|Private Security Industry Bill [Lords]
Mr. Clarke: It is only prized by those who support the corporate state.
Mr. Bercow: I am certainly not an enthusiast for the corporate state, but that does not in any way preclude me from recognising the significant expertise as well as the representative character of the Confederation of British Industry. It is concerned, as I think the Minister will acknowledge, that the Bill could have a damaging impact upon the IT industry, and could hinder the Government's aim to make the United Kingdom the best place in the world in which to conduct e-business.
The argument is simple. The current wording of the Bill necessitates the amendment, as it is unclear whether the Bill covers people working in information technology such as systems administrators and IT support staff, whose duties range from the building of firewalls to the protection of a network from attack to educating employees on what sort of passwords to use. Given the difficulty that some businesses already have in recruiting specialised and experienced IT professionals, any proposal that endangers that species and makes their recruitment more difficult would exacerbate the present problem and should, if at all possible, be avoided by the Government.
We all know that there was extensive consultation in advance of the introduction of the Bill. We do not dispute that, and we have debated the Bill on many occasions. However, that consultationquite properlywas with the organisations that it was envisaged would be affected by the Bill. The IT security sector did not originally expect to be affected and had no reason to think that the Government wanted it to be. However, it is now anxious that it might be.
That is a problem. The drafting of the Bill has seemingly inadvertently drawn in the IT security industry, as my hon. Friend the Member for Surrey Heath explained during our deliberations last week. Paragraph 5 defines the activities of security consultants as falling under the designated activities of clause 3, the conduct of which without a licence will be against the law. Security consultants are defined as those who give advice about taking security precautions or engaging security operatives. The wording makes no distinctions between physical and information security, or between tangible and intangible assets.
It therefore appears possibleI put the point no more strongly than thatthat information security consultants, as no specific distinction is made between them and others, and they are not consciously excluded, could fall within the scope of the Bill, as bouncers and wheelclampers do. IT security consultants are not mentionedthe Minister will not dispute that, as it is an incontrovertible factin the exemptions to paragraph 5, which, as we know from debate, include exemptions for those giving legal and financial advice and for the activities of an accountancy body.
The inclusion of the IT sector is undesirable if it is deliberate, but in a sense is even more so if it is not deliberate. If it happens by default, that is deeply regrettable, as it would mean that no protection of the sector would have been provided alongside the regulatory mechanisms that the Government have decided are appropriate. We want inclusion by inadvertence even less than we want deliberate inclusion. IT security consultants could be licensed under a Bill that has been drafted without their being consulted.
The Minister will not be surprised by the fact that I want to refer to remarks that he made on Second Reading. He said that the Government had no current intention of bringing
As the Minister knows, the Confederation of British Industry believes, according to its parliamentary brief, that
At an earlier stage, there was some publicity about the CBI's concerns about the Bill. I hope that the Minister will take careful note of what the head of e-business of that organisation, Mr. Hickson, was quoted as saying, which was that he fears that the Government have
I have tried to make important arguments as briefly as I can. I look forward to the Minister's reply. I am conscious of the fact thatI expect a cheerthis will be my last contribution in the Committee, so I thank you, Mr. Winterton, warmly and genuinely, for your fair, firm, tolerant and robust chairmanship. I say that to someone who I hope is now widely acknowledged in the House of Commons as one of the finest parliamentarians of our time.
The Chairman: I am not sure what to say.
Mr. Andrew Miller (Ellesmere Port and Neston): When I referred to this clause earlier, the hon. Member for Buckingham intervened on me and I undertook to think about his point and to respond. I have a lot of sympathy for his argument, as have several organisations including the British Computer Society, but I think that his solution is wrong for the problem. We must always keep in mind the word ``proportionate'' when considering our responsibilities in legislation, particularly human rights legislation. If we were to accept his solution, we could end up in the ridiculous position of dealing with the security of a cheap piece of plastic, such as a CD, floppy disk or tape, but not with the extremely valuable data it contained. That would create a problem of proportionality.
The solution lies somewhere in secondary legislation. It would be extremely helpful for the Minister to say unequivocally that at this stage there is no intention to incorporate the IT
The Chairman: I am afraid that I must now ask the Minister to respond.
Mr. Charles Clarke: These amendments seek to limit the definition of security consultants to those offering advice about the taking of security precautions in relation to physical property. That would exclude those who advise on the security of information, and I interpret that to mean the IT sector. There has been concern in parts of that sector about how, if at all, the Bill applies to them. They are keen to establish whether the Government includes them in the definition of security consultant that is used in paragraph 5 of schedule 2. I had hoped to lay their fears to rest in a statement I made on Second Reading, but I am happy to restate the position. The definition used in the schedule is deliberately broad. We want it to remain useable in the face of changing security systems, in particular those using technologyand I acknowledge the point made by my hon. Friend the Member for Ellesmere Port and Neston (Mr. Miller). We also wish, as a fundamental principle, to ensure that the Bill targets the specialist providers of security services whom we want to regulate, but does not inadvertently catch groups who are not relevant to the aims of our policy.
The term security consultant, as used in paragraph 5 of schedule 2, means those who give advice about
As I said on Second Reading, the Government believe that issues need to be explored with regard to confidence in the information security consultancy industry. That industry has a vital role to play in protecting the new economy from vandalism and other crimes. Our consideration of the Bill has started a valuable debate about how information security consultants can match or exceed the levels of confidence that the Bill will create for other security contractors. For that reason, the Department of Trade and Industry will consult the IT industry about the extent and effectiveness of existing precautions and about whether further action is required.
I look forward, as I hope the Committee does, to seeing the result of that consultation. I am certain that that is the best way forward, rather than the solution suggested in the amendments. I hope that I have convinced the hon. Member for Buckingham and that he will withdraw his amendment. We want to work with the industry, rather than against it, to solve these problems.
|©Parliamentary copyright 2001||Prepared 1 May 2001|