill and we have touched on a number of issues that are beyond its scope. I shall start my closing remarks by focusing on those matters that speak directly to the Bill, as well as those that are closely adjacent to it, such as diversification, before moving on, if, as I hope, time permits, to other matters raised in the debate. Some of the issues raised sit beyond my department’s remit, but I will do my best to respond to them and will write to all noble Lords on any matters that time does not permit me to address today. I stress that I and my officials are very open to continuing these discussions in more detail ahead of Committee.
As my right honourable friend the Secretary of State said at Second Reading in the other place, the Bill raises the security bar across the board and protects us against a whole range of threats. Although there may be disagreement on some points in the Bill, I welcome the fact that it clearly has strong support in this House and, as we saw, the other place. We are all committed to putting the UK’s national security interests first.
Before I go into the detail of the Bill, the noble Baroness, Lady Merron, rightly asked how it fits with wider regulation of critical national infrastructure. This is indeed one of a number of measures that the Government are taking to protect the security and integrity of that infrastructure. So, while this Bill focuses on telecoms security, there is already a range of regulations governing the security of other critical sectors, each tailored to different risks. The Bill will complement those pre-existing regulations by ensuring the security and resilience of the public telecoms networks on which our critical sectors rely.
The recently enacted National Security and Investment Act, to which the noble Baroness referred, empowers the Government to scrutinise, impose conditions on or, as a last resort, block foreign investment wherever there is an unacceptable risk to Britain’s national security. Rather than addressing investment, the Bill would enable the Government to protect our networks from risks posed by vendors who supply, provide or make available goods, services or facilities to public telecommunications providers. Once it is passed, the Bill will work alongside the National Security and Investment Act to protect our networks from threats, both now and in the future. My noble friend Lord Young of Cookham also asked how different government departments were co-ordinating their policy responses in this area. I will take up his kind invitation to write to him, and will of course copy other noble Lords into my response.
A number of your Lordships, including the noble Lord, Lord Clement-Jones, my noble friends Lord Vaizey and Lady Stroud, the noble Lord, Lord Alton, and the noble Baroness, Lady Merron, all asked how we were managing the risk posed by Huawei in the interim, ahead of the Bill becoming law. The Government have always considered Huawei to pose a relatively high risk to the UK’s telecom networks compared with other vendors. There has been a risk mitigation strategy in place since Huawei first began to supply equipment to the UK’s public telecoms providers.
The Government have announced extensive advice to manage the security risk posed by Huawei, based on the analysis of our world-leading experts at the National Cyber Security Centre. The Secretary of State has announced advice that providers should remove all Huawei equipment from 5G networks by the end of 2027 and, in order to clearly set out the pathway to zero, he also announced advice that providers should stop procuring new 5G equipment from Huawei after 31 December 2020 and stop installing Huawei equipment in 5G networks after September 2021. Together, all this advice will protect our networks from the risks posed by Huawei. Once passed, and subject to the relevant consultation requirements, the Bill will enable the Government to give legal effect to all this advice.
My noble friend Lady Stroud asked about other high-risk vendors. The Bill responds to the threats and risks that we outlined in the telecoms supply chain review. It gives us the ability to manage any high-risk vendor, both now and in future. We have named Huawei and ZTE as high-risk vendors, but we will continue to keep the presence of high-risk vendors under review.
A number of your Lordships, including the noble Baroness, Lady Merron, my noble friends Lord Vaizey and Lord Young of Cookham, and the noble Lord, Lord Fox, talked about the role, resources and capacity of Ofcom. We are confident that Ofcom will have the capability and resources to undertake its expanded role, although we recognise the competitive market for recruitment in this area. As I mentioned in my opening remarks, the Bill places a new, general duty on Ofcom to ensure that providers comply with their new security duties. We are working closely with Ofcom to ensure that it has the required resources to meet its new responsibilities, and we will keep that under review.
I shall now cover the issues relating to scrutiny in the Bill. The first of these relates to the Secretary of State’s ability to issue designation notices and designated vendor directions. This issue was discussed at length in the other place throughout the passage of the Bill, and more recently was referred to by the Constitution Committee, and I will address the remarks of both that committee and the Intelligence and Security Committee.
The noble Lord, Lord Clement-Jones, raised the recommendation from the Constitution Committee to increase oversight of the Bill’s powers by making them fall within the remit of the Investigatory Powers Commissioner. I can reassure noble Lords that the Secretary of State will use the power to issue designation notices and designated vendor directions only when it is necessary to do so in the interests of national security and where the requirements to be imposed are proportionate. The Bill already contains effective mechanisms for oversight of the Secretary of State’s use of the powers to give a designated vendor direction or designation notice.
The Bill requires the Secretary of State to lay copies of designation notices and designated vendor directions before Parliament. This will provide Parliament with the opportunity to scrutinise the use of these powers. On very rare occasions, the Secretary of State may choose not to lay a designation notice or direction before Parliament, because to do so would be contrary to the interests of national security. Where this is the case, the DCMS Select Committee will be able to view such directions and notices.
The Investigatory Powers Commissioner has responsibility for reviewing the use by public authorities, such as intelligence agencies, police and local authorities, of the powers in the Investigatory Powers Act. However, the Investigatory Powers Act regime is not directly comparable with the new powers and framework set out by the Bill. Oversight of the Investigatory Powers Act regime by the Investigatory Powers Commissioner is considered appropriate because of the potential intrusion into the private lives of individuals as a result of the use of covert powers. The national security powers in this Bill are very different from those in the Investigatory Powers Act: they are focused on protecting public telecoms networks and services from the threats posed by high-risk vendors.
The noble Lord, Lord West, the noble Baronesses, Lady Merron and Lady Northover, the noble Earl, Lord Erroll, and others raised the issue of scrutiny by the Intelligence and Security Committee. I pay tribute to the noble Lord, Lord West, and all other members of the Intelligence and Security Committee for the important work they do. We recognise the importance of effective scrutiny of the use of the Bill’s powers, and I am happy to correct the impression that the noble Lord, Lord West, suggested—that the Government want to avoid scrutiny in the Bill. That is why, as I said, the Bill requires the Secretary of State to lay copies of designation notices and designated vendor directions before Parliament, unless doing so would be contrary to the interests of national security. I referred to circumstances where this might be possible in my remarks on the advice of the Constitution Committee.
As noble Lords are aware, the activities of DCMS are not within the remit of the Intelligence and Security Committee. That committee’s remit extends to the intelligence agencies and other government activities related to intelligence or security matters, as set out in its memorandum of understanding. But the advice of the intelligence agencies will not be the only factor that the Secretary of State will take into account when deciding what is proportionate to include in a designated vendor direction. As well as the advice of the National Cyber Security Centre, the Secretary of State will consider, among others, the economic impact, cost to industry and impact on connectivity of the requirements in any designated vendor direction.
The ISC does not have a remit to consider non-security issues, such as the economic and connectivity implications of the requirements in designated vendor directions, but the DCMS Select Committee can consider those wider impacts. That is why, despite my noble friend Lord Balfe’s caution in this regard, we believe the DCMS Select Committee is the correct and appropriate body to see copies of designation notices and designated vendor directions that are not laid before Parliament.
My noble friend Lord Young of Cookham asked whether a designation notice or designated vendor direction is justiciable. Designated vendor directions and designation notices are subject to ordinary judicial review principles. However, the Secretary of State will issue designation notices and designated vendor directions only where they are necessary in the interests of national security and where the requirements in the direction are proportionate. As I mentioned, there are exceptions, which we expect to be rare, where it could be harmful to national security to lay a direction before Parliament, for example where doing so would expose particular security vulnerabilities.
The noble Lord, Lord Clement-Jones, asked about the delegated powers in the Bill and the recommendations of the Delegated Powers and Regulatory Reform Committee, as did my noble friend Lord Young of Cookham. The committee has made one recommendation relating to the power to issue codes of practice about security measures. I am sure that the House will appreciate that we need some time to consider the recommendation. We will respond once we have done that.
A number of noble Lords, including the noble Earl, Lord Erroll, the noble Lord, Lord Fox, and my noble friends Lady Morgan and Lord Vaizey, raised issues about the Government’s work on diversification. Although this is not a matter that the Bill speaks to directly, as your Lordships pointed out, I am delighted to address it. The Government recognise the importance of a diverse supply chain for creating a resilient national telecoms network, which is why we published the 5G diversification strategy alongside this Bill. That takes forward the Government’s commitment in the telecoms supply chain review to respond to the lack of diversity in the supply chain. We are leading the way in solving this through our ambitious diversification strategy.
The diversification task force, led by my noble friend Lord Livingston of Parkhead, has now concluded its initial work. Its findings and recommendations were published on 20 April. As my noble friend Lord Young pointed out, they raise the opportunity for our businesses in this area to win new markets through the creation of shared standards. The Government will respond to the task force’s findings and set out our next steps in this ambitious programme this summer. My noble friend Lord Holmes asked for an update on our UK telecoms lab. We will be able to say more on that later this year, but we plan to respond to all of the priorities raised in the very helpful report from the diversification task force.
The noble Lord, Lord Fox, asked for a definition of “incumbent suppliers”. The diversification strategy defines them as those present in the network that are not high-risk vendors, which therefore would include non-UK businesses such as Nokia and Ericsson.
The noble Baroness, Lady Northover, and the noble Lord, Lord Clement-Jones, asked about our engagement with business. We continue to engage regularly and closely with public telecom providers, including the largest companies, such as BT, and the trade bodies representing small businesses. Their feedback has been invaluable in our policy development. We will consult with them further on the draft code of practice after Royal Assent to ensure that all those affected can make their voices heard.
The noble Lord, Lord Maxton, asked about our international engagement. We have engaged with partner countries throughout the drafting of this Bill and will continue to do so once it has passed. As he rightly pointed out, our networks face similar challenges to those of networks in other countries. It therefore makes absolute sense to find international solutions to them.
The noble Lord, Lord Vaux of Harrowden, obviously has a similar social life to mine. I definitely get more fraudulent calls than I do any other type of communication. As I wrote to him, this Bill is not intended to address the extremely important issues that he raised. The Government are exploring a range of different measures aimed at tackling criminal abuse of the telecommunications network, including fraud. This work is led by the Home Office. I am happy to meet with him to discuss it further if that is helpful or co-ordinates him being in touch with the right colleagues at the Home Office.
Turning to the issues of human rights, the noble Lord, Lord Alton, asked about the compliance of the ministerial statement on the face of the Bill with the Human Rights Act. As printed, I made a statement under Section 19 of that Act that:
“In my view the provisions of the Telecommunications (Security) Bill are compatible with the Convention rights”
as defined by Section 1 of the Act. I stand by my statement. I do not think there are any provisions in this Bill that are incompatible with the convention rights. The statement is about the content of the Bill. The noble Lord has implied that actions of another country might bring the Bill’s compatibility into question, but I think that is a misunderstanding of the purpose of the statement.
Many of your Lordships rightly raised issues of human rights in China, including the noble Baronesses, Lady Northover and Lady Merron, the noble Lord, Lord Fox, and my noble friends Lady Stroud and Lord Balfe. I start by paying tribute to the noble Lord, Lord Alton, for his ongoing commitment to standing up for human rights around the world, including in Xinjiang. The Government stand in complete solidarity with him and the eight others who were sanctioned by China. This House has debated these issues at length and rightly so, as they are important. The Government share the noble Lord’s serious concern about the human rights situation in Xinjiang. Indeed, he recently secured a Question for Short Debate on this topic, to which my noble friend the Minister of State for South Asia and the Commonwealth responded.
It is because this issue is so important that we have, as a Government, taken a wide range of actions this year and I cannot accept his suggestion of complacency on the part of the Government. The UK Government have led international efforts to hold China to account for its human rights violations in Xinjiang. We led the first two statements on Xinjiang at the UN and have utilised our diplomatic network to raise the issue up the international agenda. Most recently, on 22 June, the UK joined 43 other countries at the UN Human Rights Council to condemn China’s human rights violations in Xinjiang and Tibet, as well as the deterioration of fundamental freedoms in Hong Kong referred to by the noble Baroness, Lady Bennett, and others. On 13 June, the G7 leaders’ communiqué called on China to
“respect human rights and fundamental freedoms, especially in relation to Xinjiang”.
Noble Lords will be aware that in January the Foreign Secretary announced a package of measures to help ensure UK businesses and the public sector are not complicit in human rights violations or abuses in Xinjiang. Those measures include robust and detailed new guidance to businesses, a review of export controls as they apply to China, a commitment to introduce financial penalties under the Modern Slavery Act and increasing support for UK government bodies to exclude suppliers complicit in violations.
I know the noble Lord is particularly interested in hearing more about the review of export controls. He will be aware that export controls are already applied to a range of goods which may be used for internal repression or to breach human rights, as set out in the Export Control Act 2002 and accompanying secondary legislation. The review announced by the Foreign Secretary in January will ensure that we have captured the full range of goods as applicable to the current situation in Xinjiang and will determine which additional specific products will in future be subject to export controls. The Government will report back to Parliament on the outcome of the review in due course.
I also note the Private Member’s Bill introduced by the noble Lord, Lord Alton, regarding the duty on businesses to produce modern slavery statements. The Government have already committed to strengthening Section 54 of the Modern Slavery Act 2015 and I know that the noble Lord engages regularly with the Home Office on this matter. I can reassure all your Lordships that tackling modern slavery continues to be a priority for this Government. This is why the Government announced a review of our modern slavery strategy earlier this year.
A new strategy will cover our cross-government response, including how business and government can effect change through their supply chains. In September 2020, the Government committed to take forward an ambitious package of measures to strengthen the Act. As I have mentioned, this was followed in January 2021 by a commitment to introduce financial penalties for organisations that fail to meet their statutory obligations to publish modern slavery statements under the Act. Legislation to take these reforms forward will be introduced when parliamentary time allows.
The amendment tabled and adopted during the passage of the Trade Act further highlights that the Government take these issues seriously. The amendment ensures that a debate and vote in Parliament can happen in response to credible reports, expressed by a responsible Committee, about genocide in a country with which we are proposing a new free trade agreement. I can now confirm that the Foreign Affairs Select Committee in the other place has agreed to be charged with this role, subject to agreement by the House. Discussions are still ongoing in the other place and will begin in this House when there is a willing Committee.
This Bill, however, is focused on the security of the UK public telecoms network and services. It is not the right legislative vehicle to address concerns about human rights and modern slavery. Clause 16 makes it clear that designation notices can be issued to vendors only where the Secretary of State considers that it is necessary to do so in the interests of national security. The Government consider that the Secretary of State should be required to assess national security as strictly about the security of our nations.
I apologise to noble Lords: I know that I have overrun but it was a rich debate. I hope noble Lords will accept that it was worth addressing some of the important points raised. I look forward very much to working with your Lordships across the House to pass this important legislation. As I have said, the Bill will create one of the toughest regimes for telecoms security in the world. It will enable us to protect our critical national infrastructure and shield our networks for years to come. The noble and gallant Lord, Lord Stirrup, gave the Government a helpful and powerful challenge: to be forward-looking as we think through this legislation; to recognise the need for a balance between cost, resilience and risk; and to adopt an approach that combines agility and adaptability. Again, I invite noble Lords who wish to talk about any particular issues related to the Bill to contact me or my officials, and I look forward to debating this further in Committee.
Bill read a second time and committed to a Grand Committee.