(1) The Communications Act 2003 is amended as follows.
(2) After section 105Z29 insert—
“105Z30 OFCOM’s Annual Report
(1) Every report under paragraph 12 of the Schedule to the Office of Communications Act 2002 (OFCOM’s annual report) must include a statement on—
(a) the adequacy of OFCOM’s resourcing in fulfilling its functions under the amendments made to this Act by the Telecommunications (Security) Act 2021;
(b) OFCOM’s determination of the adequacy of measures taken by network providers in the previous 12 months to comply with sections 105A and 105B of the Communications Act 2003 and regulations made thereunder; and
(c) OFCOM’s assessment of emerging or future areas of security risk based on its interrogation of network providers’ asset registries.
(2) The statement required by subsection (1)(a) must include an assessment of—
(a) the adequacy of Ofcom’s budget and funding;
(b) the adequacy of staffing levels in Ofcom;
(c) any skills shortages faced by Ofcom.”—(Chi Onwurah.)
This new clause introduces an obligation on Ofcom to report on the adequacy of their resources and assess the adequacy of the annual measures taken by telecommunications providers to comply with their duty to take necessary security measures. It also requires Ofcom to assess future areas of security risk based on its interrogation of network providers’ asset registries.
Brought up, and read the First time.
I beg to move, That the clause be read a Second time.
With this it will be convenient to discuss the following:
New clause 2—Provision of information to the Intelligence and Security Committee—
(a) any direction or notice (or part thereof) that is withheld from publication by the Secretary of State in the interests of national security in accordance with section 105Z11(2) or (3) of the Communications Act 2003;
(b) any notification of contravention given by the Secretary of State in accordance with section 105Z18(1) of the Communications Act 2003;
(c) any confirmation decision given by the Secretary of State in accordance with section 105Z20(2)(a) of the Communications Act 2003;
(d) any reasons for making an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in the accordance with section 105Z22(5) of the Communications Act 2003; and
(e) any reasons for confirming or modifying an urgent enforcement direction that are withheld by the Secretary of State in the interests of national security in accordance with section 105Z23(6) of the Communications Act 2003.”
This new clause would ensure that the Intelligence and Security Committee of Parliament is provided with any information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an enforcement direction made on grounds of national security.
New clause 3—Network diversification—
“(1) The Secretary of State must publish an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communication networks and services.
(2) The report required by subsection (1) must include an assessment of the effect on the security of those networks and services of—
(a) progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;
(b) likely changes in ownership or trading position of existing market players;
(c) changes to the diversity of the supply chain for network equipment;
(d) new areas of market consolidation and diversification risk including the cloud computing sector;
(e) progress made in any aspects of the implementation of the diversification strategy not covered by subsection (a);
(f) the public funding which is available for diversification.
(3) The Secretary of State must lay the report before Parliament.
This new clause requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security of telecommunication networks and services, and allow for a debate in the House of Commons on the report.
Amendment 1, in clause 14, page 21, line 27, at end insert—
“(3) The Secretary of State must, in the process of carrying out reviews and drafting subsequent reports, consult the appropriate ministers from the devolved governments.”
It is a great pleasure to speak in this debate on Report. As I may have mentioned before, I am a chartered electrical engineer; before I entered Parliament, I worked for 20 years helping to build out the networks—fixed wireless and mobile—that became the internet. I am proud of that work and of the immense contribution that the telecommunications sector makes to our society, our economy and our security.
I am very pleased that today we are dedicating parliamentary time to our telecommunications sector. I thank all Members across the House who served on the Bill Committee for our many hours of fruitful debate as we strove to secure improvements to the Bill. I also thank the officials of this House, particularly in the Public Bill Office and the Library, who have provided such excellent support.
I declare an interest: many provisions in the Bill deal with the regulator Ofcom, and my last telecommunications role was with Ofcom. I joined it in 2004 just a few weeks after it was born, when it was to be a light-touch regulator, small and nimble. As a consequence of my time in the sector, I have been calling for greater security, particularly for our mobile networks, since I first entered this place in 2010.
The Labour party and I welcome the intention behind the Bill, but a number of areas in it need to be addressed. We are here today because of the Huawei debacle of the Government’s making. The Government have been forced to require the removal of Huawei, at an estimated cost of £2 billion and a delay of two to three years to our 5G roll-out, after overseeing Huawei’s rapid rise to be the foremost supplier to the telecoms company that carries our country’s name and universal service obligation: British Telecom.
The telecoms supply chain review found that there were no incentives for our mobile network operators to provide secure networks. Moreover, successive Tory Governments have squandered the world-leading position on broadband infrastructure left to them by Labour in 2010, as the United Kingdom has fallen down the league table from 27th to 47th in the world for average internet speeds. This lack of sovereign capability and absence of an effective telecoms strategy has resulted in our dependency on high-risk vendors, which the Bill seeks to address.
I am sure that you will be pleased to know, Madam Deputy Speaker, that I will not repeat the same arguments on Huawei that have dominated the debate over recent years. Given where we are now, we support the aims of the Bill. National security is the first duty of any Government, and Labour will always put national security first. Our telecoms infrastructure is clearly critical to our defence and security, as well as our economic prosperity.
We agree that, as the Bill sets out, the Secretary of State should have powers to designate vendors of concern and require mobile network operators to take appropriate action, and that Ofcom should have the power to monitor and enforce those directions. However, we wish to improve the Bill in three key areas, which our new clauses 1, 2 and 3 seek to address.
The first area is national security. Labour prioritises national security, and the sweeping powers that the Bill gives the Secretary of State must be used in the interests of securing our critical national infrastructure. Removing Huawei does not, in and of itself, make our networks secure now or protect them against future threats; that requires a number of additional measures, some of which are in the Bill and some of which are not. For a start, if our telecoms network is to be secure, there must be expert democratic oversight of the measures that make it secure—yet the Bill makes no provision for Parliament’s experts, the Intelligence and Security Committee, to be informed or consulted. We want to fix that.
Secondly, the security of our network depends on an effective plan to diversify the supply chain. We are very concerned that the Bill does not even mention diversification and thus risks short-changing our national security, our technological sovereignty and our telecoms infrastructure. We want to ensure that progress is made in diversification as a prerequisite for the security of the telecoms network and a UK sovereign capability should be a part of that.
Thirdly, the Bill gives many new responsibilities and powers to Ofcom. That follows a vast expansion of Ofcom’s remit over the past 10 years. We want to make sure that Ofcom is appropriately resourced to carry out its duties and to be forward looking, not simply looking back.
One of the great failings of the Bill is that the Government are so fixated on fighting the last battle—the Huawei battle—they are not looking to the future. That is, in part, because various Government Back-Bench Members have very real concerns about the rise of China and its influence on our infrastructure. But these concerns, however well justified, seem to be blinding the Government to threats that are not Chinese in origin. We want to fix that. We want Ofcom to have the resources and the will to monitor the evolution of our telecoms networks, so that future threats, wherever they come from, can be identified and we do not find ourselves forced, as we are now, to make a huge change to our networks, at a huge cost to our economy.
I turn to new clause 1. As I said in my opening remarks, I joined Ofcom in 2004 when it was in its infancy as a slimline regulator. I kept a copy of the Communications Act 2003 on my desk. Since then, that Act has already doubled in size as Ofcom has acquired responsibility for critical national infrastructure: the BBC; the Post Office; online harms—that Bill is coming down the road; and, in this Bill, parts of national security as well. This latest expansion of Ofcom duties will necessarily add a strain not only to its budget, but to its resources. In January, in response to my written question, the Government stated that Ofcom would have the resources that it needs to do the job, in which case the Minister should be keen to support new clause 1, which requires Ofcom to report on the adequacy of its resources in fulfilling its functions under the amendments made in the Bill.
Ofcom lacks experience in national security measures—this was discussed during the evidence stage—and the expansion of duties will require the recruitment of people with the required level of security clearance and experience. That is not going to be easy, as we heard during the evidence sessions. Emily Taylor of Oxford Information Labs said that Ofcom
“will have to acquire a very specific set of skills and capabilities and that will require substantial investment and learning as an organisation”.––[Official Report, Telecommunications (Security) Public Bill Committee,
These skills are rare. The memo from the Minister, for which I am grateful, sets out how Ofcom and the National Cyber Security Centre will work. While it is welcome that they will work together, it did not provide the reassurance that we need. Indeed, it suggests that Ofcom will be entirely dependent on the NCSC for cyber skills and therefore, presumably, unable to understand the advice that it receives from the organisation.
New clause 1 requires Ofcom to report annually on the adequacy of measures taken by network providers to comply with changes introduced in the Bill, empowering the Government to track the effectiveness of the legislation. However, new clause 1 does more than that. It ensures that Ofcom has the human and informational resources to be forward looking. As I said, we are concerned that the Bill is backward looking and does not look to future threats. New clause 1 requires Ofcom to provide an assessment of emerging or future security risks based on its interrogation of network providers’ asset registers.
I am pleased that the Government are taking steps—as I understand it from the Minister—to formalise existing best practice in the telecoms sector and ensure that national providers maintain asset registers. I can tell Members that that has not always been the case. As the Minister said during the Committee stage, asset registers are an
“important part of the existing landscape”––[Official Report, Telecommunications (Security) Public Bill Committee,
But I ask him: why does he not take this further? We need to ensure that we have a good understanding of our national assets and so can assess emerging threats. Doing so would have made Huawei’s dominance visible earlier and it would now enable warning signs of future concerns—and there are future concerns. Again, Emily Taylor said:
“I feel a little like we have been fetishising 5G and a single company for the last two years, perhaps at the expense of a more holistic awareness of systemic cyber-security risks… Healthcare systems probably would not have been top of the list two years ago, but now they are. The SolarWinds attack shows that the identity of the vendor is not always the key risk point. SolarWinds is a very trusted vendor from a like-minded, close ally country, and yet it turns out to be a critical single point of failure across key, very sensitive Government Departments, both in the US and the UK.––[Official Report, Telecommunications (Security) Public Bill Committee,
So I want the Minister to consider that in his response on this proposal.
I also ask the Minister to consider another very real possibility. As our networks evolve, key functionality moves from chips into software that will be running in the cloud. Our cloud infrastructure is dominated by one vendor, Amazon Web Services, whose cloud services cross-subsidise the retail services we are more familiar with and with which so many of our high street names are unable to compete. So in the near future it might be that although we think we have three, or four, or five separate mobile 5G networks, they would all, in effect, be running over one vendor, AWS. That would be a single point of failure were AWS to be bought by a hostile country or, as in the case of SolarWinds, even were it just to be hacked by a hostile operator, yet without this new clause I fail to see how the Bill would ensure we had warning of that. There is no requirement on Ofcom to assess how each network provider, and their supply chains, is evolving in its network architectures and the threat to our network security that follows. As is becoming a recurring theme with this Government’s approach to telecoms security and elsewhere, including to online harms, they appear capable of recognising a threat once it is here but incapable of putting in place the infrastructure to anticipate threats and protect our citizens accordingly. New clause 1 is designed to address that.
New clause 2 is designed to improve the Bill by ensuring greater scrutiny, focus and transparency, and addressing the deepening hole in accountability presented by the Government. As I have said, Labour have consistently supported the need for this Bill. Our approach has been to push for the change necessary to address security threats and, specifically, to allow the broad powers of intervention that this Bill gives the Secretary of State, while ensuring that those powers are overseen by Parliament.
This Bill provides substantial powers on national security to the Department for Digital, Culture, Media and Sport, a Department that lacks expertise, experience and understanding in matters of national security. New clause 2 would ensure that the Intelligence and Security Committee was provided with information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an existing enforcement direction made on grounds of national security by the Secretary of State as soon as is reasonably possible. During proceedings in this House and in the other place on the Bill that became the National Security and Investment Act 2021, we tried time and again to ensure ISC oversight of national security issues, with support from across the House and in the other place. The Government seem to have a blind spot here, and I hope the Minister will not put ideology before national security today.
In Committee, on
Most of the testimonies during the passage of both the National Security and Investment Act and this Bill have emphasised how national security threats are evolving, how the bad guys do not stand still, and how technology is becoming more and more important in every sphere of activity. Yet instead of responding, the Government stick to the same old ways. I urge the Minister to accept new clause 2.
On our new clause 3, on diversification, we believe that it is right to remove high-risk vendors from the UK’s networks and enable Government to designate vendors and require telecoms operators to comply with security requirements. However, our networks will not be secure if the supply chain is not diversified, as dependency is simply shifted to another point of failure. New clause 3 would require that network diversification be reported on annually. The Government claimed to recognise this point, and indeed set up the telecoms diversification taskforce over nine months ago. I have voiced concerns that this taskforce does not represent our whole country, or even the telecoms sector, but I welcome the report it published in April that identified the lack of joined-up thinking across Government as a potential barrier to diversification, with 20 different initiatives across different Departments that could contribute to diversifying the sector but had no effective overall responsibility or accountability. I hope the Minister will address that in his comments.
But the taskforce has yet to actually do anything, fund anything or get anything going. Nine months may not be long in ministerial terms, although not all Ministers last that long, but it is an age in technological terms. If the taskforce is going to move at this glacial speed, then we will have a single supplier telecoms supply chain embedded in our telecoms infrastructure within the next five years. Answers to parliamentary questions I have submitted show that none of the £250 million allocated to the taskforce has been spent, or earmarked, but we know there are small start-up suppliers in this sphere desperate for funding. We have innovative small businesses crying out for investment in Wales and the north-east, to name just two centres of excellence, so where is the investment to secure the future of these small businesses? Without it, the Government will not be able to achieve a diverse and resilient network.
That is why, as new clause 3 sets out, we need a reporting mechanism on network diversification, which is not mentioned in the Bill at all. Government inaction is putting our national security at risk. As I said, the 2019 telecoms supply chain review stated that there is
“a lack of incentives to manage security risks to an appropriate level”.
The Bill does not address that fully. During the evidence sessions, Emily Taylor stated that the Bill was very much
“at the stick end rather than the carrot end”. ––[Official Report, Telecommunications (Security) Public Bill Committee,
Dr David Cleevely was clear that
“you need both carrot and stick on things like this.”––[Official Report, Telecommunications (Security) Public Bill Committee,
Yet so far we have seen no investment to support a diversified supply chain. The Opposition have argued throughout the Bill’s passage that the sweeping powers that it affords to the Secretary of State and Ofcom must be put under proportionate scrutiny. In addition to the scrutiny of the ISC, the new clause would enable that, because it would bring about a debate in the House updating it on the progress to and barriers faced in network diversification. The new clause would therefore provide accountability for the diversification strategy’s progress and lead to real action, not just talk.
We cannot have a secure network with only two service providers, and the removal of Huawei leaves the UK with, effectively, only two service providers. Reliance on two providers creates “an intolerable resilience risk”. Those are not my words but the words of the Secretary of State. The chief technology officer of BT Group, the director of emerging technology at Ofcom and the former head of cyber-security at GCHQ all think that reliance on only two providers presents a risk, yet the lack of a link between the diversification strategy implementation and the security of our telecoms networks is an ongoing cause for concern. Now we have the opportunity to put that right. We need a diversified supply chain, and that means diversity of supply at a different point in the supply chain and that different networks will not all share the same vulnerabilities of a particular supplier. That is incredibly important for network resilience.
The new clause provides a reporting requirement that is simply not there in the Bill, although the entire success of the Bill depends on diversification. I hope that the Minister will take this opportunity to correct that.
Finally, I want to say a few words about the Scottish National party’s amendment 1. It requires the Secretary of State to consult leaders of the devolved nations when carrying out reviews or drafting reports required in the Bill. Given that telecoms is not a devolved issue, I would hope that consultation with the relevant Ministers of the devolved nations was a regular occurrence. Following the success of the Welsh Labour Government’s superfast Cymru project and the above-average level of fibre connections to Welsh homes, I hope that the Government would listen closely to any advice offered them on telecoms roll-out.
The Labour party recognises that our telecoms networks will never be safe and secure unless every region and nation of the United Kingdom has a say in how we build out our networks. Under this Government, nine of the 10 worst connected constituencies in the United Kingdom are all in Scotland; if the Government ever wish to reach their broadband and 4G rural broadband connectivity targets, they must address connectivity blackspots in every nation.
A fundamental characteristic of being part of our United Kingdom is that there is a pooling and sharing of resource. Therefore, roll-out targets in the UK must apply to the whole of the UK—not just new Conservative constituencies or those that have the Minister’s WhatsApp details. The devolved nations should be consulted when key infrastructural decisions are being made, so Labour is pleased to support the amendment.
I will finish now by celebrating the potential of the UK telecoms sector and the benefits that digital innovation and effective government can provide to all our lives. If the first industrial revolution was powered by engines, the fourth is driven digitally. The Bill is an opportunity to set in motion a bright future for British telecoms, creating an environment in which telecoms providers, including a sovereign UK capability, with the right subsequent Government support, can grow and thrive.
Unlocking the potential of 5G will not only vastly improve our connectivity and web experience but support new enabling technologies—from the internet of things to artificial intelligence. But that will not happen by accident; it requires political will. We must get this right, and without oversight, diversification and an appropriately resourced regulator we cannot get it right.
As we all agree, our national security is priceless, but until we see a detailed plan, a proper impact assessment and an industrial strategy, we in the Labour party will remain deeply concerned that the Government are not prepared to make the interventions necessary to ensure that our national security is safeguarded. I encourage everyone to support our new clause and take the necessary steps towards unlocking the UK’s digital potential.
The shadow Minister is a considerable specialist in this field; I particularly endorse what she says about the importance of a non-partisan approach to national security in this and other legislation. As noted on Second Reading, the Intelligence and Security Committee of Parliament has long been concerned about the security of the UK’s telecommunications networks. Our 2013 report “Foreign Involvement in the Critical National Infrastructure” identified serious failings in the way that successive Governments had managed the entry of foreign telecommunications companies into the UK market—Huawei especially—and we urged the Government not to sacrifice security in the pursuit of investment when it came to our critical national infrastructure.
“We are clear-eyed about putting national security first. If national security and economic interests are in conflict with each other, national security comes first.”—[Official Report,
That was a considerable advance on the coalition’s complacent response to our CNI report, which committed the then Government to do no more than “balance” economic prosperity with national security considerations. This change of approach and the Bill itself are thoroughly good news from the perspective of the ISC. Both the Secretary of State and the Minister, my hon. Friend Matt Warman, have been exemplary in reaching out to the ISC, and what I am about to say in no way reflects on them.
The problem with this legislation lies not in what has been included in the Bill, but in what has been left out of it in terms of scrutiny. The Bill grants significant new powers to the Secretary of State to designate certain vendors as high risk, and to direct telecoms providers to abide by certain requirements about the use of equipment from such designated vendors. When the Secretary of State issues, varies or revokes a designation notice or a designated vendor direction, he will lay it before Parliament, except when this would be contrary to national security. That is entirely reasonable. None of us would want the Government to publish information that would damage national security; that would not be in the national interest. However, as in the case of the recent National Security and Investment Act 2021, it does mean that there is a significant gap in Parliament’s oversight of these new powers. That should concern Members on both sides of the House.
The logical solution would be for any designation notices or designated vendor directions that cannot be laid before Parliament for security reasons to be provided to the ISC, the body that was expressly created by Parliament to scrutinise national security issues that cannot be laid before Parliament. As Members will know, the ISC is the only Committee of Parliament that has regular access to protectively marked information that is highly classified for national security reasons. Amendments to provide for such scrutiny were tabled in Committee, but sadly, the Government did not support the principle behind them for reasons that are—I am sorry to say—entirely unpersuasive.
It is both puzzling and exasperating that the Government are yet again refusing to use the Intelligence and Security Committee for the purpose for which it was created. As I reminded the House on
“The ISC is the only committee of Parliament that has regular access to protectively marked information that is sensitive for national security reasons: this means that only the ISC is in a position to scrutinise effectively the work of the Agencies and of those parts of Departments”,
such as the Department for Digital, Culture, Media and Sport,
“whose work is directly concerned with intelligence and security matters.”
New clause 2, tabled by the Opposition, would fix the problem in this instance, but there is no sign of the Government’s being willing to accept it. I regret that: we should not be knowingly passing legislation that has holes in it. The Government should not be creating new powers, or new units within Departments—as in the case of the National Security and Investment Act—without providing for effective parliamentary oversight of them. As previously explained in considerable detail on
Neither do assurances by the Government that the ISC is welcome to ask for information related to its remit from non-traditional national security Departments, such as BEIS, or in this case DCMS, offer any comfort. During the passage of the National Security and Investment Bill, Ministers repeatedly emphasised that
“there are no restrictions on the ISC requesting further information from the unit", in that case the BEIS investment and security unit,
“or the Secretary of State where it falls under the remit of that Committee.”––[Official Report, National Security and Investment Public Bill Committee,
However, when we recently did precisely that and asked BEIS for information related directly to our remit, we received a response that was so dismissive as to border on the contemptuous.
The ISC was created by Parliament to oversee national security matters on its behalf. It should not be for the Government to deny Parliament’s intent. Paragraph 8 of our memorandum of understanding with the Prime Minister explicitly confirmed that that oversight extends to
“those parts of Departments whose work is directly concerned with intelligence and security matters.”
If information relating to the use of the powers in the Bill cannot be laid before Parliament for reasons of national security, that information must surely be given to the ISC to scrutinise. Nevertheless, because the Bill is good legislation for which we have consistently called, the Committee will certainly not seek to impede its progress.
The National Security and Investment Act would have been lost entirely at the end of the last Session if the upper House had insisted once again on our amendments providing for proper ISC scrutiny. We were not then, and we are not now, in the business of seeking to scupper legislation that helps to safeguard our national security, but that does not mean that this serious scrutiny gap can be left unresolved. In our forthcoming annual report, we shall therefore ask the Prime Minister to agree an update to the ISC’s memorandum of understanding, in order for it explicitly to include oversight of these matters. I trust that by the time we lay our report before the House, we shall finally be able to announce a positive outcome.
It is a pleasure, once again, to follow the Chair of the ISC, Dr Lewis, as I did during the passage of the National Security and Investment Bill. He speaks with great wisdom and experience on these matters, and the Minister would do well to heed such advice from his Back Benches. It is also a pleasure to follow the shadow Minister, Chi Onwurah, who also speaks with great experience in this field. I have been fortunate enough to sit on a number of Bill Committees with her, and it is clear that telecommunications is very much her forte.
Let us consider the Bill in a wider context, before I drill down on the new clauses. We are essentially looking at foreign investment in our critical, national infrastructure. In real terms this is not a new thing. We are all aware, I hope, of the ISC report from 2013 on that very matter, and Huawei, and its role within our infrastructure, did not necessarily come as a surprise to anyone. I read the Bill’s Second Reading with much interest. The Labour party was trying extremely hard to absolve itself of any blame in that regard, which made for light entertainment over the past evenings. Of course, the Government are just as complicit in that regard, and complicit with a small c, because they were not necessarily looking at things with the view that they have now.
From my experience in this House, the Government have not covered themselves in glory when it comes to this topic. When I came into this place in 2019, one of the first key issues that was talked about—aside from Brexit, of course—was Huawei’s role within the UK, and we have seen the Government flip-flop from one view to another. It is testament to the hard work of many Government Members that they got the Government to realise just how serious this topic is and, indeed, was in years gone by.
Although there are concerns, the only thing that has really changed in the many years since 2013 is the seriousness with which the Government are treating this matter, and that seriousness extends to my colleagues and me. As my hon. Friend Richard Thomson made clear on Second Reading and in Committee, we are supportive of the Government’s efforts in this regard, as we were with the National Security and Investment Bill, but there are a couple of areas where the Government still need to provide a level of assurance. Notwithstanding the remarks that have rightly been made in relation to scrutiny by the ISC, importantly we need to be clear that the Government are going to pick up the tab in Scotland for all the equipment that will now be made surplus to requirements. We cannot have a situation where that is not the case, because it is their actions that have led to the situation we are in. We also need to ensure that the replacement strategy is both safe and secure, so that we do not find ourselves in a situation such as this ever again.
Notwithstanding the justified security concerns that we all have, perhaps the key thing lies in and around the issue of telecommunications. As was referenced by the shadow Minister, although not in the same detail, there are around 1 million people in rural Scotland who do not even have access to 4G. Of course, telecommunications is reserved to the UK Government—it is the responsibility of the Under-Secretary of State for Digital, Culture, Media and Sport, Matt Warman, and he will be cognisant of the fact that the 4G roll-out has not been as good as it should be. We all want to see the 5G roll-out, to ensure that we are in as advanced a position as possible, but we must ensure that the same mistakes are not repeated. I would certainly welcome assurances from the Minister in that regard.
That leads me to the SNP’s amendment 1, which seeks to ensure that the Government consult in full with the Governments in Scotland, Wales and Northern Ireland. It is vital that we have that link and that, while we remain a part of the United Kingdom, the UK Government work in partnership with the Scottish Government on such serious matters.
It will come as no surprise to the Minister that we are supportive of the new clauses tabled by Labour on ensuring that there is diversification, that there is parliamentary oversight and scrutiny, and that the ISC plays a key role. I would like to hear from its Members that they are equally supportive of the view that the devolved Administrations should play a key role in telecommunications.
It is always a pleasure to return to old arguments and ensure that they are still live, and I intend to do just that. From the beginning, I have supported the process and initiative taken by the Government; it was not without struggles early on. I do not intend to go into the details, but I will refer to them. Back in 2019 and early 2020, it became quite a battle over whose advice was better. It seemed to me at the time—and, in a way, I do not blame the Government for this—that the National Cyber Security Centre gave the Government poor advice about the security risk, which was tempered by the Government’s need to go ahead and get 5G moving.
That is always the problem that we face. If organisations are to give Government advice on security risks, it must be completely separated on the basis that that is their advice; they must not temper it to suit the Government. We have seen that happen all the way through—it is not just this particular Government. They have made the right decision, and I will come back to that, but if we go back, this has happened also with Labour Governments and Conservative Governments of the past. Successive Governments have underestimated the growing risk that is coming particularly from China, but also from other countries. They were already aware of the risk from Russia.
I agree with the reference that my right hon. Friend Dr Lewis—it is always a pleasure to be in the same debate as him—made to the ISC’s ability to scrutinise. I have a huge amount of time for him, as he knows, and we have debated some of this ad nauseam, but I do say to him that I think the Government will have to come back to this process. There is no question but that the parliamentary scrutiny process through his Committee—the ISC—will add value and strengthen Government legislation going forward. Even if the Government do not want to accept new clause 2, I hope they will come back to this issue in principle and use the Committee. That can only strengthen the provisions and counterbalance pressures that may exist from companies outside.
I agree that the Bill requires our support. Its main aims include strengthening the security and resilience of the UK’s telecommunications infrastructure—that goes without saying, and all these struggles over Huawei were just part of that process; giving stronger powers to the Secretary of State and Ofcom to enforce the new duties on telecoms providers to increase the security and resilience of their networks, which is also critical; and giving new national security powers to the Secretary of State to impose restrictions on telecoms providers, which I want to come back to. Those restrictions relate to the equipment from high-risk vendors.
I and some of my right hon. and hon. Friends tabled amendment 3, which I had hoped to be coming here to debate, but clearly it was not selected. However, I will speak to the principles of that particular amendment, if you do not mind, Madam Deputy Speaker—even though it was not selected, it is here in spirit. Amendment 3 would essentially have required the Secretary of State to make a designated vendor direction for any firm that was required to hand over its data to the Government or intelligence services of a foreign country. I wanted to be specific about that—using what was already in the Bill to force the Government to go a little bit further—because I think it is necessary.
That specificity is necessary because right now we are facing a number of particular threats. There are a lot of hidden threats behind the idea that companies, particularly from China, are independent of their Government. That is simply not the case. I cannot think of a single company registered in China—not Hong Kong, but China—that is not somehow linked directly to, or indirectly to but none the less under the control of, the Chinese Government.
It is worth repeating article 14 of China’s 2017 national intelligence law, which obliges all firms to give the Government assistance in areas of intelligence and national security if requested. This quote is a translation, so it may be slightly modified, but it may be useful. Article 14 states:
“state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organisations, or citizens provide needed support, assistance, and cooperation.”
That is critical, because it requires those organisations to do whatever is required of them with regards to data transfer. It is peculiar in a way, and it would be peculiar even if it was dealing with Russia, but the fact is that it relates to China, which has a very much larger commercial base in all of these areas.
It is interesting to look back. Had other Governments, going back, further recognised the nature of what was going on, they would have seen that there is a strategic plan from the Chinese Communist party to dominate key commercial areas. For example, they own 85% of rare earth materials. Rare earth materials, as was said the other day, are the oil of the 21st century, without which we simply will not be able to operate. However, China does not stop there; it also owns the lion’s share of the world’s processing capability.
China strategically looks ahead. In telecommunications, we had 10 to 15 companies globally engaged in this area about 12 years ago, one of which was Marconi here in the UK. Today there are only three non-Chinese companies in existence that can build a 5G system. Not one of them, by the way, is in the United States; that tells us exactly how that market has been infiltrated and destroyed. People talked about market failure when we discussed the Huawei Bill. It was not market failure; it was the fact that a Government, with their institutions, had set out strategically to destroy a market and dominate it. That was one of the excuses used by my Government—that is, that we had no other option and had to go for what was there in the marketplace. Well, that has now changed, and I am pleased about that.
The amendment was necessary because, lying behind all this, is the real key, which is that these companies are not free and do not protect data in the way in which we would expect. Huawei is not alone, by the way. It is just one company, but there are lots of others—for example, ByteDance, which owns TikTok. I really question the degree to which that company owns that data now and is able to use it, and that is data on many people, particularly of our younger generation.
The requirements of the national intelligence law apply not just to Huawei and company, because those companies dominate the process that they are engaged in through dominating the data and through their use of that data, which is critical. I am pleased that, through this Bill, the Government are now demonstrating that they have absolutely got the point. I give credit to my hon. Friend the Minister, who has been honest and straight from the beginning of this process about his recognition of this particular problem.
Although that it now the case, we are but stepping tentatively in the direction of understanding these issues. I think the Trade Minister in the other place said that this Government were still determined to pursue deeper bilateral trade with China, while sanctions against many of our parliamentarians—myself included, but there are others here now—are in place. We kind of put that to one side and think that we can go ahead with trying to make these deeper relations with China, notwithstanding the fact that we also recognise that it is a remarkable threat. I simply do not understand how we square those two things and get on with it. [Interruption.] Does my hon. Friend Ms Ghani wish to intervene?
No, but I will never waste an opportunity, as it is obviously a joy to intervene on my right hon. Friend, who was asking how much deeper our relationship can go with a country that has sanctioned parliamentarians in this House for basically raising human rights abuses and security concerns.
I am getting so used to just doing what I am told by my hon. Friend when it is necessary that she only has to look in this direction and I give way to her—my apologies.
What I was really trying to get to the bottom of is that I do not think that this is feasible any longer. The Bill illustrates the dichotomy that lies at the heart of the Government’s position. We are trying constantly to talk about these trade relationships, but at the same time we recognise that the country that we are discussing them with is a totalitarian state that is guilty of what many, including myself, believe is a genocide of a whole ethnic group—more than one ethnic group. It is a state that is intolerant, that is suppressing democracy and free speech in Hong Kong, that is threatening Taiwan and India, and that has said that it is in possession of the South China sea. I could go on with that list. We can recognise the compilation of all those things and that there is a security risk, and yet at the same time in the other place we are told, “Don’t worry. We are still trying to do trade deals.”
It is quite interesting that we have reopened an economic and financial dialogue under a JETCO—a joint economic and trade committee—which was originally paused because of the imposition of the national security law in Hong Kong. The discussions have now restarted, although we did not hear much fanfare. We sort of discovered that they had restarted, but there was no announcement from the Dispatch Box that we were restarting them. There are no dates involved, but the discussions are restarting, despite the sanctions against individuals and so on, and despite our sanctions against Chinese officials—although I still wish that we could do more.
I note also that the European Union was heading in the same direction with its agreement, only now, because of the sanctions on its MEPs and so on, it has decided that it is not going to do that. I simply raise the question: if we think that this country and this Government —the Chinese Communist party, the Government of China—are such a potential threat, should we really be trying to reopen those doors, despite the sanctions that we have in place, the sanctions that they have put in place, and the very clear threat that they now pose to our security?
I simply say to my hon. Friend the Minister that I was going to move my amendment, which would have said that the Government should immediately declare many of these companies high-risk vendors by the very nature of the security law that exists in China. However, I would also say, in support of what has been said already, that the Government need to use the internal possibilities in our Parliament. We have a Committee that is cleared to the highest level of security in these areas, and it is important that we use that Committee. If the Government get private advice from the Committee about what it thinks is going wrong with their position, I think that will benefit and improve them.
I therefore ask my hon. Friend to take my amendment into consideration and to answer that point, to think seriously about how we can strengthen the Bill further and, if he can, to make the reservations of this place felt to his colleagues in Government. We are deeply concerned about trying to ride two bicycles at the same time: recognising a deep and growing threat to democracy not just here but around the world from the Chinese Communist party, while trying to beg China to do trade deals with us, notwithstanding the fact that it behaves so badly.
It is a pleasure to join you, Madam Deputy Speaker, from the far north of Scotland. Before I make two points that will be familiar to the House, may I compliment Sir Iain Duncan Smith on a most interesting speech? I afford myself a wry smile; we are where we are today, which is rather different from where we were when I attended the Westminster Hall debate in which he made the same point. I think that he would be allowed some quiet satisfaction at having changed the Government’s course as significantly as he has, because—I shall return to this point—this is about the defence of the realm.
Let me make a second initial remark, with reference to Stephen Flynn. As a former Member of a place based in Holyrood, in Edinburgh, I wholeheartedly support the notion of working with the devolved Administrations. It makes absolute sense. If we believe in the security of the realm, we all have to work together for the better good.
As I have said already, my two points will be familiar to the House. The first is that, having done the armed forces scheme, I know it is very useful in bringing elected Members face to face with the realities of the defence of this country. For me, it was something of a wake-up call. There is no doubt, as the right hon. Member for Chingford and Woodford Green said, that there are nations out there—Russia, China, North Korea and others—that do not concern themselves with the good health of the United Kingdom. We have only to look at the hijacking of the Ryanair airliner in recent days, or indeed the crime that was committed in Salisbury, to see that the actions of states can be very bad indeed for us as a country, so in some ways this whole debate is a bit of a wake-up call. We have to ask ourselves where we stand in the world, what we can do and whether we are going to stand up for what we believe is right.
The Bill has the support of my party, in that it helps to protect the vital interests of the United Kingdom and the people who live in and love our country, as we all do. The key point emerging from that is that, as others have said, there will have to be an element of co-operation with other countries that share our ideals and interests. We think of the Five Eyes countries, of our European friends and of other countries all over the globe—perhaps India, perhaps South Korea, perhaps Japan—that we could work with more closely to further the best interests of us all.
My second point—yes, I am going to talk about this yet again, so perhaps I should offer an apology to the Chamber—is on something that the hon. Member for Aberdeen South referred to: we talk about 5G in the UK, but there are parts of Scotland that do not have 4G. As the shadow Minister, Chi Onwurah, said, there are bits of Scotland where connectivity is very poor indeed. In the past, I have made the perhaps not very clever joke that in parts of my constituency, we might even be better off with two tin cans and a length of string, so there is a lot of work to be done, to say the least.
Perhaps I can make the point this way: as we come out of covid—thank God that is where we are going—we will see a tourism boost in the United Kingdom, but if the tourism providers in my constituency and remote parts of Scotland are to compete on a level playing field, surely they have to have the connectivity that is enjoyed by other businesses in other parts of the United Kingdom. That is one argument. Secondly, and sadly, there will be another pandemic one day. One of the means by which we can beat off the pandemic is by being very clever indeed, and when it comes to the provision of NHS services and so on, connectivity has a part to play in that as well in my constituency. I will rest my case there, but I believe that whatever the United Kingdom Government can do to work with the devolved Government in Scotland to get proper connectivity in my constituency and other parts—we have very few Gs at all in some parts—and to get up to 5G would be so welcome and so important to my constituents.
I will end with a point that the shadow Minister made. I very much agree with the notion that Ofcom will face considerable strain. This is about confronting the known hostile nations, but this is a changing world—it is changing ever more rapidly—and new threats and new challenges will emerge. Ofcom will have to be very nimble on its feet to deal with that, and that will require the necessary resources, so we look forward to seeing what the Government’s reply will be on that front. Essentially, this debate has been an example of Parliament changing the mind of a Government. The point that has been made about the Intelligence and Security Committee is absolutely correct. Parliament does have a role to play and I very much hope that Dr Lewis and his Committee will have a role to play in future.
It is an honour to contribute to this measured debate, Madam Deputy Speaker. I am fearful of lowering the tone, but I have been speaking to the Minister—I congratulate him on the amount of communication he has had with us Back Benchers about our concerns—and when I was thinking about how best I could sum up our dialogue, I recalled that Ronald Reagan once said:
“The…most terrifying words in the English language are: I’m from the Government, and I’m here to help.”
I think that, for a Minister, the most terrifying words are: “I’m a Back Bencher and I really am just here to help”. So without our removing the momentum, we really are here to help.
First, I need to put on record my thanks to my right hon. Friend Sir Iain Duncan Smith for tabling the amendment, which, unfortunately, was not selected today. I also put on record my support for what my right hon. Friend Dr Lewis has proposed, with the support and expertise that he can bring to the debate and legislation, and I hope that the Minister can reflect on both those opportunities down the line. There is much to welcome in the Bill, but I fear that technology can sometimes move faster than we can legislate in this country. I want to touch on two issues: one is national security and the other is resilience and diversifying our supply chain.
I will start by being very helpful as a Back Bencher. I know that the Minister may have cast his eyes on a report that I recently produced for NATO. I sit on the Science and Technology Committee and I was tasked to put together a report on science and technology threats, looking particularly at east Asia. In the report, there is a puff box that he may want to reflect on; it talks about South Korea and the amount of work that it has done in innovating and developing new technology so that it is truly resilient in its national 5G infrastructure. I believe that 85 cities will have coverage by the end of 2021, and they are not reliant on any external Government to provide them with that service, so I urge him to go away and look at what South Korea is doing and possibly see how we can become more resilient in this country.
I want to raise the subject of resilience and security because I sit on the Business, Energy and Industrial Strategy Committee and we have been undertaking a report on links back to Xinjiang. However, companies also gave evidence to us that should cause some concern for the Minister, and with regard to this piece of legislation. This is basically about companies headquartered in China that have access to data we are using or manipulating, and to algorithms we are creating here in the UK.
In particular, I want to reflect on the evidence given to the Select Committee from TikTok. We invited TikTok to come in and give evidence about its algorithms and whether it is distorting them to stop information about Xinjiang and Uyghur being out on the platform. Unfortunately, the more we dug into TikTok, the more complex and concerning it got for us.
TikTok is a media company and a platform. Most kids will have access to it, and most people here may have access to it as well. However, it has a very complex ownership structure, which is why it is important that it is reflected somewhere in the Telecommunications (Security) Bill. It is important because TikTok is a subsidiary of a global parent company, ByteDance Ltd, which is incorporated in the Cayman Islands, but there is a China-based subsidiary of the same global parent company called ByteDance (HK) Ltd.
The reason why this should be of some concern is that when we took evidence from TikTok UK’s branch, we were told that ByteDance could in no way have access to UK data and that the two things were completely separate. However, the problem is that we can legislate in this country for what we want to do to keep our country and our people’s data safe, but when a company we are working with has headquarters in China, it has to abide by completely separate sets of rules and regulations, so we end up in a two-tier system.
Let me just reflect on what a company such as ByteDance has to adhere to. I am talking about China’s National Intelligence Law 2017. My right hon. Friend the Member for Chingford and Woodford Green spoke about article 9, and I want to reflect on article 7. It states, and this has been translated into English so it may not be perfect:
“Any organization or citizen shall, in accordance with the law”— the Chinese National Intelligence Law 2017—
“support, provide assistance and cooperate in national intelligence work, and guard the secrecy of any national intelligence work they are aware of.”
Fundamentally, companies have to hand over data when they are asked, but when they are asked by another Government—say, our Government—they have to deny that they are doing it. I am concerned about how robust our legislation is today or how robust our legislation will be going forward if companies are abiding by separate sets of intelligence laws based in China.
On a similar theme, let us take a closer look at Hikvision in particular. There was a very good recent report by Reuters, which basically states that half of London councils are using Hikvision, even though Hikvision is banned in the United States. Last week, Italian media reported that Hikvision equipment in the country was “communicating with servers” in China despite being on a supposedly closed network. I am not quite sure what “communicating with servers” means, but for me alarm bells are ringing.
The points I want to land with the Minister are: how robust is the legislation we have in place for today, let alone tomorrow, and how can we ensure that the processes to legislate in this country keep pace with the threats we are facing? I suppose the fundamental point is that China has its own National Intelligence Law, which completely contradicts what we are trying to do here in the UK. Does the Minister have any thoughts about how we can ensure that our security is not undermined by China’s National Intelligence Law? What guarantees can the Government give to constantly look at, review and update this, and also to hold to account the companies we may be anxious about?
We seem to be setting up a two-tier system: one for us in the west with the countries we work with, and a completely separate system for China and the companies it wishes to work with. I fear that, unless we put down a marker, we are going to lose out to a country such as China, and I hope that the Minister can comment on that when he comes to the Dispatch Box at the end of the debate.
It is a pleasure to speak in this debate and to follow all the right hon. and hon. Members who have made contributions.
First, new clause 1 is designed to ensure that there is an obligation on Ofcom, in legislation, to report on the adequacy of its resources and assess the adequacy of the measures taken annually by telecommunications providers to comply with their duty to take the necessary security measures. Ms Ghani referred to security, and I will speak briefly about that shortly. It also requires Ofcom to assess future areas of security risk based on its interrogation of network providers’ asset registries. That does seem to me to be standard, but it is essential that there is regulation and control of these providers, on which so many of us—indeed, probably all of us—rely so heavily. The Minister may well believe that this obligation is already included in the Government’s Bill, and if that is the case, perhaps he will confirm that that is the position. If that is the case, I am sure that that will highlighted subsequently.
I have seen, during the privatisation of water services and other public bodies, that private companies have little desire to provide any more information than is legally required. They just give us the basics of what they want us to know. I believe that there is an obligation for Ofcom to actively regulate, and to do this we must provide adequate funding. To make this happen, is it a funding issue or can we legislate to ensure that they tell us all we need to know? I will consider the words of the Minister on this imperative regulatory function.
I want to echo the concerns of the hon. Member for Wealden, who comprehensively addressed the issues that concern us all. She referred to companies that have their headquarters in China and how that impacts on us here in the United Kingdom. Our duty in this House is to our citizens: to the citizens of Strangford, to the citizens of Wealden and to everyone across the whole of the United Kingdom of Great Britain and Northern Ireland, and we probably all seek assurances on these matters. Again I look to the Minister to do that in his summing up.
New clause 2 relates to the provision of information to the Intelligence and Security Committee. Does the Minister agree that it is imperative that the appropriate Committees have the right information on security matters? I am a firm believer in the need for information share. It has always been my policy to ensure that those around me in my political life, my social life and my personal life are aware of all the issues that concern them. It is also important that MPs have all the information on board. I am also a firm believer in the chain of command. This may well be due to years of part-time service in uniform; I spent 14 years as a part-time soldier. It is really important that the chain of command is in place. However, there are also times when it is in the interests of the nation that not all is revealed, and there will be a reason for some things being classified as top level only. I understand that; I often ask the police about things that have happened back home, and I say, “Don’t tell me anything I don’t need to know, but if you can tell me, and I can tell others, let me know that.”
Our job as parliamentarians is to scrutinise the Government, to hold Ministers to account and to strive for the good of the nation, and I ask the Minister to clarify why the Government do not feel that new clause 2 is necessary. Does he, for instance, believe that this is already accounted for? If it is, perhaps he could tell us the position on that. I would like to understand the rationale behind withholding information from a regulated Committee and what constitutes high-level information that should be withheld. Again I look to the Minister, as I often do in debates in this House, for a response to satisfy me that new clause 2 is not needed.
My final point relates to amendment 1 to clause 14, which proposes:
“The Secretary of State must, in the process of carrying out reviews and drafting subsequent reports, consult the appropriate ministers from the devolved governments.”
As a Member of Parliament, I have always wished to know what the devolved Administrations are doing. In my case, that relates to the Northern Ireland Assembly. When I saw the amendments and new clauses, I assumed that this provision would have been included as a matter of course. Surely it is a matter of the greatest importance—especially in Northern Ireland, which is fast becoming the capital of Europe’s cyber- security—that the devolved Administrations, and in this case the Northern Ireland Assembly, should have a full understanding of any emerging cases. I say with great respect to everyone else in this Chamber that the cyber sector in Northern Ireland is leaps and bounds ahead of other parts of the United Kingdom. Maybe only the south-east of England can match our level of advancement. We have incredible skills and staff available in Northern Ireland, and the cyber-security sector has grown greatly. So can the Minister reference the mechanism by which this information share can take place without any amendment? Can the Minister confirm that the Northern Ireland Assembly will have a key role to play in this, and tell us how that will work within the legislation before us today?
Chillingly, the head of military intelligence recently concluded that the difference between being at war and being at peace is becoming increasingly blurred. In short, Britain is under perpetual attack.
Every day, every week, there are attempts to break or breach the information and communications systems on which so much depends. The fragility of the modern world, as the resilience provided by the eclecticism of local and national means of gathering, storing and exchanging information has been eroded by global interdependence and, in particular, by technological interoperability, has left us more vulnerable to attack from hostile state actors or, indeed, other groups—serious and organised criminals. So, the need for safeguards that guarantee our security could not be more pressing or clear.
In that spirit and to that end, this legislation is very welcome. The Bill strengthens the security framework used for 5G and full-fibre networks. It will protect the UK from hostile state cyber-activity and other activity of that kind, and we need protection, because we know from the evidence that attacks from Russia, China, North Korea and Iran have been recorded in recent times. The Bill will also provide new national security powers to issue directions to telecoms providers to manage the risks of high-risk vendors. Incidentally, that extends beyond the existing restrictions—which in essence relate to the most significant parts of systems and the most sensitive areas—to all goods, services and facilities.
Just as there should no longer be any doubt about the damage done by lazy liberal assumptions about globalisation, there must be no complacency about the virtues of the suppliers of telecoms, hardware, software and services, or those who manage them. That they can themselves provide a threat to the way we communicate, to our infrastructure and to all that we now do in our country is without doubt. Indeed, I would go so far as to say that the unaccountable power of corporate monopolies is one of the most sinister features of the way we now live. That is not just my view; it is the view of the chief of MI5, who recently said that Facebook had given terrorists a “free pass” by allowing stronger encryption on its network. Mr McCallum said that social media giants’ plan to install end-to-end encryption would block hundreds of counter-terrorism investigations by the security service. He said:
“If you have end-to-end default encryption with absolutely no means of unwrapping that encryption, you are in effect giving those rare people—terrorists or people who are organising child sexual abuse online…a free pass where they know that nobody can see into what they are doing in those private living rooms.”
The effects of what Facebook are doing—I suspect they will do still more of it—will inhibit the powers of those that we mission to keep us safe. It is as simple as that, so let us have no naivety or complacency about what those organisations are about or their willingness to act responsibly. Neil Basu, the National Police Chiefs’ Council lead on counter-terrorism, echoed those sentiments. He said that if Facebook pressed ahead with its plans, it would “put privacy before security”. While Mr Basu might be confused about the institutionalised racism of the Metropolitan police, he is not confused about this—he is absolutely right.
The reality of hostile state cyber-activity is beyond doubt. For example, in 2018, the Chinese APT10 group attack on global networks, also known as Cloud Hopper, targeted a range of companies, including in the aerospace, defence, telecommunications, professional services and utilities sectors and many others. It was one of the most significant and widespread cyber-intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the whole world. I could cite many similar examples, but I think the case has already been made by other contributors to the debate, particularly my right hon. Friend Sir Iain Duncan Smith.
The pressing need for the Government, as well as ensuring that safeguards are in place, is—as their own supply chain review acknowledges—to diversify the suppliers in the market. The Government have concluded that the only way to address the risk is to introduce national security powers to allow them to
“intervene to set the conditions necessary, including by imposing limits and controls on the use of high risk vendors, so that operators can manage the risk.”
It is also important to acknowledge that without an effective diversification strategy in place, we will not have a secure network. As the ISC highlighted in July 2019, the diversification strategy is therefore the most critical action to ensure our security now and for the future. The issue of national dependence goes beyond high-risk vendors. I hope that when the Minister winds up he will say more about diversification, because our most pressing requirement is not to allow ourselves to become dependent on single vendors; the case has already been made about the existing vulnerability that Britain endures in that regard.
In support of what my right hon. Friend says, he will recall that one of the main reasons why the Government felt it so difficult to rid themselves of Huawei was that there would then be only two remaining possible suppliers, and if one of them got into difficulty, we would have total dependence on a single supplier. If we do not diversify, it really has knock-on effects: we sometimes have to improperly consider using suppliers that are really a risk to our security.
As my right hon. Friend knows, it is not only the Committee on which he and I serve that has highlighted that point; other Committees of this House have, too, and the Government themselves have acknowledged it. We really need to look at how, having accepted the thrust of his argument, the Government intend to respond. What is the action plan? I know that the Minister will have much to say about this, but my right hon. Friend is absolutely right.
This is part of a wider problem of the concentration of power in the hands of what I described earlier as a handful of unaccountable corporate monopolies. There is a curious assumption that somehow those organisations will be intrinsically virtuous, but that is simply not the case. Commercial organisations are just that: they are interested in commerce. They are not there to do what Governments and this Parliament exist for, which is protecting the interests of the whole of the people.
One thing that worries me a little is that Huawei is Chinese-owned. Nokia and Ericsson are not, but they get a lot of their kit from China, so they are not pure either. That is a worry for diversification.
It is. I referred a moment or two ago to the provisions of the Bill that extend existing powers to take account of supply chains, so the point is acknowledged in the legislation. It brings me neatly—it was not scripted, I hasten to add—to the next part of my speech, because in that process much powerful regulation is put into the hands of Ofcom. I have questions about that for the Minister as this is not territory that traditionally Ofcom has navigated. It will require a step change in Ofcom’s capability and approach to manage the additional responsibilities.
Ofcom was previously responsible solely for assuring the resilience of networks. No list of mandatory standards has previously existed and historically Ofcom produced guidance that merely directed communication service providers towards the main source of advice and best practice. The responsibilities to ensure that providers comply with the new security duties will, as I said, require a step change in what Ofcom does, given that it will now have the authority to practically assess the security practices of large telecom providers, take action where security is at risk of being compromised, and make information available to the Government and provide annual security reports to Ministers.
That brings me to the issue of scrutiny, which has been addressed with by various contributors to the debate so far. Given Ofcom’s new powers, the means by which it can be held to account becomes salient. Of course, Ofcom is accountable to Ministers, but we need Ministers to be accountable, in an effective way, to this House. There is a long debate to be had about the role of various Select Committees in that regard, and it is a debate to which I have contributed previously and the Chairman of the ISC, my right hon. Friend Dr Lewis, has already spoken eloquently. I simply say to the Minister that there needs to be a well-established and rigorous process by which the new powers can be assessed and checked not only by Ministers of the Crown but by those to whom Ministers of the Crown are accountable. Confusing accountability and scrutiny risks weakening both by obscuring the first and diluting the second.
I know, Mr Deputy Speaker, that you would not want me to conclude any speech without some literary reference. C. S. Lewis said: “Experience: that most brutal of teachers. But you learn, my God do you learn.” The experience that I have had over 25 years in the House—of being a shadow Minister trying to hold Ministers to account, a Minister being held to account and now a Back Bencher trying hold both to account—is that unless the process is right, scrutiny simply will not be effective.
I have talked about vulnerability and the recognition of the need for greater regulation. By the way, if anything, the Bill does too little. It is a good Bill and it does a great deal that I welcome, but over time we probably need to go further. I have previously drawn the House’s attention to the history of legislation affecting security here: it has typically been periodic with few big Bills having been brought to the House that became Acts concerning matters of security. But I repeat what I have said before: I suspect that over the coming years we will have more and more legislation to ensure that our country remains secure, given the dynamism and character of the threats we now face.
I end simply with this. The Bill is good work, but it is—if I might put it as generously as I possibly can to the Minister—work in progress, and I hope that during that progress we see further attention given to the issues of both diversity in the marketplace and scrutiny by this House. A fundamental requirement of Government is to protect our infrastructure and economy and, by doing so, protect our people, for in doing that we protect all our futures.
It is a real pleasure to follow some of the speeches we have heard, particularly those from the Chairman of the ISC, my right hon. Friend Dr Lewis, and from my right hon. Friend Sir Iain Duncan Smith.
I rise to support the Government, but I do so with some reservations, which largely reflect concerns that I still have as a member of the Intelligence and Security Committee. I am concerned about oversight and the scrutiny of decisions made by the Department for Digital, Culture, Media and Sport that will have an impact on national security. The issue is growing as commercial companies get more and more involved in such matters. The Government’s current view is that DCMS, Ofcom and the Digital, Culture, Media and Sport Committee could probably watch over these matters. Yes, they probably can, but I am not so sure.
The Bill says that when a Secretary of State issues, varies or revokes a designation notice or a designator vendor direction, he or she will lay that before Parliament—good, so far—except in cases when that would be
“contrary to the interests of national security” or when there were details prejudicial to commercial interests. Those might be excluded from documents laid before Parliament. What? That could mean that we parliamentarians had no oversight whatever of such activities. Are we really going to be debarred from such knowledge?
I wish now to highlight a few of the problems that I foresee—not just because I am a member of the ISC but because I have handled highly classified information in the past. As we have heard, the Committee of Parliament that has regular access to top secret—and above—information is the Intelligence and Security Committee. Its members are subject to section 1(1)(b) of the Official Secrets Act 1989. Have I got that right?
So we on the ISC are subject to section 1(1)(b) of the Official Secrets Act 1989, and, whatever side of the House we sit on, we have all been appointed to the Committee by the Prime Minister with that in mind. However, not every Member of Parliament or Clerk has signed the Official Secrets Act—some have, but many have not. Obviously, I am not being personal about colleagues because a lot of them can keep secrets far better than I can: as my wife says, I have a big mouth. Okay—but I do keep secrets of the state, Minister.
ISC Clerks have something called developed vetting security clearances, but not all DCMS Committee Clerks would. Developed vetting security clearances require the individual concerned to undergo a lengthy and somewhat intrusive investigation—some of the questions are appalling. Assuming that DCMS Clerks were to have such developed credentials and were able to handle top secret material in hard copy, such as documents that need to be secured in security-accredited lockable cabinets within a security- accredited office, anything with a top secret grading on it or an IT system with such grading would need to be accredited and checked out very carefully.
May I also raise the matter of meetings where top secret material is discussed? I may be wrong, but I do not think there is such a meeting room in the Palace or in Norman Shaw—[Interruption.] Sorry, I meant Portcullis House—I have only been here 11 years. A room with clearance would be required even for us to be able to look these documents, store them or discuss them. I do not think it is a secret that the ISC cannot meet here—we have to meet somewhere else. We go to a place that is accredited and checked, where documents can be stored and to which our Clerks have ready and easy access. All discussions concerning such a level of security take place in that room. We are not allowed to write something down and walk it out—everything has to be left there, unless it is specifically on a certain kind of paper and we are informed of that very strictly.
The product of ISC investigations can be laid before Parliament only after a redaction process with the intelligence agencies and confirmation from the Prime Minister that nothing in them might breach national security, so I think it would be rather difficult for the DCMS, Ofcom or the Digital, Culture, Media and Sport Committee to be able to oversee top secret material produced by the Department and still obey national security rules. In short, we parliamentarians might not have oversight of some key decisions made by Ofcom and DCMS. That can work—I have no doubt the Minister will say that—but we could be blindsided. The Government think otherwise at this stage, and I am prepared to accept that promise, but this might quickly run into difficulties when classified material has to be examined by people from Parliament who are specially selected to do it.
In summary, I repeat that I will be supporting the Minister—of course I will, as I am loyal, just like a dog—but it does not stop me raising a flag of concern. There will always be problems around these matters. I hope that that will not be the case but I would not be surprised if, as my right hon. Friend the Member for South Holland and The Deepings has said, we are only at the start of a process and we have to revisit this shortly.
Finally, may I apologise, Mr Deputy Speaker, as I do not feel great and I am a bit dizzy, so my voice is not the usual? I am going to sit down now.
It is a great pleasure to follow my eminent right hon. Friend Bob Stewart—if only I were as good.
As the final Back-Bench speaker this afternoon, it is incumbent on me to be supportive of the Government, which of course I am, and this excellent Bill. We are where we are today for two reasons. First, it shows that the Government do listen to Back Benchers. Secondly, the Bill is a pretty good bit of work and it ticks the box, as indeed it should. As defence and national security become ever more virtual and online, it has never been more important to secure our lines of communication, both domestically and internationally, with our allies. I urge all Members to consider the notion of strategic independence, which we have spoken a lot about during the covid crisis. As we go forward, it is really important that we aspire to be able to operate autonomously as a global nation alongside our allies.
I believe that the Bill is important for three reasons. First, it will allow for better security both domestically and internationally. It kicks out the high-risk vendors from our network—what’s not to like? Secondly, it placates our allies. New Zealand, Australia, the USA, Canada and others were quite noisy when Huawei was originally admitted to our network, so let us hope that this will placate them, cement that relationship and, perhaps in time, even enable us to admit Japan and other close allies. Thirdly, it opens the door for other 5G providers to come in, which is a good thing, and I support the UK’s diversification strategy.
Having sat on the Committee for this excellent Bill, it is a pleasure to see it back here on Report. The Bill takes forward the Government’s commitment to the UK telecoms supply chain review, introduces a new security framework, amends the Communications Act 2003, introduces new security duties, brings new powers to the Secretary of State and strengthens Ofcom’s regulatory powers, allowing it to enforce the new framework. That is all very positive. It also introduces new national security powers for the Government to impose, monitor and enforce controls. Again, that is a positive step.
I am pretty happy with the Bill as it stands, but in the interests of objectivity, I will talk to a number of the new clauses and amendments. On new clause 1, the Government are aware that the Bill gives Ofcom significant new responsibilities, and it will need to increase its resources and skills to meet those new demands. Ofcom’s budget is approved by its independent board, and the Minister has today confirmed that the budget limit set by the Government will be adjusted to allow Ofcom to carry out new functions effectively. Ofcom is already engaged in this space—we are already proactively looking over the horizon and scanning for future threats—so I am happy that the Government have got this about right.
New clause 2 would ensure that the Intelligence and Security Committee of Parliament is provided with information relating to a designated vendor direction. I am sympathetic to this, but the Government know what they are doing. As the Minister said, the ISC’s primary focus is to oversee the work of the security and intelligence agencies. Its remit is clearly defined in the Justice and Security Act 2013, so the Bill is not the appropriate place to achieve an overall enhanced role for the ISC.
I am sorry to have to reiterate this point. There are other ways in which our concerns could be addressed, such as by adjusting our memorandum of understanding, rather than putting it on the face of the Bill, so I am with my hon. Friend as far as that is concerned. However, it is very clearly within our remit to oversee not only the agencies but those parts of other Departments where highly classified information is concerned. That is just a matter of fact—it is in the agreement between us and the Prime Minister.
I empathise with my right hon. Friend’s view, and I agree that he has a point. My position is the same as the Government’s: I do not think that this Bill is necessarily the vehicle through which we should look at the future of how the ISC operates. I am a keen follower of the ISC and its output. Its work is eminent, and my right hon. Friend’s point is well made.
Let me cement that point but also perhaps offer an olive branch to the Minister, if I might be so bold. If the Minister, when he sums up, were to make a firm and binding commitment that he, for example, and others will appear before the ISC at our request to be scrutinised on these and other matters, that might go some way—not the whole way, but some way—to assuaging doubts and fears.
New clause 3 requires the Secretary of State to report on the impact of the Government’s diversification strategy on the security telecommunications network and services, which of course they will do, so I agree that the Government do not need to be dragged back to the Dispatch Box on this. Again, I am with the Government on new clause 3. I can see the merits of amendment 1 on consulting with the devolved nations, which, of course, again, the Government will do. National security, as we know, is a reserved matter under the devolution settlements in force, so, again, I am happy that the Government have got this right.
On amendments 2 and 3, the Government have every intention of seeking the advice of the UK security and intelligence services, in particular the National Cyber Security Centre, so again, while the amendments have merit, I am completely with the Government on this.
In conclusion, my sense is that the new clauses and amendments that we have discussed today do have merit, and I note that the Minister has noted them. Again, we discussed these issues at length in Committee. It is a good Bill and I will be voting it through this evening.
Before I call the Minister, may I say that I am anticipating three Divisions, on new clauses 1, 2 and 3? If there is to be an additional vote, I would like to be informed so that I can call it, but I understand that there are going to be only three Divisions.
I thank all those Members who have contributed to the debate today. It is an important debate because digital connectivity is an integral part of all our lives. For countless people across the country, having fast and reliable broadband and a good mobile connection is vital to our way of life, but for us to truly reap the benefits of the gigabit-capable broadband and 5G, we need to have confidence that they are secure and that means securing the networks on which they are built, the supply chains on which they depend, and the equipment and services that support them. The Bill demonstrates clearly the Government’s commitment to ensuring the security and resilience of our telecoms networks.
Let me turn to the new clauses and amendments. I shall start by addressing new clause 1. As the UK’s communications regulator, Ofcom already plays an important role in ensuring the ongoing security and resilience of our networks by enforcing the current security duties under the Communications Act. This Bill will build on that experience, giving Ofcom new responsibilities and a range of new powers. What the new clause would do is require it to publish an additional statement as part of its annual report. Happily, I can reassure hon. Members that the Bill already has various reporting mechanisms included within it. Under the new and snappily named section 105Z, Ofcom will need to regularly report to the Secretary of State. Subsection (4)(a) makes it clear that that report must include information on the providers’ compliance with the duties imposed on them by the Bill.
Ofcom will also need to report on telecoms security in its annual infrastructure report, and clause 11 specifies that this should include information on the extent to which providers are complying with their security duties under new sections 105A to 105D. The Secretary of State will also need to regularly report to Parliament on the effectiveness and impact of the new telecoms security framework.
On the final point in the new clause of Chi Onwurah about publishing information on emerging and future security risks, that is not of itself necessarily the most productive way of handling security risks, but the principle that she is trying to get to is very much part of what the Government are seeking to do and, of course, it would be part of what we intend to make sure that we talk about as much as we can within the bounds of national security.
I turn specifically to budget and resources. The hon. Member has set out her concerns about Ofcom’s access to resources and capabilities. It is an issue that my right hon. Friend Sir John Hayes also touched on. I can tell the House today that Ofcom’s security budget for this financial year has been increased by £4.6 million on top of its current security budget. This funding will allow Ofcom to more than double its headcount of people working on telecoms security, ensuring that it has the necessary capability and capacity to deliver its new responsibilities under the Bill. The hon. Member for Newcastle upon Tyne Central is aware that I have written to the Intelligence and Security Committee about that security resourcing. It was at a level that I cannot go into on the Floor of this House, but I hope that provides the kind of reassurance that she seeks.
Specifically on the future risks that I alluded to a moment ago, we have ensured that the Bill is looking to the future. For example, clause 12(3)(b) amends Ofcom’s information-gathering powers under section 135 of the Communications Act to ensure that it can request information from providers concerning future developments in their networks that could have an impact on security and, when reporting on security, Ofcom must include any information that assists the Secretary of State in the formulation of security policy, allowing him or her to make an informed decision about what should be published as well in due course.
New clause 2 has been the subject of the majority of this debate, and rightly so. One of the phrases used about the ISC was that it adds value; this Government do not dispute for a second that it adds huge value, and I welcome the tone with which the Chairman of the ISC, my right hon. Friend Dr Lewis, has approached this. I appeared before the ISC with some trepidation, as is probably appropriate for all Government Ministers, but it was a hugely productive part of this process and something that I am more than happy to do again. I do not think that my right hon. Friend necessarily thinks that piecemeal changes to the ISC’s role are the way to pursue what he seeks, but the annual report that he has mentioned will certainly be looked at closely by the Government.
I am very happy to agree with what the Minister has just said. It would not be necessary to keep trying to put these provisions on the face of each individual Bill every time a new unit is set up in a different Department, or a new duty laid on a different Department, if it could be agreed with the Government that the memorandum of understanding would be adjusted as it is meant to be adjusted when these changes occur. However, sadly, no Front Bencher has yet been able to give us an assurance that that is going to happen, and I know that the Minister will not be able to do so, either.
As I say, I am sure that my right hon. Friend will make that point in the annual report, and the Government will look closely at it. However, Members can take some comfort from the fact that much of the advice in relation to the more sensitive technical and national security matters within the scope of this Bill will be provided by the National Cyber Security Centre, and its activities already fall within the scope of the ISC, as my right hon. Friend knows. However, I welcome his approach to this, and I hope that his mechanism, rather than that of new clause 2, will be the one he will support today.
I turn to the last of the new clauses tabled by Opposition Members. New clause 3 aims to include the diversification strategy in the scope of the Bill. Diversification is crucial to the future of our UK networks, which is why the Government set out their plans to diversify those networks in the 5G diversification strategy in November 2020. That strategy includes steps to invest in research and development, to remove technical and commercial barriers to entry for new suppliers, and to increase our influence in standard- setting bodies—all issues that my right hon. Friend the Member for South Holland and The Deepings and others on the ISC are keenly aware of the importance of.
We are pursuing a huge range of different mechanisms to enable diversification, because the Government are fully committed to ensuring that their strategy comes to fruition. However, the diversification strategy moves the whole market forward by broadening the supplier base in many ways that are beyond the security measures that are the purview of this Bill, including increased innovation and competition and the overall growth of the telecoms supply mechanisms.
To give the House an idea of some of the non-legislative measures that we are already pursuing, they include the investment in R&D development facilities such as the National Telecoms Lab and the SONIC—SmartRAN Open Network Interoperability Centre—lab that is jointly at work with Ofcom. We are also working to remove barriers to entry for vendors such as by co-ordinating the sunsetting of legacy network technologies, working internationally to co-ordinate diversification objectives, and exploring the use of commercial incentives to address the cost of incorporating new suppliers into a network.
I asked a question to do with the Northern Ireland Assembly and how cyber-security in Northern Ireland will be protected. Can we have an assurance on the Floor of the House today and through Hansard that that will happen?
I will come on to the devolved aspects in amendment 1 in a moment, but it is of course vital that we continue the collaborative relationship with the Northern Ireland Executive and with the Welsh and the Scottish Governments as well.
The Bill places security requirements on individual operators. They are hugely important, but they are not diversification requirements on the Government’s national scale. Defining diversification in legislation would be limiting in a hugely rapidly evolving market. I know that the hon. Member for Newcastle upon Tyne Central understands the need for agility, and putting what she proposes into legislation would run counter to that ambition.
On the devolved Administrations, amendment 1 would require the Secretary of State to consult Ministers from the devolved Governments when reviewing the impact and effectiveness of clauses 1 to 13. As Stephen Flynn noted, telecoms is a reserved matter under each of the devolution settlements. I say that, however, in the full knowledge that a constructive and close working relationship with each of the devolved Governments is hugely important, be it in Project Gigabit, in the shared rural network, or indeed in matters such as this. I look forward to that collaboration continuing; it will drive forward our connectivity.
I turn briefly to the amendments that were not selected. My right hon. Friend Sir Iain Duncan Smith has spoken passionately about these matters, both privately and publicly. I do not want to go into a huge amount of detail on amendments that were not selected, but I simply say that the actions the Government are taking in the Bill speak powerfully for themselves.
On the specific matter of issuing designation notices to vendors headquartered in other countries, it is important to consider not just whether the kinds of laws that my right hon. Friend mentions exist, but how the Government in question intend to use them. A friendly democracy may, as indeed many do, have laws that would enable it to yield information and data from companies headquartered within their territory. The conduct of such a Government, and our relationship with them, may reassure us that they would not use those powers to do harm to the UK, but there are other cases where Governments that have these laws have acted contrary to the national interest of the UK in the past. As we set out in the illustrative notice for Huawei, there is a law in China that enables the Chinese Government to collect information from companies headquartered within its territory. As the Foreign Secretary has stated, we know that the Chinese state has in the past used its power to undertake malicious cyber-activity. The designation notice that I mentioned demonstrates how the Government could take those sorts of laws into account when exercising the powers that are already in the Bill.
I thank my hon. Friend Ms Ghani for her work on the NATO Science and Technology Organisation. We very much welcome her preliminary draft report. I would like to express the Government’s commitment to deepening our co-operation with partner nations such as Japan and the Republic of Korea.
I thank all hon. Members on the Government Benches, and indeed on the Opposition Benches, for their constructive engagement throughout this debate. This is an important Bill that enjoys strong cross-party support, in the main. The sooner we can pass it, the sooner we can set about the crucial work of ensuring that our public telecoms networks are secure and resilient. I commend the Bill to the House.
This has been a very well-informed debate. I am sorry if my own digital connectivity did not enable my contribution to be heard as perfectly as it should have been, but I hope we have corrected that.
There were many excellent contributions from both sides of the House. It is important to note that the House is in quite rare agreement on a number of questions regarding the Bill, particularly on the importance of national security. The representatives of each of the parties in the debate—the hon. Members for Aberdeen South (Stephen Flynn), for Caithness, Sutherland and Easter Ross (Jamie Stone) and for Strangford (Jim Shannon), and the Minister himself—shared support for the primacy of national security and recognition of the importance of our telecoms networks in our national security, and I was pleased to listen to their contributions. I thank the Minister for his response and for the tone in which the debate has been conducted.
However, I will say briefly, with regard to new clause 1, which seeks to ensure that Ofcom has the skills and expertise needed to undertake its new duties in the midst of all the other responsibilities that Parliament is asking, as well as reviewing future provision and threats to the network, that the Minister’s comments on the increase in the cap on Ofcom’s budget did not begin to address our concerns. We have, effectively, a snapshot of the financial resourcing available now. The new clause seeks to ensure that we have an understanding of the resourcing as it continues—as threats evolve in the future—and particularly that we are able to look forward to new and evolving threats on the basis of a thorough understanding of the assets in each network operator’s network.
Indeed, Sir John Hayes emphasised the step change in the requirements of Ofcom that the Bill represents. The Minister implied that Ofcom would be able to do everything requested in the new clause when it comes to looking at asset registers, for example. I simply do not understand his reluctance to put that in the Bill, given the important role that Ofcom is to play in our telecoms security. I am afraid that I do not feel that he answered my points on new clause 1.
On new clause 2, members of the Intelligence and Security Committee—its Chair, Dr Lewis; Bob Stewart; and the right hon. Member for South Holland and The Deepings—eloquently articulated many of the arguments for why the ISC needs to be part of the scrutiny of this Bill. Indeed, the right hon. Member for Beckenham was particularly detailed in his description of the very room requirements for assessing national security issues. Having worked at Ofcom, I know its rooms very well, and I do not think that they meet the requirements that he set out.
It is worth noting that the ISC was one of the first parliamentary organisations to raise issues around Huawei, back in 2013. It seems very wrong that it should be excluded from involvement in scrutinising how the Bill is implemented, given that it is the only parliamentary grouping with the appropriate security clearance. Although I appreciate the Minister’s constructive tone, I do not think that he answered the questions raised or sufficiently justified the Government’s aversion to ensuring a process for ISC scrutiny, so I will press new clause 2 to a vote.
Finally, the most complex of our new clauses is new clause 3, which would ensure that the diversification of our telecoms networks was achieved as a prerequisite for their security. We heard from Sir Iain Duncan Smith about how telecoms markets have been constructed to enable the consolidation and monopoly power of particular players, and particularly Huawei. Unfortunately, he did not go on to say how in the Bill the Government would deliver on a UK sovereign capability, but he was absolutely right about how the market has effectively failed.
Ms Ghani used her experience on NATO’s science and technology committee and on this Parliament’s Business, Energy and Industrial Strategy Committee to encourage the Minister to truly examine our network resilience. New clause 3 is designed to ensure the ongoing ability to examine network diversification and resilience.
We heard from the right hon. Member for South Holland and The Deepings about the impact of the unaccountable power of monopolies. Again, since the Bill does not mention a diversification plan or diversification strategy, we cannot see that it will do anything to address that issue. James Sunderland said that the Bill supports network diversification. I know that that is the intention, but without our new clause I cannot see how it will actually achieve it.
The Minister reiterated the diversification plans, which are not a plan—as I set out, they have no detail and no action. As for his attempt to explain why the Government have omitted from the Bill any reference to diversification, I have to say that I found it entirely incomprehensible. It was as if referring in the Bill to diversification would limit the meaning of diversification; if that were the case, we would be unable to refer in any Bill to many of its intentions or outcomes.
I remain convinced, and there is agreement on all sides of the House, that we need to ensure that diversification of our telecoms supply chain goes hand in hand with ripping out Huawei and reducing our dependence on the two remaining providers. It is very important that we take this opportunity to change the Bill so that the diversification of our telecoms networks is an integral part of Ofcom’s reporting on the progression of those networks, so I will also press new clause 3 to a vote.