Previous Section Back to Table of Contents Lords Hansard Home Page

Baroness Howe of Idlicote: I thank the Minister for his reply. He ended on a positive note so I am not quite as depressed by his answer as I might otherwise have been. I wish to thank all those Members of the Committee who have joined in the debate. I was most heartened to listen to what noble Lords had to say in support of the amendment. Perhaps I should apologise for not having declared earlier my now somewhat elderly interest, in that I am a former chairman of the Broadcasting Standards Commission.

I shall swiftly reaffirm my own view, having worked for so long in the field of equal opportunities. It is necessary to spell out these areas. It was necessary to do so again and again on women's issues, even though women comprise 50 per cent of the population. It is just as necessary now in regard to race issues, and to do so until the time comes when the message is completely absorbed. Where better than to spell it out as proposed on the face of the Bill?

For the moment I shall withdraw the amendment. I shall read carefully what all noble Lords have had to say and wait to see what may emerge from our discussions.

Amendment, by leave, withdrawn.

Lord Dixon-Smith moved Amendment No. 21:

"( ) the need to promote good practice in relation to the security of electronic communications networks;"

The noble Lord said: I rise once again to move an amendment tabled in the name of my noble friend Lord Northesk. This amendment should come as no surprise either to Members of the Committee or to the Government. No doubt noble Lords will recall the promotion last year of the Computer Misuse (Amendment) Bill of my noble friend. Indeed, the Government and the Minister may even have thought to dig out and review the Second Reading debate for that Bill in preparation for today's discussions. It is sufficient to say that those proceedings, in their entirety and based on the contributions of all noble Lords who spoke, encapsulate the reason why my noble friend believes this amendment to be so important. But it is useful to update the background and factual information that underpins the amendment. In that way the Committee will gain a feel for the context in which it is intended to operate.

Inevitably, computer crime is a fairly recent phenomenon. As the technological revolution develops, so we become more and more aware of the myriad ways in which IT can be used for criminal or anti-social ends. For us, as legislators, it is a relentless process of catch-up, although there are senses in which we have not even begun to do so as yet. For illustrative purposes, it is worth considering a single subset of this problem, although I am bound to caution the Committee that this does not make any other aspect of IT security any less important.

6 May 2003 : Column 985

A recent survey carried out for the National Hi-Tech Crime Unit by NOP of more than 100 firms highlighted more than 3,000 separate incidents of sabotage of data, virus attack and financial fraud. Hacking and denial of service attacks accounted for one in five of these episodes. As Detective Chief Superintendent Len Hynds, the head of the National Hi-Tech Crime Unit, is on record as saying,

    "With 87 per cent of respondents reporting that they had suffered some kind of hi-tech attack it is not so much 'will you become a victim?' but rather 'when will you know that you are a victim?'".

We are all aware of computer viruses and their huge potential for damage, but for most of us they are a threat that is only dimly perceived and even more dimly understood. At least in part this is a result of that sense of diffidence towards IT to which my noble friend alluded last week.

But there are some digestible facts. Industry experts estimate that the number of viruses and their variants currently in circulation is 62,000. According to a DTI survey in 2002, the rise in access attacks has gone from 4 per cent to 14 per cent in less than a year. Industry estimates that the average cost for a security breach is 30,000, with several companies reporting incidents which cost more than 500,000.

Typically, the fear of reporting IT crime to the police—notwithstanding the suspicion that many have that the law as it stands is ill-equipped to deal with the problem—stems from the belief that, in so doing, security shortcomings will be publicised and exposed. Not only that, but consumer and commercial confidence in their net presence may be undermined. Certainly reporting, even in confidence via the UNIRAS system, has yet to be taken up widely, although the National Hi-Tech Crime Unit seems to be making some progress with its confidential hot-line.

One or two companies have been willing to place on record reports of attacks on their networks, notably the Internet service provider, Tiscali. Its UK arm was severely impacted on 18th March this year—I apologise for my noble friend's "techie" approach to this issue but he is the expert and I defer to him—after a massive denial of service assault that downed the ISP's portal, denying customers net access and e-mail services. Nominet, too, has suffered, particularly at the hands of "spammers", and was forced to suspend the "WHOIS" service.

It is not only the private sector and individuals who are at risk; the public sector is equally exposed. The Committee will remember that, 18 months ago, the original Code Red virus wormed its way through the Internet, carrying a payload intended to cause a denial of service attack on the White House web server. The UK has not escaped its share of attacks from hackers. The No. 10 Downing Street website, on 23rd March this year, was briefly rendered inaccessible after a co-ordinated denial of service attack protesting the Prime Minister's role in the Iraq conflict. Separately, the Carder's group defaced more than 3,000 websites over a weekend early in March of this year.

6 May 2003 : Column 986

We—and the Government should be included in the use of that pronoun—should be under no illusions: the problem is immense. It is getting worse all the time rather than better. I have skimmed the surface of only one of its aspects. It is seductive to imagine that, serious as all of this may be, it is outside the scope of the Bill. What conceivable utility is there in a primary economic regulator having any measure of responsibility over issues more correctly dealt with elsewhere?

The first point to be made is that, on the Government's own admission, Ofcom is not intended to be exclusively an economic regulator. For the avoidance of doubt, Dr Kim Howells, the Minister for Tourism, Film and Broadcasting, said,

    "Ofcom is not purely, or even primarily, an economic regulator".—[Official Report, Commons Standing Committee E, 10/12/02; col. 76.]

Secondly, a point already made by my noble friend in the context of other amendments, the economic and commercial vitality and success of IT are inextricably linked with the levels of trust and confidence that consumers have in it. It is possible to over-emphasise the importance of this but, none the less, in so far as Ofcom is an economic regulator and thereby has a vested interest in the health and vitality of the sector, issues of business trust and confidence can be seen as integral to its work.

Thirdly, to a very major extent we have already had a template of the Government's own construction of the way in which co-operative effort can impact beneficially within the sector. It is only last year that the Government introduced the Mobile Telephone (Re-programming) Bill which Parliament very quickly turned round and enacted into law. We all agreed that its purpose was to respond to a specific and identifiable problem within the communications sector. We all agree that its drafting was informed by inputs from telecoms companies, from appropriate regulators and from the Government. I do not know how it has impacted on the scale of the problem of mobile phone theft—perhaps the Minister will help me on that in his response—but it is reasonable to suppose that it will have had an effect and eased the problem somewhat. Certainly we do not hear so much about mobile phone theft as we did 12 months ago.

The point at issue here is to ask ourselves how much better and quicker would we all have been able to respond to the problem of mobile phone theft had the relevant regulator been more proactively involved at the coal face, as it were, on a day-to-day basis. That is what the amendment seeks to achieve.

The Committee may feel that this is a rehash of Amendment No. 14 moved by my noble friend Lady Wilcox last week. It is not. That had some specific targets—copyright abuse, threats to children on the net and so on—but this amendment does not have that degree of specificity. It recognises that the role of Ofcom here is not that of creating regulation but of acting as a champion for security issues as they relate to ICT. If the objective of legislating for technological convergence is to be realised coherently, it is imperative that Ofcom should be placed in this position.

6 May 2003 : Column 987

As with other technology-based amendments, the Minister will no doubt argue—with some justification, it has to be said—that the body of IT security-related issues should be left to be dealt with under the terms of the forthcoming European directives. That has an element of substance, but the rub, as my noble friend would argue, is that, as with Amendment No. 16, all the proposition does is anticipate without in any way pre-empting the terms of those directives.

We should not be deluded into ignoring a crucial aspect of the commercial and economic health and vitality of the new technology sector which, after all, should lie at the heart of Ofcom's work, simply because it may be more convenient, or possibly tidier, to defer the matter by dealing with it via the European route. It is important that Ofcom should have its finger very firmly on the pulse of technological development and the way in which it may generate problems and difficulties in the future.

If we are sincerely to believe that the UK can take its place in the forefront of the new technology in the years leading up to the delivery of the Government's various targets, we cannot afford to tie Ofcom's hands here. It is crucial that the Office of Communications has a specific responsibility to promote good practice in relation to security of the entire electronic communications network. I beg to move.

5.30 p.m.

Lord McIntosh of Haringey: I wonder if it would help the Committee if I said that the noble Lord, Lord Dixon-Smith, has answered his own amendment. The answer is indeed that Clause 4 places Ofcom under certain further duties in order to fulfil certain Community obligations under the framework directive. That includes, among those obligations, a duty to promote the interests of the citizens of the European Union by, among other things, ensuring that the integrity and security of public communications networks are maintained. There is nothing in the amendment that is not done already in the Bill.

Next Section Back to Table of Contents Lords Hansard Home Page