Dr Julian Lewis: It is an absolute pleasure to follow such sensible speeches from those on both Front Benches. There is a history to today’s legislation which I shall set out and against which my Committee colleagues can develop the Intelligence and Security Committee’s current perspectives. As the hon. Member for Cardiff Central (Jo Stevens) mentioned, it was in June 2013 that the Intelligence and Security Committee, on which I served under Sir Malcolm Rifkind’s chairmanship, published a no-holds-barred report on foreign involvement in the critical national infrastructure. It focused on the casual and cavalier way in which contracts were signed between British Telecom and Huawei prior to any ministerial involvement, and it insisted that:
“The National Security Council should ensure that there are effective procedures and powers in place … when it comes to investment in the CNI.”
We demanded an effective process by which Government are alerted to potential foreign investment in the CNI; an established procedure for assessing the risks; a process for developing a strategy to manage these risks throughout the lifetime of the contract and beyond; clarity as to what powers the Government have or need to have; and clear lines of responsibility and accountability. The Committee was
“shocked that officials chose not to inform, let alone consult, Ministers on such an issue.”
That, we concluded, must never again be allowed to happen.
The Government’s July 2013 response to the report bordered on complacency. They conceded that
“with hindsight, we agree that Ministers should have been informed”
and put their faith in the relatively new National Security Council, in conjunction with “cross industry-government groups”, to provide better protection in future. Replying to our main finding that their
“duty to protect the safety and security of its citizens should not be compromised by fears of financial consequences”,
the Government observed that
“HMG’s approach balances economic prosperity … with national security … Boosting trade and investment is a key part of the Government’s plan for growth and we are working hard to develop our economic relationships with key trading partners, including China.”
As Huawei’s chief executive officer had been given the full red-carpet treatment at 10 Downing Street only the previous September, that response was all too predictable, and thus the courtship continued, despite growing anxiety among our Five Eyes partners, such as Australia and the United States.
There can be no doubt of the sincerity of the technical advice given by our experts at GCHQ and, more recently, in the National Cyber Security Centre, its public-facing arm. They recognise – as does the Bill – that the lack of diverse suppliers is a critical future vulnerability. For telecommunications to be resilient, their networks need more than two providers on which to depend. Otherwise, the collapse of one provider means total reliance on the other. Yet should that really override the danger of ever-closer involvement with a company legally in thrall to potentially hostile Chinese intelligence services?
In a statement in July last year, the ISC acknowledged the National Cyber Security Centre’s paradoxical point that three providers might be safer than two, even when the third comes from an adversarial state. Yet it rightly pointed out that
“the issue cannot be viewed solely through a technical lens – because it is not simply about telecommunications equipment. This is a geostrategic decision, the ramifications of which may be felt for decades to come… It is about perception as much as anything: our Five Eyes partners need to be able to trust the UK and we must not do anything which puts that at risk… And there is the question as to whether other countries might follow the UK’s decision”
when they are not as capable of protecting their networks as we are of protecting our own.
Some say that the Government’s perseverance with Huawei was justified on the basis of the technical advice they were given – right up to the point earlier this year when the United States brought in its fierce further sanctions. Yet the fact that the US would take such a step should have been anticipated. Our belated U-turn in July shows what happens when multifaceted problems are examined in a one-dimensional way.
Seven long years after our Huawei report, the Government have – in the space of a fortnight – introduced two important Bills: this one and the National Security and Investment Bill. Taken together, according to the National Cyber Security Centre, they should help to establish an
“appropriately secure and resilient telecoms infrastructure”
and
“effect the security transformation we” –
the NCSC –
“believe to be necessary”.
We are assured that
“operators adhering in totality to the new security regime will be among the most secure in the world”.
Hopefully, our US partners – currently promoting an international clean network initiative – will agree and Five Eyes harmony on those vital matters can now be reinstated.
Having waited so long for two such necessary Bills, the ISC must sadly record our concern that, in both cases, their Second Reading debates were held within just four working days of their introduction on First Reading. Normally, adequate notice of about two weeks would enable our hard-working staff to obtain relevant confidential material and advance sight of such legislation to allow proper prior consideration. The tiny window of opportunity afforded by the parliamentary timetabling has prevented this from happening, and our staff had to fall back purely on publicly available sources.
Proposals such as those in this Bill, which the Committee first recommended in 2013, are therefore to be welcomed, but the public rely on the ISC to assure them that we have asked those questions in private that cannot be discussed more openly. As that has not yet happened, our support for the Bill in principle cannot be as unqualified at this stage, as we should like it to be, though I welcome the Minister’s offer to speak to the Committee later this week.
Here are a few of the questions that can be asked on the Floor of the House. First, as the Department for Digital, Culture, Media and Sport has not traditionally specialised in national security, on whom will the Secretary of State rely for advice when deciding whether to issue restrictions against high-risk vendors, or directions to telecoms providers?
Secondly, if the answer is the National Cyber Security Centre and our wider intelligence community, will there be procedures to guarantee that they will be consulted with adequate notice, and who will ensure that their advice is given sufficient weight? Thirdly, in view of the revolving door, via which too many businessmen and ex-civil servants effortlessly glide between their former roles and the Huawei boardroom, what assurance can we have that the Government will be immune from lobbying campaigns by those on the payroll of high-risk vendors?
Finally, I have a question that I was pleased, I think, to hear the Secretary of State answer 15 minutes into his opening speech [see note below], but it would be nice to have the Minister reiterate that answer: unlike in 2013, do the Government now fully accept that national security must always be their overriding consideration where critical national infrastructure is concerned?
[NOTE: In his opening speech introducing the Bill's Second Reading, the Secretary of State for DCMS (Oliver Dowden) stated, at col.74, that: "We are clear-eyed about putting national security first. If national security and economic interests are in conflict with each other, national security comes first."]