Clause 1 - Power to specify security requirements

Part of Product Security and Telecommunications Infrastructure Bill – in a Public Bill Committee am 11:30 am ar 17 Mawrth 2022.

Danfonwch hysbysiad imi am ddadleuon fel hyn

Photo of Chris Elmore Chris Elmore Opposition Whip (Commons), Shadow Minister (Digital, Culture, Media and Sport) 11:30, 17 Mawrth 2022

It is a pleasure to serve under your chairmanship, Mr Stringer.

This important legislation establishes, through regulations, three core security requirements for “connectable products”. The requirements derive from the voluntary 2018 “Secure by Design” code introduced by the Department for Digital, Culture, Media and Sport. The inclusion of these three requirements is, without doubt, a step that the Opposition welcome. However, we believe that the legislation can be improved, and that the three security requirements, rather than being defined in future regulations at the discretion of the Secretary of State, should be expressly set out in the Bill. That would be beneficial for two reasons. First, it would give manufacturers and distributors a greater understanding of the legal obligations that they face, thus speeding up the entire process. Secondly, it would ensure that the consumer was better protected, which I am sure we all agree would be a good thing. The consumer rights group Which? emphasised that when it gave oral evidence on Tuesday.

New clause 3 would require the Secretary of State to publish a report on the security risks to UK connectable products. On Tuesday, Madeline Carr, professor of global politics and cyber-security at University College London, said that she does not have an Alexa in her house because of the security risks that those devices, and others like them, pose. Tellingly, she also said that the Bill as constituted would not give her sufficient confidence to purchase one. Given that, and given the tragic scenes unfolding following Russia’s invasion of Ukraine, and the willingness of that rogue regime to engage in state-sponsored cyber-warfare, the Opposition believe it is in the public and national interest to understand how secure our connected products really are. We are becoming more reliant on smart devices in our daily life, both professionally and personally. It is imperative that the security of these devices is routinely monitored and reported on.

As I stated on Second Reading, the Opposition support the Bill, but believe it can be strengthened. Amendment 6 and new clause 3 would ensure that consumers were better protected and more aware of the threats facing their connected devices. As such, I believe that all Committee colleagues should support amendment 6 and new clause 3.