Clause 21 - Notification of proposed changes to telecommunications services etc

Part of Investigatory Powers (Amendment) Bill [Lords] – in a Public Bill Committee am 3:30 pm ar 7 Mawrth 2024.

Danfonwch hysbysiad imi am ddadleuon fel hyn

Photo of Stuart McDonald Stuart McDonald Scottish National Party, Cumbernauld, Kilsyth and Kirkintilloch East 3:30, 7 Mawrth 2024

I want to pursue another line of argument that has been put to members of the Committee. I spoke earlier about the principles of the notification regime; I now want to probe the Government on the extent to which they have considered the possible unintended consequences of setting it up.

The evidence circulated this morning includes a letter from academics and experts from the United Kingdom and across North America, who express considerable concern about the outcome of the proposal. During the last debate, the Minister explained that the justification is that companies from across the world have a reach into children’s homes in the United Kingdom, and it is the duty of this Parliament and legislators to keep them safe. I do not think anyone would dispute that at all.

The experts argue that an unintended consequence of being as radical as the proposal in the Bill is that citizens in the United Kingdom could be less safe. Although the Government are trying to restrict the scope of the regime to what happens in the United Kingdom, in reality it will mean that certain updates and security features will not be rolled out to the United Kingdom. In fact, certain organisations may think twice about developing products for the UK market at all.

I am way outside my comfort zone, so I will go straight to what the experts argue in their evidence:

“If enacted, these proposals would have disastrous consequences for the security of users of services operating in the UK, by introducing bureaucratic hurdles that slow the development and deployment of security updates. They would orchestrate a situation in which the UK Government effectively directs how technology is built and maintained, significantly undermining user trust in the safety and security of services and products.”

They argue that this contains a significant risk of increased cyber-crime, as well as of endangering the encryption of important services. They conclude that

“these proposals are anathema to the best interests of UK citizens and businesses and internet users everywhere, and contradict universally accepted security best practices.”

I want to probe the Government on the extent to which they have considered the possible unintended consequences of how these companies may react to their proposals.