Product Security and Telecommunications Infrastructure Bill - Second Reading

– in the House of Lords at 3:16 pm on 6 June 2022.

Alert me about debates like this

Lord Parkinson of Whitley Bay:

Moved by Lord Parkinson of Whitley Bay

That the Bill be now read a second time.

Photo of Lord Parkinson of Whitley Bay Lord Parkinson of Whitley Bay Lord in Waiting (HM Household) (Whip), The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

My Lords, Her Majesty’s Government want the UK to be a science superpower. Two key planks in achieving this are security and digital connectivity. The UK already influences and shapes global cyber standards and we have committed huge investment to counter cyber threats and to meet our digital infrastructure targets. Back in 2016, we invested £1.9 billion to bolster our cybersecurity, setting up the National Cyber Security Centre and investing in economic resilience, innovation and skills. Now we have gone further, with an additional £2.6 billion being invested over the next three years. The National Cyber Security Centre has stopped 2.7 million online scams in the past year alone, and the new National Cyber Force will proactively counter cyber threats that we face.

Our investment in innovation has seen more than 40 tech unicorns—that is, start-up businesses now valued at over $1 billion—grow outside London, with 100 more in the pipeline. We have invested significantly in superfast broadband, bringing it to 97% of premises, and are now driving investment in gigabit broadband, with over 68% of premises now able to access this technology. But we need to keep investing in emerging technologies to secure ourselves against future threats and realise the opportunities of a digital economy. Monthly broadband use has doubled in four years and continues to rise every year. Cyber threats are proliferating and technology is not always secure by design. That is why we have introduced this Bill.

We want to fulfil our commitment to delivering faster digital connectivity and to ensure that, as we grow, our technology is secure. The Bill will facilitate the extension of futureproofed gigabit-capable broadband and 5G networks, and improve the protection of people, networks and infrastructure from the harms caused by insecure consumer-connectable products. I will start with the telecommunications measures, explaining why they are necessary and what their intended effect is. Following this, I will turn to the product security measures and outline why it is important to consider digital infrastructure and cybersecurity in conjunction.

The Government are committed to delivering digital growth by building a stronger, more connected and more secure UK. This is even more vital as we build back from the pandemic. We have seen rapid growth in the availability of gigabit broadband, from less than 11% of homes and businesses at the end of 2019 to more than 68% today, but, to deliver much-needed connectivity, we must have a legal framework which encourages and enables the deployment of digital networks.

To that end, we are making good progress through a package of measures. Last year we passed the Telecommunications Infrastructure (Leasehold Property) Act to address one of the key barriers to the deployment of gigabit-capable broadband in blocks of flats. We have also committed to legislate to mandate gigabit connectivity in new-build homes. These regulations will be laid as soon as parliamentary time allows. We continue to work closely with the Department for Transport to ensure that street works support deployment of broadband while protecting the road network.

We are working with industry to support its investment and have committed £5 billion of public funding to ensure that no part of the United Kingdom is left behind. We aim to reach a minimum of 85% gigabit-capable broadband coverage by 2025 and to get as close to 100% as soon as possible. We have also agreed a £1 billion deal with the industry to deliver the shared rural network, which is already delivering improved 4G coverage across the UK. The operators and the rest of the industry remain confident that their combined coverage is expected to be delivered to 95% by the end of 2025. We also aim for the majority of the population to have 5G coverage by 2027.

To improve connectivity, in 2017 we implemented reforms to the Electronic Communications Code, which regulates installation agreements between landowners and telecommunications operators. Some noble Lords here today will have been involved in the scrutiny of that legislation. The aim was to make it easier and more cost effective for digital networks to be installed, maintained and upgraded. However, there is still more to be done. We need to go further to realise the Government’s ambitions for digital connectivity and levelling up.

The Bill before us will update the Electronic Communications Code, among other pieces of connected legislation, to deliver these ambitions. Specifically, the Bill aims to optimise the use of existing infrastructure. It encourages collaborative relationships between telecommunications operators and site providers. It gives operators the ability to obtain new rights, which will enable them to take advantage of new technologies and pass the benefits on to customers. It builds on previous measures to tackle the issue of unresponsive landowners and ensures that the price paid to host telecoms apparatus is calculated in a consistent way across the country, preventing a digital divide.

Making optimum use of existing cable and fibre networks has a key role to play in upgrading services and increasing competition. The Bill introduces a new automatic right for operators to upgrade or share apparatus installed before the 2017 reforms. This will be subject to specific conditions to ensure that it will not adversely affect landowners. The measures have been considered carefully to deliver significant benefits to the public while ensuring that there will be little impact on landowners.

Furthermore, the Bill rationalises the way in which expired code agreements are renewed. Currently, an operator has to use one of three different statutory renewal routes. The Bill ensures that, whichever route an operator uses, the terms of the renewed agreement will more closely align with the code as it was reformed in 2017. As a result, there will be greater consistency in how agreements are renewed across the UK.

Making better use of existing infrastructure through upgrading and sharing, and a more consistent and efficient renewal process, will not only improve digital services but reduce the need for new installations. This means less disruption from street works and fewer mast installations in both rural and urban settings, which I am sure will be welcomed in all parts of your Lordships’ House.

We are also introducing measures to facilitate greater use of alternative dispute resolution when parties are negotiating the terms of an agreement to install telecommunications apparatus. This is to ensure that disputes are resolved more quickly and cost-effectively, and that litigation is used only where absolutely necessary. We anticipate that this will encourage constructive dialogue between network operators and potential and existing site providers. It will address situations where landowners may feel compelled to accept terms offered by operators by giving them alternative means of resolving disputes without the need for lengthy and costly litigation.

Finally, in situations where landowners are not responsive, we are creating a new court process. This process will provide a quick and inexpensive route for operators to gain time-limited rights to access certain types of land. Again, these measures have been developed to strike the balance between protecting landowners and ensuring that everyone across the UK has access to reliable and quick digital infrastructure.

I turn now to the product security provisions in the Bill, since the demand for faster broadband is driven by the increasing number of devices we are all installing in our homes. Increasingly, we are streaming more programmes on smart televisions and using telephones and tablets for video calling; half of all homes have a smart speaker, smart watches continue to rise in popularity and smart doorbells and cameras are appearing on every street. The average UK household now has nine internet-connected devices, and over 50% of all UK households purchased an additional consumer connectable product during the pandemic.

With this increased ownership and use of consumer connectable products, there comes a heightened risk of cyberattacks. Cybercriminals have taken advantage of consumer vulnerability during the pandemic, and increasingly target consumer connectable products. In the first half of last year alone, we saw 1.5 billion attacks on connectable products—double the figure of the year before. Thousands of people in the UK have been victims of cyberattacks, leaving many with significant losses of money or private data. As we have seen recently, cybercriminals can now use compromised connectable products to attack large infrastructure. In 2016, the Mirai attack disabled internet access across much of the east coast of the United States of America; we still see variants of Mirai-using botnets attacking businesses and infrastructure today. We have made significant progress to develop the UK’s cybersecurity to tackle threats such as these. In 2018, the Government published a code of practice for manufacturers to improve the security of consumer devices. The UK is a world leader in this area, and our code has since been used by Australia and India, among other countries.

Of course, this progress needs to keep up with the ever-evolving cyber landscape—hence the need to legislate now to ensure that our people and networks are better protected. Taken together, the telecoms and product security measures in the Bill work to create a reliable fast broadband network, and to support the growth of more secure consumer connectable products. The Bill will enable the Government to specify mandatory security requirements to ensure that manufacturers, importers and distributors of smart devices work harder to protect consumers from cyber risks. These requirements will be set out in regulations and are supported by experts, industry and our international partners, with whom we continue to work closely to ensure that everyone is well aware of the initial three requirements.

The first is a ban on universal default passwords. Too often, consumer connectable products come with an easy-to-guess password; this makes them vulnerable and risks compromising a user’s privacy and security. The second is that a manufacturer of consumer connectable products must have and maintain an accessible vulnerability policy, obliging them, as a minimum, to receive and respond to reports of security issues in their products. This is important to ensure that manufacturers can be made aware of, and quickly address, any shortcomings in their products, and to foster good practice to protect society as a whole. Finally, manufacturers will be required to be transparent about the minimum length of time for which a product will receive security updates. This should enhance consumers’ awareness, enabling them to consider the security of products before they purchase them and, in so doing, foster market competition towards enhanced security update periods. Where those three security requirements have not been complied with, businesses will not be allowed to make these products available in the UK. We will be able to monitor, investigate and take enforcement action where necessary.

These are the first steps towards a change in the security landscape for consumer connectable products. We have created this Bill to reflect the need for resilient and adaptive measures to protect consumers and our vital infrastructure. Both the product security and telecoms infrastructure measures in the Bill will be of benefit to the public. We have brought the Bill forward to ensure that, as our digital infrastructure evolves and as we become more connected to the internet, we protect consumers from the dangers which come with this. I hope that noble Lords from across your Lordships’ House will support the Bill, and I look forward to discussing it in detail as we scrutinise it.

Photo of Lord Fox Lord Fox Liberal Democrat Lords Spokesperson (Business, Energy and Industrial Strategy) 3:29, 6 June 2022

My Lords, the Product Security and Telecommunications Infrastructure Bill is another snappy portmanteau Bill from this department—or perhaps I should say, in sporting parlance and in deference to the department, it is legislation in two halves. As we heard from the Minister, it is the second half that has attracted most attention in the Commons and, frankly, from the various lobbying organisations—and it is easy to understand why. Bringing connectivity to a reasonable level across everywhere in the United Kingdom is an aim I am sure all noble Lords share in this House, as do all the MPs at the other end. However, as the Minister alluded to, there are balances that need to be brought into play when we bring this objective forward.

I shall start with the first part of the Bill, the security bit. As the Minister outlined, it is designed to enable us to face up not just to the present but to the internet of things or the network of everything, safe in the knowledge that our appliances are safe from hacking. It is not a future problem, as the Minister outlined: it is with us here and now. The consumer organisation Which? very clearly brought this to bear. It tested a range of devices, from baby monitors to smart speakers, with its ethical hackers and found 37 vulnerabilities with those test devices, including at least a dozen rated as “very high risk” and one as “critical”.

At the heart of this problem is that some of these products may have had inadequate security against threats in the first place, or that they have not been effectively upgraded by the manufacturer during the life of the product, which is why they are at risk of being hacked, as the Minister well knows. The Bill is supposed to make provision to enable the Government, via regulations, to require manufacturers, importers and distributors to make sure that their consumer-connectible products meet some minimum standard of cyber requirement before they are placed on the market. This is the problem that I face with the Bill: the majority of this part of it will come through secondary legislation, so it is hard to see at this point the Government’s objective for consumer rights.

I have looked through the Bill—I have tried very hard—and neither the Long Title nor the text of the Bill sets out what a consumer might reasonably expect from consumer-connectible products in their house. What might they be able to expect through the life of that product in terms of security and hacking? Assuming that there is no such thing as absolute security, following the implementation of the Bill and all its, as yet, unseen statutory instruments, what level of security should the UK consumer reasonably expect for their household, and what is their recourse in the event that that is not met?

The Government’s response appears to be a sort of micromanaging process—for example, as the Minister set out, mandating password protocols. The Government are, in essence, pitching the ingenuity of the department and the support that the department gets against the ingenuity of the criminals and hackers and, to a large extent, micromanaging how those device manufacturers respond to that threat. In a sense, that absolves them of being the innovators; it absolves the manufacturers of responsibility for delivering a security rather than meeting a requirement set out in a statutory instrument. In short, they will need only to follow the letter of the process that the department comes up with through its statutory instrument rather than deliver a level of security. In the view of this Bench, there ought to be a minimum standard of security that consumers can expect. From our perspective, we are looking at the wrong end of the telescope with this legislation. At the very least, there should be an up-front clause that sets out what that minimum expectation should be. Then, rather than micromanaging it, it would be up to the supply chain to deliver security, which would be a legal expectation.

That takes us to the subject of policing. Assuming that the Bill stays as it is, I am interested in Chapter 3, on enforcement. Once again, the meat of this provision awaits secondary legislation. The Secretary of State is responsible for enforcement, but it is not clear to me how she will do it. Perhaps the unit will do this and perhaps a new unit will be set up in the department. Could the Minister explain how enforcement will be managed in light of the 20% reduction in departmental head count being enforced on all departments by the Chancellor of the Exchequer? There will be 20% fewer people to do, yet again, a bigger job. Unless the Minister can set out a plan for enforcement, it is safe to assume that consumers in fact will not be safer when the Act comes into play.

Turning to the infrastructure part, as the Minister said, the Government’s commitment is for there to be a minimum of 85% gigabit-capable broadband by 2025. The Levelling Up White Paper of course talks about maximum coverage later on. The Minister talked about there being 100% coverage as soon as possible. What does that mean in reality—or does it mean nothing? The Minister also spoke about a majority of the country having 5G by, I think, 2027. Does that mean 51% or a larger number? There are lots of parts of the country still chasing 4G, never mind 5G. Can the Minister use this Second Reading to update us further about—and perhaps set out in writing—where the country is in implementing both gigabit and 5G across the whole country, rather than use a percentage? To give a percentage of users is slightly misleading because there are less well-populated areas where users remain very much underserviced. I also ask the Minister to update your Lordships’ House on progress in eliminating Huawei hardware from the 5G network. We are interested to know where that is going and when it might be achieved.

As I expected, the Minister portrayed this legislation as a vital piece in meeting the installation target but, before we get to that, can he tell us how the other pieces are going? As I have said, my recent travels to Devon, Cornwall and my home county of Herefordshire indicate that network coverage remains poor at best and is sometimes not there at all. Given that these are some of the more rural parts of the United Kingdom, I take that to be the standard that most rural communities are surviving through. What extra is being done to get better coverage in these places, rather than focusing on the big numbers—the big conurbations, cities and towns? To date, the evidence suggests that this is not successful. It seems to me that the issues in the Bill are not the issues preventing this happening.

The Bill is about access—I think the Minister was a Whip at the time of the last pass on this. Somewhere in the dog days between two of the Covid lockdowns, my noble friend Lord Clement-Jones and I were climbing through the niceties of multiple-occupancy access and wayleaves in the then Telecommunications Infrastructure (Leasehold Property) Bill—another of the Minister’s snappy Bills. Perhaps this should be the starting point. The Minister mentioned it today but, taking that previous Bill as a template, when it comes to access, what worked and what did not work? I get a sense that access is piece of string that the telecoms operators will keep on pulling for ever, so what has sparked this new Bill, and what did not work under the previous ones? Their briefings seek to raise this as a key issue, but is that really the case? Is the lack of access that I described earlier the overwhelming impediment to the rate of installation, or is it something else? Is it perhaps the rate of investment, the skills available or the capacity to do so many projects overall? I suggest that all three are key elements in the rate at which the installation we need is happening. Can the Minister balance those issues with the issue of access, which is the only issue being addressed in the Bill?

Changing access regulations is also an opportunity to drive down costs. If they are being passed on to consumers, that is no bad thing—but are they? Speed Up Britain, a cross-industry organisation, is campaigning for the Government to close the loopholes—very much in the way that they are—and points to benefits. Other campaigners highlight a potentially catastrophic drop in income faced by local community organisations and local authorities in the rent-to-host infrastructure, such as mast licences, which was caused by the last Bill and will be further enshrined by this Bill; those campaigners estimate up to a 90% drop in income. In a meeting, the department puts the fall at around 60% to 65%. Either way, this is a big fall in income for, say, a local football club.

So who is benefitting from the drop in operational costs? Many of the mobile towers are now owned and operated by towercos which sit between the landowners and the telcos. I suspect that changes in the use of shared apparatus, as heralded by this Bill, will drive more of that intermediate role for towercos or similar. Are these towercos passing the savings through? To date, I think it is very hard to see that consumers have seen any benefit from that fall in cost.

The other delicate balance that has to be weighed carefully is the role of BT Openreach and the need to foster genuine competitivity across the sector, rather than having a collection of niche operators and a 500-pound gorilla. Can the Minister please tell your Lordships’ House how the market for full-fibre and gigabit-capable broadband is currently split, and what analysis his department has of how that will be affected or otherwise by this Bill? There is a possibility that the nature of the changes proposed in the Bill will disproportionately benefit the dominant player in the market, so that analysis will be very important.

As we have said, there are two parts to the Bill: there is a serious danger that the second half activates a series of unintended consequences, while I fear that the principal danger in the first half is that it has very little consequence at all. We look forward to working with the Minister on improving the Bill in Committee.

Photo of Baroness Harding of Winscombe Baroness Harding of Winscombe Conservative 3:42, 6 June 2022

My Lords, I support the Bill. This is very technical legislation, but technical does not make for unimportant, even today. In fact, my experience in business is that it is in the detailed technical and operational delivery that businesses succeed or fail—and when it comes to building national infrastructure, the same is true.

The strategy is relatively easy. I spent seven years as the chief executive of a telecoms company and, during that time and in the five years since, I have not found any community, business or politician who wants a different outcome. Everyone wants ubiquitously available, safe to use, affordable and, above all, high-speed connectivity at home, at work and on the move, on an ever-increasing number of devices, everywhere. The direction of travel is not up for debate. What is are the technical details to get us there as effectively as possible, which is what this Bill is about. As technical and detailed as it may be, it is none the less extremely important. It is in the shaping of these detailed laws and regulations that we determine whether we have the effective digital connectivity that we are all so agreed upon.

I am supportive of both parts of the Bill and will speak very briefly on the first half, which, as the noble Lord, Lord Fox, said, is, I suspect, less contentious. I will then speak in more detail about the second half.

I am pleased to see in Part 1 a clear framework for regulating the security of connected devices. I have been involved in a related area of digital regulation—child internet safety—for over a decade, and that experience has taught me that it is necessary to put regulation on to a legal footing. For far too long, technology companies have tried to persuade us that self-regulation is the right route for the digital world, yet we are seeing in every area of digital, as here, that self-regulation leads to no regulation and that we need to do our job as legislators and set the rules of the game. The digital world is really no different from the physical world, where responsible capitalism works best when we set legal guardrails and encourage commercial creativity and innovation within them. As such, I welcome Part 1.

Turning to Part 2, even those stakeholders concerned about it are united in their agreement that enabling the rapid and effective build-out of mobile and fixed digital connectivity is an essential part of modern society. The devil really is in the detail here. I believe the Bill strikes the right balance between protecting property owners’ rights and the broader benefits to the whole of society of speeding up the delivery of faster connectivity.

Again, we should take our cues from the physical world. The Government are right not to move away from the changes in valuation methodology made in 2017, bringing telecoms infrastructure in line with other much older physical utilities, and right to extend this approach to renewals. I appreciate that this has meant a material reduction in rent, but as telecoms matures, surely it is fair to consumers, and ultimately landowners, to treat it in the same way as other essential utilities.

It is also important that, wherever possible, we enable rather than restrict competition in the building of these telecoms networks. When I first came into the industry in 2010, BT was not investing at all in building full-fibre networks. For the best part of a decade, the UK lagged behind many other countries because BT preferred to upgrade its copper, in large part because there was no credible threat to its Openreach-monopoly copper infrastructure. We are in a very different position today, with several alternative fibre providers building scale networks, which is providing consumer choice and spurring on Openreach to invest. It is in the detailed changes to telecoms regulation that this has been made possible; among other things, by forcing Openreach to make its ducts and poles open to alternative providers.

This physical infrastructure access—or PIA, to those of us in the industry—is a very important ingredient in speeding up the rollout of fibre broadband. It has enabled competition, which in turn is driving investment. As currently drafted, the Bill extends the effectiveness of PIA by allowing the sharing of existing ducts under private land, which will significantly speed up and extend rollout, and resolves the anomaly of different rules for cable duct infrastructure if built before or after 2017. However, it is not clear how telegraph poles are treated. This is where the detail starts to really matter. I ask my noble friend the Minister to clarify that operators cannot only lay cable to a telegraph pole and string fibre in the air between poles but can roll fibre up the pole itself. That may seem obvious, but if we do not get this sort of detail right in regulations, you cannot build the connectivity.

Another key area where we need to be careful about protecting competition is in access to multiple-dwelling units, or MDUs. I have huge sympathy with Members of the other place who have proposed amendments aimed at making it easier for Openreach to fibre-enable blocks of flats where it is having trouble contacting landlords. It is so important that we do not exacerbate existing non-digital inequalities in the digital world, which is exactly what happens when the fibre rollout goes past blocks of flats in many communities across London and other cities.

But—and it is a big “but”—there is a very big difference between the cabling in multiple-dwelling units and the ducts and poles in rural areas. Ducts and poles are now part of the PIA regime I mentioned earlier, so competing fibre providers can all use them. Openreach’s existing copper cables in multiple-dwelling units are its to use alone, so relaxing the rules for Openreach in MDUs such that it does not need permission from the landlord to upgrade to fibre is not only an extraordinary power of entry—one we do not even give the police—but gives Openreach a huge competitive advantage. Tempting though it might be in the short run, relatively recent history shows that embedding an infrastructure provider’s monopoly—in fact, embedding this infrastructure provider’s monopoly—is never good for consumers in the end. I encourage my noble friend the Minister to resist similar amendments should they be brought to this place.

With the not inconsiderable challenges our economy faces as we emerge from Covid, we need detailed supply-side changes such as this Bill that will help drive growth across the country via digitally enabled, safe, secure and competitive markets. As such, I am pleased to support it.

Photo of Lord Vaizey of Didcot Lord Vaizey of Didcot Conservative 3:50, 6 June 2022

My Lords, it is a delight to follow my noble friend Lady Harding, and a great pleasure to be in the Chamber with her. When I was a Minister, I worked closely with her when she was the chief executive of TalkTalk, so it will be enjoyable to respond, to a certain extent, to some of the points she made.

I begin briefly by outlining my interests. I work as an adviser to a US bank called LionTree, which has advised a UK alt-net provider called Hyperoptic. I am also, amazingly, the patron of the Institute of Telecommunications Professionals. I have no idea how that came about, as I know nothing about telecoms and I am not a professional. I was also chairman of Speed Up Britain, which is one of those lobby groups that the noble Lord, Lord Fox, pointed out in his remarks. It competes against Protect and Connect in trying to persuade your Lordships to take alternative views on how to reform the Electronic Communications Code, but I am no longer its chair; I just wanted to put that in context.

But, obviously, the reason I wanted to take part in this exciting debate—which is really where the action is today—was because of my six years as the Minister for Broadband, where I suffered the slings and arrows of outrageous fortune of people constantly telling me to hurry up and deliver exactly what my noble friend Lady Harding was talking about, which is what everybody wants: ubiquitous broadband everywhere, for as many devices as possible. It was a hard slog, but we made progress.

Like everyone else who has spoken, I will take the Bill in two parts. Starting with product security, I do not think this is a controversial part of the Bill, so it can be skimmed across relatively quickly. I doubt that there will be any amendments to it at all; it is a necessary piece of legislation in an age of digital technology where cybersecurity is at the forefront of our minds. We know that the Government recently published their national cybersecurity strategy. To give this Government, and recent previous Governments, credit, they have invested absolutely correctly in cybersecurity, both at the national security level and in encouraging businesses to take cybersecurity seriously, so the Bill is very welcome.

Like all other noble Lords who may be taking part in this debate, I have read the briefings that have come in to me from both Which? and a company called NCC Group, and they all seem to make extremely valid points which may well be worth exploring in Committee. For example, Which? has suggested that online marketplaces should be covered so that products that are sold on them reach a minimum standard; that there should be a minimum time period in which a company guarantees to update the software on a connected device; and that connected devices fall within consumer rights law. NCC Group has suggested that there should be some form of third-party verification of online devices to ensure that they are compliant. That seems eminently sensible. It also has a minor obsession, which I cannot really understand, with e-scooters, so my simple question to the Minister is: is an e-scooter a connectable consumer product? I think it probably is, but they can of course be hijacked and the brakes put on remotely. A very interesting and worthy point of debate is the amendment to the Computer Misuse Act to see whether there is a public interest defence to ethical hacking. Those are just some points to put on the record which I would be willing to explore with other noble Lords in Committee, should they be minded to table amendments.

But let us now turn to telecoms infrastructure, where I carry the scars on my back, as it were. In fact, it is probably my fault that we are here debating this at all, because I was in charge of the first reform of the Electronic Communications Code. But as he has not made it to this place yet, let me firmly blame Oliver Letwin for everything that went wrong there, because the minute he got hold of it, it became an All Souls seminar, and it took about three years to get it through Whitehall. However, we did deliver some changes. I make no apology for the changes that were made because, at the time, obviously, the relationship between the infrastructure provider—whether it was a mobile infrastructure provider or a fibre infrastructure provider—was very unequal with the landowner. If you wanted to get your mast or to lay some fibre across somebody’s land, the landlord had all the bargaining chips in their bag, and—quite rightly, of course—they extracted generous rents to provide for their land.

Contrary to what some people may think, the telecoms business is not overly lucrative. For example, the margins for mobile telecoms providers in this country are about 1% or 2%; it is a very fiercely competitive marketplace. In fact, my noble friend Lady Harding is partly to blame, because TalkTalk has ensured that the prices that consumers are prepared to pay for broadband and mobile phones are far lower than you would be prepared to pay on the continent. It is a relatively low-margin business, and there is no doubt that the high rents that landowners were charging were hindering the rollout of infrastructure.

There is an argument—and Protect and Connect put this—that the pendulum swung too far the other way when the Electronic Communications Code was reformed and rents dropped far too precipitously but, if I had to take a side, I would much rather lower rents and investment in infrastructure and quicker rollout than the higher rents that were in place before we reformed the Electronic Communications Code. The simple fact is that if we want mobile and fixed connectivity, it is all about the planning. The technology is actually a complete sideshow; the real pain is getting the planning. I will go off on a slight tangent here. The extraordinary lack of joined-up thinking in many local authorities is a wonder to behold. I was talking to a mobile phone company the other day which, obviously, wanted to put in small 5G masts and was told by the lamp-post department of a London council that the lamp posts were not to be touched, so the lamp-post department was stopping the other departments in the council fast-forwarding 5G in the local authority area.

I was lucky enough to get full fibre broadband in my small village in Oxfordshire, Sparsholt. I wonder how that happened. I pay tribute to Craig Bower from Oxfordshire County Council—I am sounding a bit like an MP here—Martin Crutchley from Openreach and local resident Maia Sissons, who got everyone in a row. I saw over the five to 10 days how much planning, extraction, digging and so on had to take place to fibre up simply a rural hamlet of 100 homes. That is happening all over the place. Whether it is a TalkTalk, CityFibre or Openreach engineer, we are very lucky to have people doing this work. It is difficult, time-consuming and takes a great deal of planning.

If we are to move forward, we must keep that in focus, which is why I would support amendments on the points to do with both telegraph poles and multi-dwelling units. I am told by Openreach that a letter has gone to the Minister setting out a way by which telegraph poles may be brought into the scope of the Bill, which is a very exciting development. If that way can be found, I would certainly support an amendment that would allow telegraph poles to be upgraded. Again, just as a point of interest, in both my home in London, in Shepherd’s Bush, and my home in Oxfordshire, the fibre cables are delivered on a telegraph pole, so telegraph poles are important. Openreach says there are something like 1 billion miles of fibre on telegraph poles all over the country.

I part company with my noble friend Lady Harding on multi-dwelling units. This goes to the heart of some of the issues to do with infrastructure rollout and a problem I had when I was the Minister. I was constantly berated for putting all my eggs in the Openreach basket and asked why I was not fostering competition and all these extraordinary alternative providers, such as TalkTalk and CityFibre, which could really hold the candle to BT Openreach and really take it on. Funnily enough, when broadband came to my village in Oxfordshire, I was alerted by an provider, and I rang the provider up. I said, “I would love to get broadband from you: I will go through the front door.” It said, “No, sorry, it was a mistake. We put the flyer in but, actually, we’re not interested in fibering up your village.” If you want as much connectivity as quickly as possible to as many homes as possible, you have to put Openreach at the centre of your strategy.

It is a misplaced intellectual argument to say that Openreach cannot upgrade multi-dwelling units where there could be many people living on low incomes who will depend on digital connectivity because, somehow, it is anti-competitive. I also think it is a slightly spurious argument to say that Openreach has greater powers than the police to enter your premises thanks to this legislation. It is not as if someone from Openreach is going to get into your flat and make themself a meal of spaghetti Bolognese while it busily upgrades the telecoms infrastructure in your multi-dwelling unit.

We all know that getting hold of, identifying and getting a response from landlords in multi-dwelling units can be extremely difficult. Making a simple upgrade to increase the connectivity for dozens of people living in those flats seems eminently sensible to me. The argument that it will prevent alt-net providers providing fibre rollout has long since gone. Only yesterday, CityFibre raised £5 billion in debt to continue its expansion. The fact is that alt-net providers have very rich pickings in central parts of our urban environment, whether it is London, Manchester, Bristol, Newcastle or anywhere else where they can put their networks into flats. Where I live, in Shepherd’s Bush, we have had three or four fibre providers digging up the road, one after the other, because they know that it is a competitive enough environment for them to put in an investment.

My next point was mentioned in, I think, the speech from the noble Lord, Lord Fox; although I am obviously not the chair of Speed Up Britain, it is quite clear where my sympathies lie. It is worth pointing out that Protect and Connect is supported by what is known as a land aggregator, an invention from the US, where so many of these clever financial wheezes are invented. It buys up the land where mobile sites are—a sensible business approach—and so ends up having thousands of sites all over the country. It is then clearly in its commercial interests, but frankly not in the interests of UK plc, to ensure that the rents extracted from those sites are as high as possible.

I urge noble Lords to get behind this Bill. I will certainly look at supporting amendments to make it easier to upgrade existing infrastructure in multi-dwelling units. I also hope that my noble friend Lady Harding and I can work together on the specifically denoted “telegraph pole amendment”.

I want to finish on one important point. It is now traditional in these speeches for me to lavish extraordinary praise on our Minister. I note that I have not even mentioned him so far in my speech. In conclusion, therefore, let me say how pleased I am to see the Minister on the Front Bench. I do not know how long he will be there, given what is happening across the way—he may be our Prime Minister in a week’s time, voted in by application—but to see this Renaissance man move from Raphael to Open RAN, from Modigliani to mobile and from Botticelli to broadband is always a wonder to behold. I look forward to his concluding remarks.

Photo of Lord Hunt of Wirral Lord Hunt of Wirral Conservative 4:02, 6 June 2022

Wow. My Lords, may I first draw attention to my interests as set out in the register, in particular as a partner in the global commercial law firm DAC Beachcroft.

It is a privilege to follow my noble friend Lord Vaizey of Didcot, who has accomplished a tremendous amount in the area we are now discussing. I pay tribute to him. Whether or not I express some dissatisfaction with having to agree to cookies, which I think had something to do with him, I must acknowledge that, as he stressed, access to reliable, high-quality telecommunications infrastructure is now an essential service. This has never been felt more keenly than in the past two years, with so many of us being reliant on our mobile and broadband connections to work from home and connect with our loved ones.

The intention of the reformed code in 2017, as my noble friend Lady Harding of Winscombe explained, was to bring rents in the telecommunications sector down so that they would be more in line with other utilities such as gas, power and water. The explanation to the noble Lord, Lord Fox, as to why things went wrong is simply this: the market had become inflated and leasing arrangements ever more complex, leading to a significant and deleterious impact on improvements in connectivity. The code, as it stands, is just not working, so the proposed modifications in the Bill are to be greatly welcomed. I just want to concentrate on telecommunications infrastructure.

Under the current system it seems that, too often, operators and landowners are left with little choice but to argue over technical legal points of interpretation, which comes at a cost to both sides in terms of the financial and wider impact of dealing with formal litigation. I have to say that this is of great benefit to solicitors and professional advisers, but benefits no one else.

We have also seen, as my noble friend Lord Vaizey just pointed out, the emergence of large-scale and well-funded intermediary landowners, who he described as “land aggregators”, opportunistically buying up thousands of leases with a view to leveraging them for their own profit. A significant number of the technical legal arguments that seem to be emerging over the existing code are the direct consequence of their intervening influence as they seek now to resist the new valuation regime.

The emergence of this sector is all about profit and, as far as I can see, serves no useful social purpose whatever. I am reminded of the claims management companies—other noble Lords may also recollect them—that sought to create a compensation culture until they were effectively regulated. The market has created this situation, which others are seeking to exploit. Such behaviour undermined then and now undermines civility in society.

The purpose of these further modifications to the code, as I understand them, is to try to avoid these pointless skirmishes by simplifying and clarifying the statutory regime and by ensuring that every existing telecommunications installation has a clear and relatively straightforward road to renewal and a consistent basis of valuation. Without these modifications there is a real risk that existing sites will have to be removed and an application to rebuild them made, with all the consequent costs and delay of removal and reinstatement, as well, of course, as the break in coverage for the end users—in other words, unnecessary cost and inconvenience all round. That would make a mockery of the stated intention of the code and these modifications, which is to speed up connectivity.

I stand between my noble friend Lord Vaizey and the Minister, to whom a lot of tributes have been paid. I echo them, but the Minister now has a heavy responsibility to justify our faith in him. As he knows, I believe that further tweaks to the drafting may be needed to ensure that the intention to speed up connectivity is crystal clear in the Bill and, in due course, the Act. We must not miss this golden opportunity to get the code into good order so that the focus can rightly be on building world-class infrastructure and connectivity, as opposed to further endless litigation and delay. I therefore strongly support the Bill and look forward to participating in all its stages.

Photo of Baroness Hodgson of Abinger Baroness Hodgson of Abinger Conservative 4:08, 6 June 2022

My Lords, it is a pleasure to follow my noble friend Lord Hunt. I begin by thanking my noble friend the Minister for introducing the Bill so ably today. I declare an interest: I was on the Select Committee for the Rural Economy and through that connected with Openreach, which kindly provided us with broadband in our home in the country.

I have to confess that I am no tech expert, and I recognise that there are many speaking today in this debate who have far more expertise than me. However, I wanted to speak today because I recognise that this is a very significant Bill which has the ability to make important changes and a real difference to so many people. Today, technology is central to our world. We all need to be connected—it is hard to function without that. However, it is not just about being connected but being able to access fast, reliable and secure broadband and mobile phone connection.

Connectivity is key to today’s world, whether it is for running a business, for children’s learning or for being socially connected. We have to have secure connectivity. I should think that most of us have received emails through a friend who has been hacked, asking for money. We need to prevent malign access to emails, contacts and files, whether they are personal, corporate or government. The importance of all this has been heightened by the pandemic, with many people now choosing to work from home and having meetings on Zoom, Teams and similar programs. If they do not have good, fast connections, they are at an enormous disadvantage.

Although I understand that connectivity is reasonably good in most urban areas of the UK, country areas are often less well served. So, as part of the levelling-up agenda, it is important that we ensure that all households that wish to be connected are able to be, and that it is possible to run a business from the depths of the country in the same way as it is for those who live in a town or city. However, just being connected is not enough. We have all suffered when broadband is down, or when it is going like a snail and everything takes for ever. Therefore, it is important that, through the Bill, we support full-fibre deployment in town and country alike.

I understand that the Government have set a manifesto commitment on the UK’s broadband connectivity, aiming to reach 85% of homes by 2025. Openreach tells me that its ambition is to pass 25 million premises with full fibre by December 2026, including at least 6.2 million properties in very hard-to-reach areas. I understand that, so far, it has reached 7 million homes and businesses, including more than 2 million in hard-to-reach areas, so in five years it aims to treble this. However, as we have all heard, one of the particular challenges it faces is in securing wayleaves. I understand that the Government have recognised this and, after consulting on the Electronic Communications Code, have proposals in the Bill to amend the regulations.

Fulfilling Openreach’s goal is not just about new connections; it will need to upgrade some of its existing infrastructure. Although the Bill will amend the ECC to retrospectively add automatic upgrades to existing wayleave agreements, it crucially limits these only to apparatus that is installed underground, and it is more restrictive than the existing provisions for upgrade rights within the ECC, which would apply to new wayleaves it agrees.

As we have heard, these changes will not help deliver upgrades to full fibre to blocks of flats, nor help in rural areas where most of the network is built overhead on poles—I absolutely hear what my noble friend Lady Harding said about going up the poles as well. However, although I understand that there is a debate to be had about the rights of property owners, we are talking about properties where wayleaves have already been granted. Again, I absolutely take my noble friend’s point about competition, but surely it is a balance between competition and quick rollout. For me, the pendulum swings to quick rollout.

Thus, in its present form, this Bill is surely missing an opportunity to really turbocharge the rollout of full fibre to deliver the manifesto commitment. In welcoming the Bill, I hope that consideration will be given to retrospectively apply automatic upgrade rights to existing wayleaves, in line with those that already exist in the code. Through this Bill, I hope that we can help everyone across the UK, including all those in remote areas, to access fast, secure and reliable broadband.

Photo of Lord Holmes of Richmond Lord Holmes of Richmond Conservative 4:14, 6 June 2022

My Lords, it is a pleasure to follow my noble friend Lady Hodgson and to speak in this Second Reading debate, so perfectly introduced by my noble friend the Minister. There can be no levelling up without universal high-speed connectivity that is safe, secure, reliable and available 24/7, like power, energy and water.

If our citizens do not have the skills, comfort or confidence to interact, transact and feel safe and secure online, we can lay as much fibre and have as much connectivity as possible, but we still will not optimise all the economic, social and psychological potential across the nation. At this Second Reading, will the Minister briefly set out in his response what the Government are doing on digital inclusion, which is so important? It is often caricatured as the soft element of this, but it is critical if we are to get the benefit of what is seen as the hard part of it—not the least of which is the fibre which we are discussing today.

Similarly, does this Bill offer us the opportunity to look carefully and reconsider the Computer Misuse Act and the provisions therein? My noble friend Lord Vaizey asked about this. The Act was passed when there was no internet and no smartphones, and the computers of 1981 looked, felt and operated very differently from everything we have in our pockets in 2022. There are many issues within the Computer Misuse Act and many of them are finely balanced. This seems an opportune moment to see whether we have the balance right and whether we are giving everybody who we rely on to keep us safe and secure online everything that they need. Will the Minister give us his views on the Computer Misuse Act?

On the Bill, many of the issues I was going to cover have been extensively and beautifully covered, not least by my noble friends, but I shall touch on a few. When it comes to an individual living in a block of flats, it cannot be right that she or he is in a materially different and potentially disadvantageous position compared with someone who is living in an individual dwelling. On the rural versus urban debate, will the Minister say more on how the Bill will ensure that there are not disadvantages wherever one resides? To echo many of the points that have been raised, I am tempted to say that if it looks like a duct and it works like a duct, we can certainly have shared services through that duct, as the Bill provides. When it comes to poles—one million of them, largely over rural England and urban Scotland—there cannot be a different approach by the very nature of how that fibre goes across the land and comes into all of our, hopefully well-connected, devices.

On the timing of negotiations around wayleaves, how will the potential differences between the provisions in this Bill and those set out in the TIL be resolved with, in some circumstances, a difference of six years as against 18 months? What is the situation on fragmentation around wayleaves? How will the Bill resolve those issues, which are often at the trickiest end of the wayleave debate?

Finally, I welcome this Bill, as have other noble Lords, and I intend to take part in all stages and get alongside many of the amendments that will be put down. We have a unique opportunity to connect our nation and enable individuals, citizens, communities and companies to be connected safely and securely and able to interact and transact for economic and social good. I welcome the fact that the Minister is leading this Bill. I think we would all agree that with his sartorial elegance and political eloquence he is a highly connected, smart device.

Photo of Lord Bassam of Brighton Lord Bassam of Brighton Shadow Spokesperson (Digital, Culture, Media and Sport) (Sport), Shadow Spokesperson (Business, Energy and Industrial Strategy and International Trade) 4:20, 6 June 2022

My Lords, I feel that I am trespassing in this debate—on this rather light-hearted blue-on-blue banter over the way there—but I fear that I ought to join in because this is an important and necessary piece of legislation and, like several of the Bills in the Queen’s Speech, it has been much delayed and is long overdue.

For the most part, we on these Benches support the Bill and wish to help it on its way to the statute book. However, we have concerns over its effectiveness and in places we think that it is wrong and in need of amendment. Part 1 of the Bill, as the Minister set out, relates to powers to introduce mandatory security requirements for consumer connectable products such as smartphones, smart televisions and connected speakers. Historically, the UK has relied on European law to help regulate security requirements. We are now in a position where we are likely to follow where the EU leads on product security. What surprises me is that the Government have been so slow to make progress with their own legislation, given how increasingly important cybersecurity has become.

The other obvious and important point is that, given how quickly technology is evolving in this field, we are always likely to be playing a form of catch-up with legislation. I wonder, therefore, whether the eloquent Minister tell us what plans the Government have to future-proof the legislation, apart from relying on bringing forward regulations following on from the Bill. For example, is work being undertaken with tech companies and manufacturers to anticipate changes to products that will change or weaken, in any way, current levels of cybersecurity? Given that the Government consulted in 2019 on introducing mandatory security requirements for connectable products, and given that legislative proposals were consulted on in 2020, do they think that the current list of products is right, and will they be keeping those excluded under review?

We particularly welcome the move to bring forward a ban on default passwords, a requirement for products to have a vulnerability disclosure policy—whereby security weaknesses in a product are identified and notified—and the requirement for transparency about the period for which a manufacturer will provide security updates for the product. However, I wonder what guarantees consumers will have that these policies will be adequately policed and that enforcement will be effective. Will additional resource be committed, and how quickly will this regime be introduced? Surely the failure of the 2017 code suggests that action is needed now if product security is to be taken seriously.

Part 2 of the Bill covers the rollout of sites to extend and improve the digital network—something that we are all signed up to—and to ensure that it is capable of delivering digital connectivity to a level and standard which a modern economy demands. The Government’s approach so far raises questions about their judgment on the balance of power between landlords providing sites for installations and the network providers. Clearly, something is not right when companies can almost unilaterally determine the level of rent that they are prepared to pay for sites, regardless of earlier agreements. We are not convinced that the arrangements set out in the Bill get the balance right. Landlord-tenant relationships are complex matters, subject to laws that are often open to wide interpretation. What appears to be missing here is a process for dispute resolution that takes into account the original agreements and accurately reflects the value of the site to the network providers. We will no doubt, with others, seek to probe this during the course of the Bill, ensuring that principles of fairness and equity are properly written into the legislation and, in particular, that the many charitable and sporting organisations that benefit from rental income are not disadvantaged.

This is legislation worthy of support from these Benches and, like others who have been involved in the debate this afternoon, we look forward to bringing forward practical changes and improvements to the Bill which will ensure that, when it is on the statute book, this legislation is effective and assists in rolling out our digital connectivity in a way which will greatly benefit our society. We are happy to engage in that process.

Photo of Baroness McIntosh of Pickering Baroness McIntosh of Pickering Conservative 4:25, 6 June 2022

My Lords, I add my congratulations to my noble friend the Minister on so eloquently and effectively introducing the Bill. I, for one, will welcome anything that can improve connectivity, especially in rural areas. Not only is it a fact that local businesses are being held back from participating in and improving the rural economy, but there can also be safety aspects, particularly as regards mobile networks in rural areas where no phone boxes exist and there is a very poor mobile signal.

It is absolutely vital that a high standard of rural connectivity is achieved. Improving digital connectivity in rural areas will boost the rural economy and allow farmers to create jobs, improve their productivity and make full use of new technology to further reduce the environmental impact of food production. But, at the same time, the Government need to get the balance right between making it easier for telecommunications companies and operators to obtain the rights to acquire new sites for digital infrastructure, and to upgrade and share existing sites, and the rights of landowners. As a number of noble Lords have expressed this afternoon, this is an area where the infrastructure is largely borne in rural areas; we have to keep the landowners onside and ensure that the rights they currently enjoy are not reduced.

Will my noble friend therefore look at investigating why, when a number of telephone operators have put masts in very challenged areas of connectivity such as the North Yorkshire moors, these masts are not operational? That is surely extremely wasteful and frustrating, not just for the shareholders and those who have paid to have the masts put in place but even more so for the local residents who are unable to use them. I can give my noble friend and his department examples of this. Will he take this opportunity to investigate to make sure that this will stop immediately and that those masts will be put to good use straightaway in those areas that, he has accepted, are the remaining 5% hard to reach?

I pay tribute not just to my noble friend the Minister but to my noble friend Lord Vaizey, who was a star turn as a witness when I chaired the Environment, Food and Rural Affairs Select Committee. I hope we did throw too many brickbats at him—he acquitted himself extremely well—but his evidence went to show how many obstacles still remain in place. I accept that the Bill is the next in line to improve those, but I thank my noble friend for taking the opportunity to share his expertise with us at that time. I will not go on to say what the fortunes of the chairmen of that Select Committee have turned to, given recent events since I left that position.

There are issues in the Bill that I will wish to explore as it progresses. One of those is the balance between operators and landowners that other noble Lords have alluded to this afternoon. Perhaps it has shifted too far in the interests of the former, to the detriment of the latter. I have heard that the interests of the consumer have been quoted. When the Government looked to introduce the 2017 Electronic Communications Code reforms, changing the way in which new sites were valued, they stipulated that landowners should be paid based on land value, not market value. The Law Commission at the time advised against that change, arguing that it would lead to a fall in rent for landowners and therefore a c in the number of agreements reached between landowners and operators to host digital infrastructure.

Its prediction was absolutely correct. Rents offered to landowners are up to 90% lower for new or renewal agreements made under the new 2017 valuation scheme. Before that code came into force, landowners assessed hosting mobile phone masts in the same way as they would other diversified activity. The rent to be received and terms of the agreement are carefully built into business models or other financial plans such as a pension or loan. For the most part, I would hazard a guess that this is affecting private, non-commercial landowners and farmers in a way that was simply not anticipated.

As the 2017 code has resulted in fewer new sites being agreed due to much lower rents being paid by operators, I urge my noble friend the Minister to look at this and not to bring further renewals under the new code, but to leave them under the Landlord and Tenant Act 1954. I would certainly like to explore that as the Bill proceeds through this place. Has my noble friend received representations to this effect, and will he give us an undertaking this afternoon to address this as part of the passage of the Bill?

I would like to flag up to my noble friend another concern about why operators are not moving from calculating rent based on land value to market value, to which I just referred, and whether this will be the barrier to hosting future digital infrastructure on private land—a fear I share.

The Bill includes an alternative dispute resolution mechanism, which I welcome, but I ask my noble friend: why is using it optional for operators? Currently the Bill does not properly address the imbalance between the resources of operators—which seem to have limitless resources to contest a disagreement before the tribunal—and landowners, many of whom find resisting a claim before a tribunal simply beyond their means.

I end with my noble friend’s opening reference to the increasing existence of and potential for cyberattacks. I witnessed one in North Yorkshire on a company which, sadly, was not given any helping hand from the Government. It was advised not to pay a ransom but was told that if it did not pay the ransom, it probably would not have its systems back in place. Is there any opportunity through the Bill to extend more help to companies to ensure that any such future attacks will see more assistance offered to address the cyberattack and help companies get their systems back without paying a ransom? I think it ran into millions when it was the clothing company FatFace.

Many cyberattacks operate below the radar and do not enter the public domain for very good reason—because it is not good for business. Obviously, if a company is not insured before the cyberattack, it will certainly not get insurance after a cyberattack. I hope my noble friend will look favourably on a plea to ensure that more assistance is given, to prevent not only cyberattacks but the payment of ransoms when they happen.

I shall support the vast majority of the Bill, but I will be raising all these issues through it. I look forward to ensuring that my noble friend and his department will act as smartly as the devices we are hoping to use.

Photo of Lord Arbuthnot of Edrom Lord Arbuthnot of Edrom Conservative 4:33, 6 June 2022

My Lords, for a technical Bill, this has been a fascinating and most enjoyable debate. I am lucky follow my noble friend Lady McIntosh, whose comments on the rural economy are always of genuine importance. The Bill addresses two important matters, both arising from market failures. The first is the security of the internet of things. That is what I want to concentrate on. The second, a highly polarised dispute between mobile providers and landowners, has been dealt with by noble Lords much more expert than me.

I will therefore concentrate on the internet of things, which opens up huge opportunities and huge vulnerabilities. I declare my interests as chairman of the Information Assurance Advisory Council, chair of the Thales UK advisory board and chairman of Electricity Resilience Ltd. I am also on the advisory panel of the Electric Infrastructure Security Council in the United States.

For a long time, I have hoped that we might be able to come up with a security solution driven by market forces. How wonderful it would be if the market required product manufacturers to make goods that were secure—actually, if the market required companies to have a secure and resilient infrastructure of governance. If anybody could come up with a business plan to achieve that, they would be able to name their price for it, but experience shows us that this is an area of market failure. A company that spends little money on secure products or secure practices is able to sell those products or services more cheaply than those that take security and resilience seriously. Therefore, this is a field in which the Government have to help so that every product manufacturer has to be put on a level basis and everyone can block a hole in our collective security that would otherwise invite attack from malign actors.

These vulnerabilities are indeed serious. A blogger named Jeff Jarmoc once said:

“In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.”

I am not sure whether internet-connected toasters exist and I cannot think why anybody would want one, but the point remains. The internet is fundamentally insecure because its security model is end-to-end. It was supposed to be a basic tube for a research network for a small group of trustworthy experts—a tube connecting smart devices—but it expanded too far and too fast, and many devices attached to the internet today are not smart at all. Even when they are smart, users can undo their security with unsmart passwords including the ones assigned at the factory and contained in the instruction booklets, which are available online.

There is a problem here. Mankind will do almost anything for convenience. In the Bill, which I very much welcome, we need to cater for those moments when multiple engineers will need to have access to an internet-connected system. They will need to know what to do when something goes wrong, and often they will need to be quick about it to avoid disaster. Without the Bill, often a default password would be the solution to that problem; with the Bill, organisations will have to come up with new ways of addressing it. We also need to cater for that large mass of the population who are neither expert nor in the slightest bit interested in security. Why would I buy a secure internet-connected toaster if I know nothing about security and can get a cheaper one that is not secure?

I note the Government’s intention that

“manufacturers and others should implement a security vulnerability disclosure policy to ensure that such weaknesses are monitored, identified, rectified and reported to stakeholders”,

but I am not sure this works. GDPR, another welcome bit of legislation, to which my noble friend Lord Hunt referred briefly, requires companies to tell you what their cookies are doing, but how many of your Lordships read the terms and conditions you sign up to regularly? I do not, and I bet that not even my noble friend Lord Vaizey reads them. We need the products themselves to be secure by design, in exactly the same way as cars nowadays make it easier for the driver to drive safely.

I make one final point, raised with me by the CyberUp Campaign, and touched on by my noble friends Lord Vaizey and Lord Holmes. The vulnerabilities that I have been talking about mean that cybersecurity researchers need to be encouraged to look for and disclose those vulnerabilities. The Government’s response to the consultation on these proposals mentions the importance of legal certainty for these security researchers. But the CyberUp Campaign suggests that, without a statutory defence in the Computer Misuse Act—and I remember taking part in Committee during the passage of that Act more than two decades ago, in another place

A noble Lord:


Photo of Lord Arbuthnot of Edrom Lord Arbuthnot of Edrom Conservative

Three—well, that is also more than two decades ago. Cybersecurity researchers can still face spurious legal action for reporting a vulnerability to a company. They cite as an example Rob Dyke and his civil legal battle with the Apperta Foundation. They suggest that the Government should go further to reform the Computer Misuse Act and put in law a basis from which cybersecurity researchers can defend themselves. I should be grateful if the Minister, who introduced this Bill with such eloquence, could, in winding up, say something about the Government’s thinking on this.

I welcome this Bill and look forward to its further progress in your Lordships’ House.

Photo of The Earl of Devon The Earl of Devon Crossbench 4:41, 6 June 2022

My Lords, I, too, welcome the Bill and I look forward to adding a Cross-Bench voice during its passage through this House. While my principal focus will be on Part 2, I offer a few thoughts on Part 1 and product security. As an IP and technology litigator both in California and here, I have represented a number of consumer electronics firms in both jurisdictions, and I am aware of the remarkable technological opportunities presented by smart technology and the internet of things, as well as the risks inherent in such ground-breaking technology being admitted into our homes, our most private and domestic spaces. Who has not been thrown by Alexa or Siri offering an answer to an innocuous question directed to a family member? They are always listening.

I note the Government’s aim to ensure that smart technology becomes available in a way that is safe for consumers, but I am also mindful of the law of unintended consequences, as referenced by the noble Lord, Lord Fox, and the danger of government intervention to control and/or manage such technological advances. Such intervention must not become a drag on innovation; we do not want the UK to become the safest place to interact with modern technology simply because there is no cutting-edge technology with which to interact. Can the Minister explain what co-ordination there has been with other jurisdictions on this legislation? Will the UK be an outlier in introducing these product security requirements, or is this consistent with requirements due to be introduced elsewhere? Is it sensible to go it alone? The obvious risk is that cutting-edge consumer products simply will not be introduced to the UK market, causing us to fall behind in a key technological sector. I note that the legislation is specific as to what technology is to be included and what is to be exempted. How do the Government intend to ensure that these provisions are kept up to date in such a fast-moving industry? How will the legislation capture nascent technologies and new means of connectivity?

I note that the legislation and its enforcement powers extend to relevant persons, as defined in Clause 7, such as manufacturers, importers and distributors. How does the legislation impact the second-hand and grey market in consumer electronics? Does it impact products acquired by consumers overseas and brought to the UK and sold here? Also, how do the Government intend to deal with existing products on the market that may not satisfy these legislative requirements? Will they be allowed to become obsolete through the passage of time? One of the major concerns of consumers is how quickly consumable technology products become obsolete. Will this legislation increase that speed of obsolescence, with the requisite cost, both financial and environmental?

Turning to Part 2 of the Bill, on telecoms infrastructure, I note a number of further interests. In my capacity as a technology lawyer, I represent a number of infrastructure providers, mostly in the south-west of England. As the Earl of Devon, I am a champion of rural connectivity and the vital need to end the discrimination experienced by the dispersed population of Devon. I am surprised by quite how many friends and neighbours living in the middle of our local village, only five miles from Exeter, are unable to receive any mobile signal whatsoever in their homes. However, I am also a farmer and a land manager and, in that capacity, I inherited a telecoms mast tenancy of an area of woodland granted by my father some years ago under the 1954 Act. This tenancy has for some time been due for renewal, but it has been stuck in protracted and thus far incomplete negotiations due to the crippling uncertainty caused by the 2017 amendments to the Electronic Communications Code which is only compounded by this pending Bill. As a local resident frustrated by a lack of signal, I am keen as mustard to encourage more masts and better coverage. As a lawyer representing telecoms companies, I see the benefit in strengthening their hand in renewing leases and saving them money. However, as a site provider, if I were ever asked to grant further leases, I would likely decline, as I simply would have no confidence that the rights granted would be honoured or that the rent negotiated would ever be paid.

Therefore, I see the complicated issues raised by the telecoms infrastructure provisions of this Bill first-hand and from pretty much all sides. The one thing of which we can be certain is that the current legislative structure and the 2017 amendments in particular are simply not fit for purpose. As we have heard, some site providers record telecoms operators seeking to decrease rents by up to 90%. There has clearly been a breakdown in trust between operators, providers and their respective professional advisers. Unfortunately, I am not sure that Part 2 of this Bill will do anything to fix that, and it may even make it worse.

As I think we have all stated, our principal concern must be to ensure that the rollout of mobile connectivity across the country is completed as quickly and efficiently as possible to ensure that hard-to-reach communities do not fall further and further behind. The 2017 amendments sought to achieve this by, in part, seeking to decrease the rent payable for telecoms infrastructure and so to decrease the cost to consumers. The actual impact of the 2017 amendments has been the exact opposite: as telecoms companies have sought to renegotiate leases entered into on the open market, at dramatically decreased rents, the take-up of new masts has slowed. The market for telecoms infrastructure has largely ground to halt as property owners—be they farmers, sports clubs, community centres, charities or churches—think very hard before renewing and/or granting new leases in such an uncertain market. The provisions of Part 2 will only exacerbate this problem, causing property owners to withhold their consent and to terminate already-granted leases where possible. The Government’s laudable aim of increasing connectivity will be frustrated if this legislation, in its current form, is passed—to the detriment of us all: communities, telecoms companies and proprietors alike. This is a return to the law of unintended consequences.

A broad array of stakeholders has questioned the wisdom of this legislation, from the NFU and CLA, to the CAAV, the BPF and the Law Society. Of particular concern are the changes in Clause 61 to the way land is valued under telecoms leases, so that they are no longer at market value but now merely bare land value. By these provisions, the Government will be intervening in long-standing existing leases, freely negotiated between willing participants, to dramatically decrease rental values, often years after the fact. That is no way to encourage the rollout of digital infrastructure, and it takes a sledgehammer to existing property rights.

The Law Society noted that the 2017 reforms

“have tilted the balance of rights too heavily in favour of operators to assist them in securing site facilities”.

The result has been many site providers

“reacting with obstruction, unwillingness to cooperate and litigation.”

Despite this, it appears that the Government have failed to assess the impact of the 2017 reforms at all. What analysis has been conducted prior to seeking to extend those controversial reforms to historic leases, as proposed?

I note that the Government consulted in 2021 on changes to the ECC but did not consult on the issue of valuation and compensation to providers. The Government recognised

“that the 2017 Code reforms had an impact on … providers’ willingness to agree or renew Code rights.”

They also noted that changes to the valuation provisions

“have made entering these agreements significantly less attractive for site providers.”

Despite this, the Government’s policy position has not changed. Why?

The Government identified other reasons for lease negotiations failing including, as I said, lack of trust and poor communications between advisers. They are therefore focused on achieving faster and more collaborative negotiations but this entirely misses the point. If the financial underpinnings of those negotiations remain as one-sided as they are, no amount of ADR will help. The Government state that they wish with these provisions to make it easier for digital networks to be installed and encourage stronger and more collaborative relationships between telecoms operators and site providers, but the fact that they seek to backdate claims to rental discounts and permit the ability of operators to add infrastructure to existing sites fundamentally undermines the collaborative relationships that were well established before 2017.

These retrospective amendments ensure that any prospective site provider, properly advised, will be reluctant to grant such telecoms leases, frustrating the Government’s well-intended ambitions. This cannot be in anyone’s interests.

Photo of Baroness Stowell of Beeston Baroness Stowell of Beeston Chair, Communications and Digital Committee, Chair, Communications and Digital Committee 4:51, 6 June 2022

My Lords, it is a pleasure to follow the noble Earl, Lord Devon. I too congratulate my noble friend the Minister on introducing the first of his four Bills in this Session. My noble friend is going to be busy. I also thank the range of organisations which have provided briefing for this Second Reading, whether in written briefing that they have sent us by email or in the various meetings that have been scheduled.

I should start by declaring an interest as chairman of the Communications and Digital Select Committee but also acknowledge the expertise of other speakers in today’s debate. I pay particular tribute to my noble friends Lady Harding of Winscombe and Lord Vaizey of Didcot, both of whom are members of the Select Committee and whose expertise and professional knowledge I rely on a lot.

Like everyone else today, I welcome the Bill. I recognise the importance of full-fibre broadband rollout, both in its benefits to the economy and its importance to levelling up. I want to address just three main points. I support the greater clarification in the Bill so that all providers have the right to access telegraph poles to upgrade the fibre wires run on overhead poles, as so ably described by my noble friend Lady Harding. I recognise the importance of that being clarified in the Bill, because it will be of benefit to all the providers participating in making sure that we have full broadband rollout in the UK.

What I do not support, however, is extending the exclusive rights of Openreach to upgrade its existing network in blocks of flats, or multi-dwelling units. The reason I would not support an amendment brought forward to that end would be because of it embedding an unfair competition. As my noble friend Lady Harding so expertly already explained, it is the arrival of competition that has done most to accelerate the rollout in this country, so we need to keep Openreach on its toes. That would be to the benefit of flat owners and residents, of whom I am one.

The issue which troubles me most is that of resolving the dispute between site providers and mobile network operators over significant falls in rental income and land value. Other noble Lords have already described these falls, which range from 60% at best—I think that is the Government’s estimate—to, at worst, 90%. The noble Earl, Lord Devon, has just described this in some detail.

I am grateful to Speed Up Britain for its briefing and have some sympathy with its argument comparing the value of what we are discussing to that for other utilities, which is the position that the Government have taken in this legislation. However, I also know that the land-value regime for other utilities was established at a time of state ownership and monopolies and that some argue that the regime for utilities is out of date, although I am not suggesting that we revisit that.

I also understand and share the view that the most important gain—and the prize we must all keep our eye on—is faster rollout, especially for these remote communities and those who are currently not served well. However, according to the other lobby group that has already been mentioned today, Protect and Connect, many site owners remain concerned and feel a sense of injustice and unfairness in the way in which they are treated. It seems to me that site owners are being asked to make sacrifices for the benefit of their local communities, but they fear that what is in fact happening is that they are being asked to give up income for the benefit of commercial providers gaining profit. I recognise that both sides are represented by vested interests—my noble friends Lord Vaizey and Lord Hunt referred to land aggregators buying up leases from landowners to gain their own profit. That is why transparency is so important.

As I understand it, the site providers were told that a reduction in their rental income would be reinvested by the mobile network operators in the rollout. Without the economic impact assessment that the Government promised in 2017 and said would happen by June 2022—ie, this month—those site providers who have been most affected are being asked to take on trust that their loss is not another commercial provider’s gain. The noble Lord, Lord Fox, has already outlined the impact of this on bill payers, whose bills are not going down as a result of this, so there are quite a lot of people who want a better understanding of what is going on. I see that the Government rejected a request for such an economic impact assessment during the passage of the Bill in the Commons, and I should be grateful if my noble friend the Minister would explain why. Also, if that is not something that the Government are willing to carry out, what else will they do to provide the confidence that some of these site providers are looking for so that there is not any unnecessary delay to rollout, as has been described is happening because of their sense of events?

As I say, I think that everyone recognises the urgency and importance of rollout, but if this is for the greater good—I believe it is—the Government cannot afford to ignore those who feel that it is happening at unfair expense to them. As I have said on many occasions in your Lordships’ House, levelling up is not just about infrastructure that brings economic equality; it is also about fairness. It seems wrong that a Bill designed to level up is making some of those affected feel that they are losing out. I hope that my noble friend the Minister can do what is necessary to address their legitimate concerns.

Photo of Lord Clement-Jones Lord Clement-Jones Liberal Democrat Lords Spokesperson (Digital) 4:58, 6 June 2022

My Lords, I start by thanking the Minister for his comprehensive introduction. We have had a really well-informed debate today; it has, in the words of the noble Lord, Lord Arbuthnot, been enjoyable to hear the expertise displayed around the House. As the noble Baroness, Lady Harding, made clear, a lot of the Bill will involve arguing about technical issues. I look forward to many happy hours talking about ducts and poles as we proceed.

As many noble Lords have said, the Bill clearly falls into two distinct parts. The first is a very welcome but overdue addition to the security of connected products; the second concerns a telecom infrastructure element which makes yet more changes to the Electronic Communications Code. The product security elements are a welcome follow-on to the original 2018 Code of Practice for Consumer IoT Security. As the noble Lord, Lord Arbuthnot, also said, the internet is fundamentally insecure. I pay tribute to Which? and the PETRAS National Centre of Excellence for IoT Systems Cybersecurity for highlighting security issues in connected devices, and we welcome the proposals in the Bill.

As techUK says, demand and consumer appeal rose across all categories during the pandemic, and Covid-19 saw UK consumers buying 21.8 million smart home devices—a 22% rise in volume compared with 2019. People overwhelmingly assume these products are secure, but only one in five manufacturers have appropriate security measures in places for their connectable products. While there are strict rules about protecting people from physical harm such as overheating, sharp components or electric shocks, there are currently no such rules for cyber breaches.

My noble friend Lord Fox mentioned some survey work by Which? that found that a home filled with connected devices could be exposed to more than 12,000 hacking or unknown scanning attacks from across the world in a single week. There is, however, a series of issues in this area that will require amendment to the Bill. I am very sorry to disappoint the noble Lord, Lord Vaizey, in this respect—I do not know whether I should say he is from Vivaldi to Velasquez, but maybe we can continue with that later.

As my noble friend Lord Fox emphasised, at the very least there should be an upfront clause that sets out the purpose of the Bill. It should set out the minimum expectations for what a consumer should enjoy with respect to security because the danger, otherwise, is that these requirements are simply treated as a tick box. Which? has called for the three security requirements to be set out expressly as well, in Part 1 of the Bill or an appropriate schedule. At the moment, they are promised in secondary legislation without any draft being available. Will the Government supply this during the passage of the Bill so we can be vouchsafed what these three principles are going to look like? Why are only three out the six principles set out in the original guidelines covered, including minimise exposed attack surfaces and securely store credentials and security-sensitive data—can the Minister explain why these are not going to be included in the legislation?

The noble Lord, Lord Arbuthnot, raised some very interesting points about products being secured by design and access by engineers, and the noble Earl, Lord Devon, raised the very important issue about compatibility with international standards. The proposed mandatory requirements need to be matched with strong enforcement arrangements ensuring that consumers are able to get effective redress when they purchase devices that fail to meet security standards, and there need to be sufficient measures to keep people safe from harms caused by the weak security of these products. At present, the Bill gives the Secretary of State enforcement powers with the ability to delegate to a regulator. What are the Government’s intentions in this regard? What is the regulator going to be?

There are further amendments which we agree with Which? should be made to the Bill and which we will be advancing. We want to ensure that every individual device has a unique or user-set password that meets effective complexity requirements; there should be very clear provision of vulnerability disclosure policy information; and there is a variety of other aspects, such as ensuring that intermediaries, such as listing platforms, online marketplaces and auction sites, are covered as well.

The noble Lord, Lord Bassam, also mentioned the question of exemptions, and these include medical devices. These are increasingly common, and the data captured is sensitive but the regulations covering these are outdated. If they are going to be excluded, what assurance do we have from the Minister that conformity requirements are being updated for these devices to the latest security standards?

As the noble Lords, Lord Vaizey, Lord Holmes and Lord Arbuthnot, said, we have difficulties surrounding the ability to report flaws in device security. The CyberUp campaign has made the case that, without a statutory defence in the Computer Misuse Act 1990, cybersecurity researchers can still face legal action for testing and reporting a vulnerability to a manufacturer—the noble Lord, Lord Arbuthnot, raised the case of Rob Dyke. Can the Minister respond on this very important aspect—will the Government put forward an amendment during the passage of this Bill?

With the latter half of the Bill, we all seem to be trapped in a time loop on telecoms, with continual consultation and changes to the ECC and continual retreat by the Government on their 1 gigabit per second broadband rollout pledge. In the Explanatory Notes we were at 85% by 2025. Can the Minister confirm that that should now read 2026? My noble friend Lord Fox asked the Minister a number of questions about the detail, where we were talking about fixed on the one hand and broadband on the other. I very much hope he will come back on that. But how long will all those targets stick? They seem to be changed just about every six months.

There has been so much government bravado in this area, but it is clear that the much-trumpeted £5 billion announced last year for Project Gigabit, bringing gigabit coverage to the hardest to reach areas, has not even been fully allocated, and not a penny has been spent. As the noble Lord, Lord Hunt, said, this is despite the increased importance of connectivity through the pandemic and the importance of digital exclusion, as the noble Lord, Lord Holmes, mentioned.

The changes to the ECC in the Digital Economy Act 2017 were meant to do the trick. Then the electronic communications and wireless telegraphy amendment regulations 2020 were heralded as enabling

“stronger emphasis on incentivising investment in very high-capacity … networks”,

promoting “efficient” use of spectrum, and

“ensuring effective consumer protection and engagement.”

Then we had the future telecoms infrastructure review and the Telecommunication Infrastructure (Leasehold Property) Bill, where we argued about the definition of “tenant” and “rights of requiring installation” and “rights of entry”. Sadly, we were not able to include a clause that would have required a review of the Government’s progress on rollout—and of course now we know why. Even while that that Bill was going through in 2021, we had the Access to Land: Consultation on Changes to the Electronic Communications Code. That has now resulted in this Bill. It is an extraordinary saga of chopping and changing to the ECC. After all this, we are no further forward on the extent of the universal service obligation, which is so frustrating for rural areas.

Where in all this, as my noble friend Lord Fox and I have asked each time we debate these issues, are the interests of the consumer, especially the rural consumer? How are they being promoted, especially now that the market review is only once every five years? As my noble friend Lord Fox said, the big question is what has and has not worked in all these changes. I fully join with the point made by the noble Baroness, Lady Stowell, that we have not had the promised impact assessment to see where we are on the ECC and the impact it has had.

Regarding the changes to the ECC made by the Bill, we have heard a great deal from, and many noble Lords have mentioned, the Protect and Connect campaign, which represents land and property owners, including sports clubs, churches, farms and country parks. Personally, I found what the noble Earl, Lord Devon, had to say extremely persuasive. Contrary to what the noble Lord, Lord Hunt, said, and as described by the noble Lord, Lord Bassam, and the noble Baroness, Lady McIntosh—I think the phrase the noble Earl, Lord Devon, used was “taking a sledgehammer” to existing property rights—the campaign says that those it represents have been severely impacted by the changes to the Electronic Communications Code made by the Digital Economy Act 2017. It appears that, since 2017, site providers, with rent reductions of up to 90% as opposed to the anticipated 40%, have lost more than £200 million per year in income, including £60.5 million of lost local authority money, while in some cases the capex of some operators has fallen. The Protect and Connect campaign believes that the

“push for massive rent reductions, compared with existing agreements, trample over property rights, and place farmers, small land and property owners, community organisations, charities, and other site providers, who have come to rely on this rental income, in financial peril, not least because it may unfairly result in these groups being forced to refund or repay operators thousands of pounds”.

I can give the Minister some very powerful case histories. It is noteworthy that work by the Centre for Economics and Business Research shows that the 2017 changes have led to a slowdown in rollout and the current government proposals will not remedy this. What is the Government’s assessment of that CEBR response?

We have also heard support for Openreach’s position on achieving easier upgrade rights as regards installation of broadband in MDUs. Like the noble Baroness, Lady Stowell, these Benches are not yet persuaded that this will not give Openreach an unfair competitive advantage, but we look forward to having that debate during the course of the Bill.

My noble friend Lord Fox had no time to raise the implications of the Hackitt report into building regulations and fire safety, and the aspect of broadband installation. We will raise this in Committee, because we believe that could provide a solution to the MDU contact issue by providing a single point of responsibility.

That was a bit of a gallop, but I look forward to the Minister’s reply.

Photo of Baroness Merron Baroness Merron Opposition Whip (Lords), Shadow Spokesperson (Health and Social Care), Shadow Spokesperson (Digital, Culture, Media and Sport) 5:11, 6 June 2022

My Lords, I am grateful to the Minister for introducing the Bill—perhaps not the most snappily named one this House will ever deal with but nevertheless extremely relevant to our daily lives—and to noble Lords who have participated in this debate, all of whom, like me, are keen to ensure that it does the job it is here to do. One thing I am sure we can agree on across all sides of the House, as the noble Lord, Lord Arbuthnot, observed, is that it has been an enjoyable, enlightening and educational debate. I hope it will contribute to improving the Bill from its current form.

This is a very important debate because, despite some steps forward, the issues around product security and telecommunications infrastructure are not entirely in the right place, so we have another opportunity before us to improve that situation. We also find ourselves dealing with the very complex nature of regulation in this field. This is perhaps highlighted by the very nature of the Bill: it runs to nearly 70 pages, yet its scope is relatively narrow. Given the pace of change in this sector, as the noble Earl, Lord Devon, observed, it is quite possible that parts of this legislation will need updating before we have even got to the end of the process of which we are in the beginning stages.

On Part 1, improving the security of so-called smart products is a sensible and long-overdue step. We have all been aware of the risks associated with these products for some time. While some are theoretical, many are extremely real. We are witnessing an increasing number of attempts to take control of smart devices to commit fraud, carry out surveillance or initiate other forms of cyberattack. The Government’s previous commitment—I believe from 2016—was to ensure that a “majority” of these products would be “secured by default” by 2021. I would be grateful if the Minister could comment on whether he believes that target has been met.

As a wider observation, until now the Government have very much been relying on voluntary codes over and above statutory duties. Given the risks to both personal and national security, this seems a light-touch approach to take with producers, importers and sellers. Surely, these things should not be left to chance.

As I alluded to previously, we have concerns that the Bill might not capture new waves of technology, some of which are already making their way into homes across the nation. Given the considerable efforts to future-proof the Online Safety Bill, can the Minister comment on whether it is possible to do the same in respect of this Bill and its provisions? As noble Lords have expressed during this debate, we will no doubt need to use Committee to better understand how the new system will operate, but it is important to say that I can confirm from these Benches that we generally support Part 1 of the Bill.

However, the Minister will not be surprised to hear that, like other noble Lords, we have rather less enthusiasm for Part 2. There are many concerns around the rollout of new broadband and 5G networks. The Government are lagging behind their target, even though that target has repeatedly been watered down, from full-fibre nationwide to gigabit-capable connections for 85% of homes. The Minister has asserted that the Bill will improve the situation but we remain unsure whether it will do so. If anything, we fear that some of these measures—particularly the tensions that they will create within the sector—will slow the process down.

The Bill does nothing to improve the rollout of infrastructure in communities where commercial viability is in doubt. This problem is by no means new, yet seemingly no answer to it has been provided in the context of the Bill we are debating today. Indeed, to give one example, the Minister in another place suggested that the best way to avoid an entrenched urban/rural digital divide is for MPs to provide lists of streets with access issues. This does not seem an all-embracing strategic approach; I think we are all aware that any good constituency MP worth their salt will have been doing that in any case for many years. However, there has been little to no improvement on the ground. If there is no money to be made, operators are not interested in providing fibre cables in remote villages or erecting mobile masts to cover not-spots.

The last time DCMS made major changes to the Electronic Communications Code, back in 2017, telecoms companies were allowed to reduce the rents paid to landowners who host phone masts and other pieces of equipment. Ministers believed that these rents, which were often only a couple of thousand pounds per year, were too high. Promises were made that reductions would not exceed 40% but the reality is that many landowners have seen rents cut by 90% or more. The result is that many community centres, sports clubs, churches, farmers and local authorities are being deprived of the sums they believed they were entitled to and had planned for. These individuals and organisations entered into the agreements in good faith, yet the law forbids them taking the masts down when payments are slashed.

The impacts of this have been felt, even in the Prime Minister’s own back yard. Hillingdon NHS Trust used to receive nearly £2 million per year from telecommunications rental fees. Following the 2017 reforms, that not only fell to £211,000 but Vodafone demanded a £300,000 repayment. Although not all the sums involved are so large, they are nevertheless significant in their impact. For example, Billericay Rugby Club was being kept afloat thanks to an annual rent of £8,500. It now receives £750 a year. It would be helpful to know from the Minister how this can be explained to local people who use facilities such as those at Billericay Rugby Club.

After all, hosting telecommunications equipment means providing 24/7 access to property, which surely deserves adequate remuneration. It is hard to believe the argument that global companies such as EE and Vodafone were unable to pay the higher charges, despite having done so for years with no issues. I would welcome the Minister’s comments on this.

As we have heard in the course of this debate, the number of legal challenges has grown exponentially, but rather than addressing the legitimate concerns of landowners, it seems that the Government’s answer is to introduce a new layer of bureaucracy. At a time when we need new infrastructure, Ministers should be incentivising the involvement of small landowners, not making enemies of them. Will the Government undertake an urgent review of this situation and commit to bringing forward sensible changes to the code in due course?

I know that the Government say that the revised valuation guidance is fair, so it would be very helpful—I hope that the Minister can do this—to see the department publish the evidence base so that we can all see it. Of course, DCMS committed to carrying out a broad review of the 2017 reforms, but as far as I am aware, that information has not been made public. Can the Minister provide an update today? If the department is so convinced of its position, what is the harm in producing the evidence, so that we can see it, in the interests of transparency?

Of course, it is not just the rents fiasco that is holding us back. There are still practical and legal issues around the provision of new or upgraded equipment for multiple-dwelling units, as my noble friend Lord Bassam referred to. The Government sought to address this several years ago by introducing new rights for tenants in leasehold properties. We welcomed that Bill, and it has no doubt helped some, but it has not proved to be a silver bullet.

It is ludicrous in this day and age that many people living in flats have worse digital connectivity than those living in houses, as the noble Lord, Lord Holmes, referred to. The type of property that we rent or buy should not determine the extent to which we can receive digital services. Noble Lords will know that this matter was subject to amendments in another place which served to highlight the level of disagreement among service providers themselves. This is no doubt an area we will explore in Committee, but in the meantime can the Minister share the Government’s current thinking on this? If operators cannot agree on a way forward, what is going to be done about it?

To conclude, I think we all want to achieve the same things. We need to have the highest possible safety standards for the broadest range of products, and we want government and industry to combine to provide the fastest, most reliable networks for the largest number of people—but we do not believe that the Bill as drafted achieves these aims. There will be areas, of course, where the Government are able to convince us otherwise, but I hope that there will be areas where the Minister will see fit to work with us to make sensible changes. We stand ready to play our part in ensuring a fair, successful and secure rollout of fibre and 5G.

Photo of Lord Parkinson of Whitley Bay Lord Parkinson of Whitley Bay Lord in Waiting (HM Household) (Whip), The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport 5:23, 6 June 2022

My Lords, I am very grateful to all noble Lords for their contributions to what I agree has been a very enjoyable debate this afternoon. I am sure these contributions will form a prelude to some further interesting and enjoyable debates in Committee and later stages of the Bill. I am grateful, too, for the excessively generous compliments from my noble friends behind me, which I am sure are an illustration of the great harmony and mutual affection for which the Conservative Party is, today of all days, renowned.

As my noble friend Lady Harding of Winscombe rightly said, this is a technical but important Bill, and I am pleased that all noble Lords from all parts of your Lordships’ House are in agreement that people from across the country should be able to benefit from faster digital connectivity and the assurance that their technology is secure. The Bill therefore comes at an opportune time, when cyberattacks are on the rise and when digital connectivity is increasingly important for all the reasons that my noble friend Lady Hodgson of Abinger and other noble Lords set out. We have heard examples in today’s debate of the benefits which will accrue to communities, urban and rural, right across the country.

I am conscious that in Committee we will go into greater detail in some of the areas which noble Lords have alluded to, but I want to respond to some of the points which they have raised in today’s debate. The noble Lord, Lord Fox, began in general terms by asking whether we ought to set out a clear explanation in the Bill of what consumers can expect in terms of product security. The fundamental purpose of the Bill, as set out in its first clause, is to embed security requirements to protect and enhance the security of connectable products and their users. That is the measuring stick against which the impact of the Bill and future regulations will be assessed.

As I alluded to in my opening remarks, there are no silver bullets in cybersecurity. Thousands of people in the UK have been victims of cyberattacks, and cybercriminals are using connectable products to attack large infrastructure as well. Our approach to connectable products lies in both the UK and wider international expertise. Our own 2018 code of practice is the foundation of the first international standard for consumer security and there is an international consensus behind this standard. We are also, through the Bill, the first to embed these protections in legislation. At the moment, some security-conscious manufacturers address these threats, but through the Bill we will now make sure that all manufacturers follow best practice in future.

The noble Earl, Lord Devon, rightly spoke of our international standing. The UK has established global leadership in this area. We have worked closely with our international partners and have seen evidence of other countries and organisations embedding the approach that we have taken in their own codes. In my opening remarks I mentioned Australia and India, which have published codes of practice with the same 13 principles which we published in 2018, but Singapore, Germany and Finland among others have made their own domestic interventions which also align with the UK’s code of practice. The European Commission has also published its intention to explore regulation for connected devices through the cyber resilience Act.

On Part 2, the noble Lord, Lord Fox, in general terms asked why we were revisiting and changing the code again. As noble Lords noted, it was substantially reformed in 2017, following the important and substantial work undertaken by my noble friend Lord Vaizey of Didcot when he was the responsible Minister. A key aim of those reforms was to make it cheaper and easier for digital infrastructure to be deployed, maintained and upgraded. The Government recognised that this would mean telecommunications site providers receiving lower payments than had previously been the case. However, those changes were introduced only following an extensive period of consultation and research and were considered necessary to reduce operator costs and to encourage the industry investment required for the UK to get the digital communications infrastructure that it needs.

The Government intended that the 2017 reforms would speed up deployment and reduce operator costs, and indeed the changes have borne fruit. However, since the changes have come into force we have also received feedback about how they have worked in practice and about some of the ongoing challenges which people face. The Bill aims to tackle those problems and to ensure that the aim and the ambition of the 2017 reforms is realised. To give an example, both operators and landowners have pointed to problems regarding negotiations, with operators saying that they take too long and landowners saying that they face too much pressure to accept certain terms. This is one of the areas we will address through the Bill.

A number of noble Lords spoke about the valuation work which came from the 2017 reforms. The new pricing regime is more closely aligned to those for utilities such as water, electricity and gas, and we think that is the correct position. Landowners should still receive fair payments which, among other things, take into account any alternative uses that the land may have and any losses or damages that may be incurred. We think that the measures in the Bill will support greater collaboration between operators and landowners and help agreements to be completed more swiftly.

The prices being paid for rights to install communications apparatus before 2017 were too high and reflected the rapid explosion that was taking place in demand for digital services; it was right that they were addressed. The 2017 reforms were intended to strike a balance between ensuring that individual landowners are not left out of pocket and making network deployment and maintenance more cost-effective.

The noble Earl, Lord Devon, and others asked about reviewing the impact of the reforms made in 2017. We recognised when the 2017 reforms were introduced that the market would need time to adapt and settle, and it would be premature to carry out a full assessment of the 2017 reforms at this time. There is not enough evidence about agreements which were completed after they came into force for a properly robust and comprehensive analysis to be made—not least, of course, because of the impact of the pandemic. However, the evidence and feedback we have received provides a compelling case that the changes we are making in this Bill will ensure that the 2017 reforms have their intended effect. Making these changes now will help to deliver the Government’s 2025 connectivity target of at least 85% of homes and businesses having access to gigabit broadband. That is not to say that we think the 2017 reforms failed. Much progress has been made. We simply think that more can and must be done to maximise their impact.

The noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Merron, asked about impact assessments. The impact assessments which accompanied the 2017 reforms did not state that the Government would undertake a full economic review of the code’s impact on rents, but in that document the Government committed to reviewing the 2017 reforms as a whole by June 2022—this month. The Government have met this commitment through their continuing engagement with interested parties, including holding monthly access to land workshops. This engagement and the issues which have been highlighted through it prompted the 2021 consultation and the measures in the Bill, which we think are needed for the aims of the 2017 reforms to be fully realised.

Photo of Lord Clement-Jones Lord Clement-Jones Liberal Democrat Lords Spokesperson (Digital)

That sounds a bit feeble. DCMS has had workshops but has not produced a review. That does not sound like any sort of review.

Photo of Lord Parkinson of Whitley Bay Lord Parkinson of Whitley Bay Lord in Waiting (HM Household) (Whip), The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

The noble Lord perhaps thinks we committed to more in 2017 than we did. We have met the commitments we made in 2017 through our engagement with the industry. The points it made have informed the Bill before us. I am sure we will debate—

Photo of Lord Clement-Jones Lord Clement-Jones Liberal Democrat Lords Spokesperson (Digital)

May I suggest that if the passage of the Bill is to be smooth, any information the Minister is able to provide about the impact, past or expected, would be extremely helpful? Otherwise, we are all going to be arguing about suppositions.

Photo of Lord Parkinson of Whitley Bay Lord Parkinson of Whitley Bay Lord in Waiting (HM Household) (Whip), The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

Certainly. I pointed out that the time that has elapsed since 2017 has perhaps not given us as much real data as we would have had, were it not for the pandemic, but of course we will be influenced by what have seen as we scrutinise the Bill in Committee and later.

We have heard a range of views on multiple dwelling units. The Government are aware of calls from parts of the industry for greater automatic rights to upgrade existing infrastructure in multiple dwelling units. The Government are not convinced that granting those rights is proportionate, because we must strike the right balance between private property rights and public benefits. There are other ways that operators can arrange to upgrade equipment in multiple dwelling units. They can ask for those rights and if landlords fail to reply, they will be able to use the process created through the Telecoms Infrastructure (Leasehold Property) Act 2021. If landlords refuse, operators can ask the courts to impose additional rights to upgrade existing equipment if their agreement with the landlord does not already provide them with those rights.

Other measures in the Bill encourage the use of alternative dispute resolution to support more collaborative negotiations. The Government are also considering further changes through regulations to help code disputes be dealt with more quickly. Finally, it is important to stress that there is no consensus from the industry on this issue, just as there was no consensus in our debate today. In fact, many operators have opposed the proposal on the grounds that it would create an unfair advantage for operators who already have equipment inside buildings and could therefore have anti-competitive effects.

My noble friend Lady Harding of Winscombe asked about telegraph poles. It is important that any automatic rights in relation to apparatus on, under or over private land strike a fair balance between any interference with private property rights and any public benefits that can be delivered. We think that the measures in this Bill on rights to upgrade and share apparatus under land achieve that balance. However, we have seen some evidence that further public benefits might be achieved if telecommunications poles sited on private land could be upgraded and shared more easily. Operators already have statutory rights to fly wires between these poles and it is obviously important that the legislative framework supports the effective use of these rights; we are looking into this matter closely.

A number of noble Lords touched on what is and is not in scope of Part 1 of the Bill. The Bill sets out what types of products should be treated as “consumer connectable”. This includes products that can be connected to the internet, such as routers, smart TVs, smart home products and connectable toys. I can tell my noble friend Lord Arbuthnot of Edrom that toasters are indeed in scope, although the idea of an internet-connected toaster makes me think of Wallace and Gromit. I share his bafflement at why people might want to do it, but they are in scope.

The powers in the Bill will allow the Government to update products that are in scope where changes to the wider regulatory, technological or threat landscape render this appropriate. The Government also intend to remove some products from scope where their inclusion would subject them to double regulation or where that would be disproportionate to the level of security risk. An example of such an exception is automotive vehicles, which I can tell my noble friend Lord Vaizey of Didcot include e-scooters; other examples are medical devices and smart charging points.

My noble friend Lord Arbuthnot talked about the vulnerability disclosure process. Of course, manufacturers will not see every vulnerability in their own products. Increasingly, the people best placed to spot them are everyday users and designated security researchers; but the potential point of failure here is the process for reporting those vulnerabilities to the manufacturer, which is often difficult to navigate. The security requirement will mandate a clear point of contact and the policy for the manufacturer to receive such reports and take meaningful action to address them. That is an important step forward, which, I am pleased to say, has widespread industry and expert support.

The noble Lords, Lord Clement-Jones and Lord Bassam of Brighton, the noble Baroness, Lady Merron, and others asked about future-proofing. There is a common notion that Governments are behind the curve when it comes to regulating technology, but not in this case. As well as setting the stage to introduce the regulations to which we have already committed, this Bill establishes a flexible and future-proof regulatory framework so the Government can be agile and proactive in amending and introducing security requirements in step with technological innovation. That is exactly why we have not included the three security requirements on the face of the Bill. By design, the Bill not only addresses the current problem but looks beyond it to ensure that UK consumers can be protected no matter how technologies and threats change and emerge.

My noble friend Lord Holmes of Richmond asked about the Computer Misuse Act. Colleagues at the Home Office are currently taking forward work to identify whether the proposals made in response to the review of that Act, which was launched in May last year, will assist in helping to protect the UK from cybercrime, or whether they are addressed under other programmes of work. We will provide an update to your Lordships’ House in due course, but this Bill will enhance protection for consumers and networks from the range of harms associated with cyberattacks. It equips the Government with the necessary powers to set and update security requirements within a fast-growing area of emerging technologies.

Photo of Lord Clement-Jones Lord Clement-Jones Liberal Democrat Lords Spokesperson (Digital)

I am sorry to interrupt the Minister again, but I am frightened that he is not going to tell us who the regulator will be, explain why we are covering only three of the many principles covered in legislation in other territories, or provide us with a glimpse of the secondary legislation.

Photo of Lord Parkinson of Whitley Bay Lord Parkinson of Whitley Bay Lord in Waiting (HM Household) (Whip), The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

The noble Lord is eager to hear answers to questions to which I may yet turn; on some of them I will write. Work has been done to identify the regulator, but it would not be right to refer to that person at this stage and ahead of Royal Assent. I will write to the noble Lord on the other points he mentioned. I talked just now about our approach, through secondary legislation, to future-proofing and the reasons for not setting out the first three principles in the Bill. We have set out what those standards will be up front.

My noble friend Lord Holmes of Richmond spoke about the important issue of digital inclusion and skills. We run programmes to give young people the opportunity to learn digital skills and to improve their cybersecurity. More than 100,000 young people have participated in these programmes. We have expanded that with a new online training platform, Cyber Explorers, which aims to engage 30,000 young people, and DCMS funded the creation of the UK Cyber Security Council to create professional standards and pathways for cybersecurity.

The noble Lord, Lord Fox, asked about Huawei equipment in our infrastructure. The Government have undertaken a consultation with the industry on the designation of Huawei as a high-risk vendor and proposed directions relating to Huawei goods and services. The responses we receive will inform any final post-consultation decision on whether to issue the designation notice and direction. The Government have also undertaken a public consultation on a set of draft electronic communications security measures regulations and a draft code of practice, the outcome of which will be published in due course.

Photo of Lord Fox Lord Fox Liberal Democrat Lords Spokesperson (Business, Energy and Industrial Strategy)

It was the “in due course” bit that I was interested in. In other words, what is “in due course” in this case—months, weeks, days, years?

Photo of Lord Parkinson of Whitley Bay Lord Parkinson of Whitley Bay Lord in Waiting (HM Household) (Whip), The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

I am afraid I am not able to elaborate further than “in due course” at this point, but if I am able to before Committee I will come back with more particulars. The final regulations and code of practice will be laid in Parliament later this year using the negative procedure, as required by the Telecommunications (Security) Act.

The noble Baroness, Lady Merron, asked about the knock-on effect of telecoms operators’ reduced rental payments on the funding of community organisations. It is important to note that the funding for such organisations should not be reliant on telecommunications. There are many funding streams, not least from the Government, to support them and their important work. The National Lottery Community Fund is the largest non-government funder of community activity in the UK and one of the largest arm’s-length bodies that DCMS sponsors. Officials at the department work closely with the National Lottery Community Fund to ensure that it continues to support the evolving needs of civil society organisations. Over the last five years, the fund has distributed £3.4 billion.

The noble Baroness talked particularly about sports clubs. The Government very much agree that sports and physical activity are critical for our mental and physical health, which is why we provided an unprecedented £1 billion of financial support to sport and leisure organisations during the pandemic. We will ensure that community groups continue to get the support they need.

I shall write to the noble Lord, Lord Clement-Jones, on the points that he highlighted that I have not addressed today. I would, of course, be very happy to speak to any noble Lords who would like to talk about any of the issues in the Bill in further detail. I am very grateful to my noble friend Lord Hunt of Wirral and to the noble Baroness, Lady Merron, and the noble Lord, Lord Bassam of Brighton, as well as the noble Lords, Lord Fox and Lord Clement-Jones, for the engagement that we have had in detail already. I would be more than happy to hold further discussions and talk in greater detail between now and Committee.

My noble friend Lady McIntosh of Pickering offered to furnish me with the details of some of the unused masts in North Yorkshire, and I would be very glad to receive them and take them forward to discuss with officials.

Bill read a second time and committed to a Committee of the Whole House.