Tag: Tom Tugendhat

Tom Tugendhat – 2023 Speech on Fraud and AI
The speech made by Tom Tugendhat, the Security Minister, on 31 October 2023.
It’s an enormous pleasure to be with you and I’m very grateful to be back at RUSI.

I gave my first foreign policy speech when I took over the Chairmanship of the Foreign Affairs Committee here.

I know RUSI’s vision has always been to inform, influence and enhance public debate to help build a safer and more stable world.

The mission has endured for 200 or so years now. The mission has not changed but the medium has.

Today the range of challenges we face has never been greater.

So it’s right that here, at the home of strategic thinking, we’re gathering to build on the foundations of those who shaped our security in the generations before us to make sure that endures for the generations to come.

So a profound thanks to our hosts, and also to you all, for being here on the eve of the first major global summit on AI security.

As with the summit itself, we have representatives here from government, from industry, from civil society, academia, and law enforcement.

Whatever your profession, whatever sector you represent, you are here because we need you.

Because we need each other.

Like so many areas of my responsibility, the government cannot do this alone.

Our role in government is to understand the threats that we face and target resources, helping others to come together and meet our challenges in the most effective way possible.

You can tell a lot about a government from the operating system they build for society.

Some countries build a system that are designed to control.

Other build a system designed to exploit.

Here in the UK we build systems that are designed to liberate.

To free individual aspiration and creativity for the benefit of all.

And that’s what security means to me.

It’s not a means of closing things down.

It’s about creating the conditions required to open up a society.

A safe environment in which ideas can take root, and opportunity is available to all.

That’s why we need to get this right.

Because technology as transformative as AI will touch every part of our society.

If we succeed, hardworking families up and down the country will reap the benefits.

If we don’t we will all pay the price.

The stakes are very high, but coming together today, in this way today sends the right message.

There are two core themes for the programme today. They come from different eras.

The first is fraud, which in its various guises, is as old as crime itself.

When Jacob stole Esau’s inheritance by passing himself off as his brother, that was perhaps the first description of fraud in the Bible.

The first record of fraud actually is possibly older, it dates from a fraud case related to copper ingots and is recorded 4000 years in Babylon.

The last time I spoke about Babylon in RUSI I was in uniform describing how I was one of many armies to have camped under its walls.

The challenges posed by Artificial Intelligence are comparatively new.

Its democratisation will bring about astonishing opportunities for us all.

Sadly that includes criminals.

We know that bad actors are quick to adopt new technologies.

Unchecked, AI has the power to bring about a new age of crime.

Already we’re seeing large language models being marketed for nefarious purposes.

One chatbot being sold on the darkweb – FraudGPT – claims to be able to draft realistic phishing emails:

mimicking the format used by your bank, and even suggesting the best place to insert malicious links.

That doesn’t just have implications for the realism of scams.

It has huge implications for their scale as well.

I don’t want to be in a situation where individuals can leverage similar technologies to pull off sophisticated scams at the scale of organised criminal gangs.

We don’t want to find the Artful Dodger has coded up into Al Capone.

At a fundamental level, fraudsters try to erase the boundary between what’s real and what’s fake.

Until relatively recently, that was a theoretical risk.

It wasn’t so long ago that I believed I was immune to being fooled online.

That is, until I saw a viral picture of the Pope in a coat.

Not just any coat.

A fashionable puffer jacket that wouldn’t look out of place on the runway in Paris.

One that my wife assured me was ‘on trend’.

I quickly forgot about it.

That is, until I learned that that image wasn’t actually of the Pope at all.

It was created on Midjourney. Using AI.

On the one hand it was a harmless gag, Pope Francis had never looked better.

On the other hand, it left me deeply uneasy.

If someone so instantly recognisable as the Holy Father could be wholly faked, what about the rest of us?

The recent Slovakian elections showed us how this could work in practice.

Deepfake audio was released in the run up to polling day.

It purported to show a prominent politician discussing how to rig the vote.

The clip was heard by hundreds of thousands of individuals.

Who knows how many votes it changed – or how many were convinced not to vote at all.

This is of course an example of a very specific type of fraud.

But all fraudsters blur the boundary between fact and fiction.

They warp the nature of reality.

It does not take a massive leap of imagination to see the implications of that in the fraud space.

Thankfully, relatively few AI-powered scams have come to light so far.

However, the ones that have highlight the potential of AI to be used by criminals to defraud people of their hard-earned cash.

The risks to citizens, businesses and our collective security are clear.

A few lines of code can act like Miracle Gro on crime, and the global cost of fraud is already estimated to be in the trillions.

In the United Kingdom, fraud accounts for around 40% of all estimated crime.

There’s an overlap with organised crime, terrorism and hostile activity from foreign states.

It is in a very real sense a threat to our national security.

But while there is undoubtedly a need to be proactive and vigilant, we need not despair.

And the wealth of talent, insight and expertise I see in front of me here gives me hope.

For the Government’s part, we are stepping up our counter-fraud efforts through the comprehensive strategy we published this summer and the work of Anthony Browne, my friend, who is the Anti-Fraud Champion.

Fraud is a growing, transnational threat, and has become a key component of organised criminality and harm in our communities. So international co-operation is essential.

That’s why the UK will host a summit in London next March to agree a co-ordinated action plan to reform the global system and respond to this growing threat.

We expect Ministers, law enforcement and intelligence agencies to attend from around the world.

The Online Safety Act which has completed its passage through Parliament and will require social media and search engine companies to take robust, proactive action to ensure users are not exposed to user-generated fraud or fraudulent advertising on their platforms.

And we are working on an Online Fraud Charter with industry that includes innovative ways for the public and private sector to work together to protect the public, reduce fraud and support victims.

This will build on the charters that are already agreed with the accountancy, banking, and telecommunications sectors to combat fraud, which have already contributed to a significant reduction in scam texts and a 13% fall in reported fraud in the last year.

New technologies don’t just bring about risk.

They create huge opportunities too.

AI is no different.

We know that the possibilities are vast, endless even.

What’s more it’s essential.

As the world grows more complex, only advanced intelligence systems can meet the task before us.

We need the AI revolution to deliver services and supply chains in an ever more globalised world.

I’m particularly interested in the question of how we can harness this new power in the public safety arena.

As we will hear shortly, AI is already driving complex approaches to manage risk, protect from harm and fight criminality.

There is a real-world benefit in combating fraud and scams, such as payment processing software that is stopping millions of scam texts from reaching potential victims.

No doubt I’ve barely scratched the surface, and there’s lots more excellent work going on.

What we absolutely have to do is break down any barriers that might exist between the different groups represented here this evening.

The only people who benefit from a misaligned, inconsistent approach are criminals, so it’s critical that we work hand in glove, across sectors and borders.

I want to come back to the point I started on.

For me AI and the security it enables is an essential part of the State’s responsibility to keep us all safe.

It’s not to increase our control.

Not to keep people in a box.

But to set people free.

We cannot eliminate risk, but we can understand it.

Using AI to map and measure today’s environment will ensure we do that.

The pursuit of progress is essential to human experience.

And the reality is that even if we wanted to, we cannot put the genie back in the bottle.

That does not mean, though, that we simply sit back and what and see what happens.

We can’t be passive in the face of this threat.

So what I want us to be thinking about is how we move forward.

Well, the way I see it there are three key questions that align to the aims of the AI Safety Summit:

The first, how do we build safe AI models that are resilient to criminal intent?

Second, as the vast majority of fraud starts online, how do we harness AI to ensure that harmful content is quickly identified and removed?

And lastly, what do governments need to be doing globally to balance progress and growth with safety and security?

That’s far from an exhaustive list.

But I think by addressing these core questions we can put ourselves on the right path.

So, thank you once again for being here; thank you RUSI for hosting us, I hope you will find it a valuable exercise.

And most of all I hope we can look back and say that today was a day when we took important steps forward in our shared mission to reduce the risks and seize the opportunities associated with AI. I remain hugely optimistic, but that optimism depends on the work we do today together.
November 3, 2023
Tom Tugendhat – 2023 Speech at the International Security Expo

The speech made by Tom Tugendhat, the Security Minister, on 26 September 2023.

Thank you very much indeed for the invitation and opportunity to address you again. This is my second time speaking here. It was a year ago that I was able to immerse myself among some of the most fantastic and innovative companies that the UK and indeed countries around the world are bringing together here.

It’s fantastic as well to see such innovation even in the last twelve months. While many of us have been focused on other security challenges, and in my case of course the death of her late majesty, the Queen, and the coronation of our new King, have dominated many of the security issues I have been particularly focused on.

We’ve also been sadly witnessing Russia’s brutal, illegal, vile and unprovoked attack on Ukraine.

It saddens me that a year on, that war has not only continued but it has cost many many more lives The UK remains absolutely steadfast in our commitment to the defence of a free and democratic people in Ukraine and their ability to determine their own future, free from Russian aggression.

Russia’s actions have provided us all with a very clear and stark reminder of the delicate nature of global peace and stability. And once again we are being challenged to stand up for those values.

That challenge is one we must meet head on because, although the world is changing some core elements are not. We still have a very fundamental choice between us, the decision to defend our freedom and our democracy, and we are very clear on what side we stand.

But that also means standing with friends and partners. Because our security, the bedrock on which all our freedoms is built doesn’t stand alone and is not set apart from those of NATO, Europe, Five Eyes and indeed many partners around the world.

The defence of our nation, the defence of our national security and of our citizens has been the guiding light of my working life. As many people know I have been a public servant in uniform and out of it for many years focusing entirely on the security of our people and our friends.

So I pay tribute to everyone across government, but particularly those in law enforcement, security and the intelligence community and of course in defence for everything they do in support of our nation.

As you know better than anyone, that mission goes beyond the state. It goes into industry, the private sectors, into academia and into individual ideas and innovations that are happening across the world and across the United Kingdom. So I pay huge tribute to all those in private sector who contribute to our security as well.

The relentless focus on the security of our people, our institutions, our economy and our values does not change.

That is not to say, however, that we can simply continue doing what we have always done.

In fact, that would be a mistake. The threats we face now, not only to life, but to our way of life, are as varied as they have ever been and are continuing to get more so.

The reality is that our adversaries are no longer as easily identifiable as the days when I was training at Sandhurst..

They don’t wear uniforms, they don’t carry flags, they don’t walk around in the open..

The reality is that today’s enemies, sadly are lurking on the internet and in the shadows.

They are using non-state actors, criminal groups and indeed private companies to undermine our security.

That danger comes from entire states and also from lone actors alike.

Now I don’t say this to sound alarmist indeed, what I have seen over the last year has filled me with enormous confidence that the response that many companies here have made against these target, against these threats, and to protect ourselves.

But it is also important we underline a new era of warfare and security we live in.

So, what have we done about it? What have the last 12 months looked like? Well we’ve taken some very significant steps.

I’ve mentioned Russia and Ukraine, and all of the activity to support Ukraine and how we’ve manage security implications for the UK over that time. How we’ve learnt from what we’ve seen there, and made sure that those lessons are embedded.

Closer at home, well, I’ve been working to make sure our apparatus for fighting terrorism is as strong, precise and agile as it needs to be to keep the public safe.

Our counter-terrorism strategy, which many people know, CONTEST, has been in place now for over 20 years.

Over that time, it has been established as, let’s face it, the best approach that we’ve seen around the world. It’s based on the four pillars which many of you will be able to recite by heart: prevent, pursue, protect and prepare. I normally forget one of them.

There is no change to that core framework, but as the public would expect, we are constantly asking ourselves what we need to do to modernise it.

That culminated in the publication this summer of a refreshed version of CONTEST which many of you will have seen, to make sure the UK remains ahead of the enduring and evolving threat we face from terrorism, both here in the UK and to our interests abroad.

This updated strategy describes a need to respond to a domestic terrorist threat which is less predictable and harder to detect and investigate, a persistent and evolving threat from Islamist groups overseas, and an operating environment in which technological advances present both opportunities and risks.

CONTEST sets out how the UK’s counter-terrorism response will remain agile in the face of an evolving threat, integrated so that we can bring the right interventions to bear at the right time to reduce risk, and aligned with our international allies to ensure that we can continue to deliver together.

And I will add that our partnerships with academia, the private sector and industry are critical in this endeavour, not only in supporting our counter-terrorism efforts with technological achievements, but also by injecting a drive for continuous improvement throughout our approach.

Now I mentioned earlier that we have to contend with threats not only to life but to our way of life, and that has perhaps been the most significant element of my work as Security Minister

Over the last 10 or 20 years, terrorism was quite rightly been the focus of my predecessors, the emergence of what we call state actors has now opened up a whole new dimension.

State threats are growing and diversifying as systematic competition intensifies. This can manifest itself in many forms, including espionage; interference; sabotage; physical threats to individuals; and attempts to undermine the rules based international system. Essentially, we are talking about is activity that seeks to undermine our security, our prosperity and our democracy.

So, I’ve placed a huge amount of emphasis on the need to bolster our response to state threats. One of the most important questions we have to ask ourselves when confronting emerging dangers like this is ‘do we have the powers we need’ ‘are our laws up to date’, ‘do we have the tools for the task?’

The truth is we didn’t. And that’s why we brought forward the National Security Act which was made law and the King signed only a few months ago. The Act brings together vital new measures to protect our national security. It overhauls and updates our outdated espionage laws, and creates a whole suite of measures designed to enable our law enforcement and intelligence agencies to deter, detect and disrupt the full range of modern-day state threats.

This is a genuine operational change in our ability to protect ourselves, the state and you as companies from the threat you may be facing to your intellectual property and your ability to provide essential defence.

Fraud is another area where we have sharpened up our response. These crimes pose a significant threat not just to individuals, but also to our collective prosperity and security. Earlier this year, we unveiled a new Fraud Strategy to stop scams at source, to boost protections for the public and strengthen the enforcement.

So that’s a small flavour of the progress we’ve made over the last year. But, as I made clear at the beginning, we cannot afford to be complacent.

That need to be indefatigable in our thirst to learn, to improve our response and to bolster our capabilities was brought home in the starkest possible fashion by the heinous attack at the Manchester Arena only a few years ago.

That atrocity that occurred that night was an act of – call it what it is – an act of absolute, pure evil. While we cannot bring back those whose lives were so brutally cut short, we can do everything possible to prevent more families suffering in the way that the victims and their loved ones suffered that night.

A huge amount of work has already been undertaken since the attack, not least the Manchester Arena Inquiry itself, which ended in August.

But we must never stop To ensure we learn the lessons, the Home Office has established the Manchester Arena Inquiry Assurance Programme. The assurance programme will work closely with our emergency service partners to oversee the continued delivery of the Manchester Arena Inquiry recommendations now that the Inquiry has closed.

As with all Home Office work, it will be accountable to the Home Affairs Select Committee for its progress, and, crucially, it will also provide a range of engagement events for victims of the Manchester Arena attack. In so doing, the assurance programme will provide updates on recommendation delivery to those most affected by their work.

In May, we published the Terrorism (Protection of Premises) Draft Bill.

This bill is truly known, correctly, as ‘Martyn’s Law’ because we named it after Martyn Hett, who was killed in the Manchester Arena attack. I’m very pleased to see Figen, Martyn’s mother, here today.

As many of you will know, Figen Murray has campaigned tirelessly for this change in the law. I pay enormous tribute to the work that she has done to make people aware of the changes, some of them incredibly small that we can make to make our communities safer and better prepared. It is no exaggeration to say that without her I would not be discussing this draft legislation today. She has been a tireless campaigner.

Martyn’s Law will ensure that there is better preparedness for terrorist attacks in public venues.

Our expert security partners assess that individuals are more likely to take action that can mitigate harm and save lives if they have considered what they would do, and how, before an attack occurring.

Throughout the development of the legislation, I have been extremely conscious of the need for proportionality, balancing the requirements with other pressures facing venues and owners.

That’s why for larger venues and events, we are asking more than in those smaller venues because not only are they more likely to be targets and sadly they are more likely to have more people in. That means that larger venues will need to implement security measures, develop a security plan and provide terrorism protection training to workers.

The duty is not entirely dissimilar to consideration venues will already be giving to health and safety and fire safety. A suite of guidance, good practice examples and templates will be available to support owners and operators. High quality advice is already available through the online platform ProtectUK, which I know many of you already use and I would advise those who aren’t, please do.

We are also making progress in our mission to tackle state threats. Let me tell you a little bit about some of the other work we’re doing. We passed the National Security Act but that is only just the beginning.

Always a major area of interest to me is the Defending Democracy Taskforce, which I have been asked to lead on behalf of the government.

Through the Taskforce, we are embedding a whole-system approach to protect the UK’s democratic processes, institutions and society and deliver a secure and resilient UK, free from threats of foreign interference.

Looking ahead, we must also continue working to understand the risks and opportunities flowing from technological advancements.

The pace of change has been so rapid and rampant that it can be difficult to keep track. But we must.

I believe the UK should lead the world in shaping the future. Many of you already do that with technology and the ways your companies prepare security.

That’s why I’m also delighted that we will be hosting the AI Safety Summit at Bletchley Park in November.

The Summit will focus on promoting our wider vision for AI and on safety risks in ‘frontier AI’ to drive coordinated international action.

The United Kingdom government’s overall objective is to ensure the safe and reliable development and use of frontier AI globally.

We recognise that AI presents both a generational challenge and generational opportunities, and will have lasting impact on humankind in terms of how we live and work, and our security, domestically and internationally.

To keep the UK safe, secure, and prosperous, we must ensure that as the technology evolves, it does so in a safe, responsible, and fair way.

Many organisations outside of national governments, in particular private companies, have been pivotal to the most recent advances in AI. It will therefore be absolutely critical to work with private companies around the world to make sure the safety measures we need are embedded not just government-to-government basis.

It has been my absolute pleasure to join you again today.

Security in 2023, as you all know very well, is about so much more than government, the police and security services.

It’s about all of you, it’s about making sure the entire mission and buy-in from right across society and that people understand what we’re trying to do to keep our whole community safe. I am really grateful to all of you who, who day in day out, continue to prepare the United Kingdom and our friends and allies to respond.

Thank you very much indeed for your time today. I am very confident that the work you are doing, that we are doing together, is going to keep us safe for many years into the future. The work that you do will also build into our economy a level of resilience and that level of control that means you are able to succeed.

Thank you very much indeed for being here today, it is very nice to see some old friends and indeed many new ones. Thank you very much for inviting me.

September 27, 2023
Tom Tugendhat – 2023 Speech at the PIER Annual Conference

The speech made by Tom Tugendhat, the Security Minister, at Anglia Ruskin University on 23 May 2023.

Good afternoon.

It’s a pleasure to be here with you today.

Before I begin, allow me to say a few words about the response to the Independent Inquiry into Child Sexual Abuse.

For those of you who took part, thank you. I know a lot of different experts have contributed in different ways to help our understanding and I hope you’re understanding as well of the situation that we’re facing.

This independent enquiry was indeed a wake up call, it was extraordinarily important to shed a light on the unimaginable abuse that we’ve seen suffered by children over many many years. It found quite simply appalling examples of organisations placing their own interests ahead of children’s safety: either by turning a blind eye or covering up the abuse.

Frankly it is deeply dispiriting to see.

I deeply admire the courage of those survivors who came forward.

We owe it to them – as well as to future generations – to ensure that it never happens again.

Later today I’ll be speaking to a group of students.

They are going to be asking the questions that students so often ask, I’m sure.

They are going to be asking questions that are relevant to today and about gossip in the media that we’ve been hearing.

They’ll be asking about the challenges we face, and yes, occasionally heckling me…

One thing I can guarantee I’ll be asked is whether I would recommend politics as a career.

It’s a difficult question to answer really and I’ve never really known how to answer.

I’ve never thought of politics as a profession, at least not in the traditional sense.

For me it’s a form of service.

Now, having already met a few of you I’m very aware that I’m speaking to an audience of professionals.

Many of you are at the top of your fields.

But I also understand that for many of you protecting children online isn’t just a career.

It’s more of a calling, every bit as personal as it professional.

The reason I’m here today is that for me keeping children safe isn’t just another issue, or even just the right thing to do.

It’s personal, and every bit as important as my role’s traditional focus on terrorism and state threats.

Let me explain why.

Earlier this year I visited the US to meet my counterparts in intelligence and homeland security.

While I was there I had the opportunity to visit the National Centre for Missing & Exploited Children, NCMEC for short, a heroic organisation on the vanguard of global efforts to keep children safe online.

NCMEC receives reports of suspected cases of child sexual exploitation from US-based tech companies including enticement, where children are lured into sharing explicit images and videos of themselves; sextortion, when predators target their victims using blackmail; and the online distribution of child sexual abuse material.

I’ll be straight with you.

I wasn’t prepared.

I wasn’t prepared for the depravity of some of the examples of offending they gave.

I wasn’t prepared for the scale of the threat that our children face.

And, as the father to a wonderful son and daughter of my own, I wasn’t prepared for the horror that children just like them are made to suffer every day.

The thing that struck me was how vulnerable they are.

To predators, social media sites like Facebook and Instagram are a one stop shop.

Without leaving Meta’s ecosystem they can choose their target…do their research…start a conversation with them…and transfer that conversation onto a private messaging service.

And that’s exactly what they do – in their thousands.

In 2022 NCMEC received over 32 million reports of suspected child sexual exploitation and abuse.

21 million of these came from Facebook alone, which not only speaks to the severity of the issue they face.

It also leads me to suspect that other companies are significantly under-reporting.

I want to be clear – this isn’t a US issue.

We face exactly the same problem right here in the UK.

The NCA estimates that there are up 850,000 people in this country who pose a sexual risk to children, including both contact offending and offending online.

Of course, in reality the scale of the threat our children face is much larger.

We mustn’t forget that the computers in our children’s homes, and the mobile phones in their pockets don’t just make them accessible to people here in the UK.

They connect them to the world.

That works both ways of course.

I’m appalled by the increase in so-called live streamed abuse, where predators pay to victimise children remotely – and often in other countries – via webcam.

The UK is one of the top 3 consumers of livestreamed child sex abuse from the Philippines.

Equally, in addition to the threat they face domestically, our children are also the targets of predators and offenders overseas.

It’s clear, then, that this is a threat of immense scale and complexity, and I’m grateful for the valiant efforts of our law enforcement agencies.

Every month UK law enforcement agencies arrest 800 people and safeguard 1200 children.

Last week, for example, Bernard Grace was sentenced to 8 years in prison for making 600 payments to direct and livestream the sexual abuse of children in the Philippines.

In March earlier this year, Christopher Manning was jailed for 25 years for using a chat platform to distribute child sexual abuse material and encouraging others to do the same.

And in 2021 the NCA caught David Wilson, one of the most prolific child sexual abuse offenders the UK has ever seen.

Wilson posed as a teenage girl on Facebook to manipulate his victims into sending sexually explicit material of themselves before using it to blackmail them into abusing their friends and siblings.

His case is the perfect illustration of why our partnership with tech companies and organisations such as NCMEC are so important.

He was brought to justice because law enforcement were able to access the evidence contained in over 250,000 Facebook messages.

And he’s far from alone.

NCMEC sends suspected cases of child sexual abuse in this country straight to the NCA, who process them before sending the resulting intelligence to the police.

In 2021, they contributed to 20,000 criminal investigations across the UK.

For predators that’s a significant deterrent.

And for their victims, it’s a lifeline.

That lifeline is now under threat.

Despite its past record of dedicated protection, Meta is planning to roll out end-to-end encryption on Messenger and Instagram Direct later this year.

Unless they build in robust safety measures, that poses a significant risk to child safety.

Let me be clear.

Privacy matters.

The UK government is in favour of protecting online communications.

And it is possible to offer your customers the privacy they expect…while also maintaining the technical capabilities needed to keep young people safe online.

Meta are just choosing not to, many others have already taken the same path.

The consequences of that decision are stark.

Facebook and Instagram account for over 80% of global NCMEC referrals, meaning that 20 million suspected cases of child sexual abuse a year will go unreported.

Meta will no longer be able to spot grooming – including cases like David Wilson’s – on their platforms, leaving tens of thousands of children in the UK, and around the world, beyond our help and in danger of exploitation.

Faced with an epidemic of child sexual exploitation and abuse Meta have decided to turn a blind eye, and are choosing to allow predators to operate with impunity.

This is extremely worrying.

But it also raises questions for parents like myself right across the country.

Questions about big tech, and the balance of power and responsibility enjoyed by social media companies.

My children love going to a playground near where we live.

While they’re there it’s clear who’s responsible for their safety.

Me of course, as their parent – but also the council, who have a duty to ensure the environment is safe and well-maintained, and our local police force, who have a duty to make sure nothing dangerous or illegal is taking place.

Both have clear lines of accountability to me and to our local community.

My children are currently too young to have social media profiles.

But what happens when they do go online?

Who’s responsible for their safety?

And is anyone accountable to them – or to me?

In my view it’s clear.

Companies like Meta enjoy vast power and influence over our lives.

With that power should come responsibility.

It’s not acceptable for tech executives to make vast profits from their youngest users, only to pass the buck when it comes to protecting them from the dangers on their own platform create.

The first duty of government is to protect its people, and none are more precious than our children.

In that sense, the stakes couldn’t be higher.

Over the past few minutes we’ve covered a lot of frightening statistics.

But we must never forget that behind every NCMEC referral, flagged image, and Police investigation is a real child being hurt in the real world, for whom the consequences of their victimisation are devastating.

However it’s not just these children’s futures that are at stake.

I personally believe you can judge a society by how it looks after its most vulnerable members, and that, in a nutshell, is why this is so fundamental.

Because the importance we place on protecting our children isn’t just a policy issue.

It speaks to the health of our society.

This is a test for governments and tech companies alike.

For governments: one of resolve, and standing up for what we believe in.

For tech companies: one of priorities, and making sure they do no harm.

As with many issues we’re not facing this alone.

All around the world, governments are in a similar position.

And each of us has a choice.

To lean in or to look away.

Well, I can tell you very clearly:

This government will not look away.

Some will have heard the words I have used today to be particularly critical of one company, they are right, I am speaking about Meta specifically and Mark Zuckerberg’s choices particularly. These are his choices, these are our children. He is not alone in making these choices, other companies have done too.

Let me be clear again: this government will not look away.

We will shortly be launching a campaign. A campaign to tell parents the truth about Meta’s choices, and what they mean for the safety of their children.

And a campaign to encourage tech firms to take responsibility and to do the right thing.

We’ll set out our case in the papers, in magazines, over the airwaves and online.

We’ll work with law enforcement agencies, children’s safety organisations, like-minded international counterparts through bodies such as the G7 and Five Eyes, and tech experts with authority on technical solutions and their feasibility.

We will not stop until we are satisfied that Meta and others are serious about finding a solution, and until they have strong safety systems in place to protect children.

I hope that, like me, this isn’t a fight that you’re prepared to lose, and I hope you’ll join us.

Our voices are louder when we speak together.

June 2, 2023
Tom Tugendhat – 2023 Speech to CYBERUK

The speech made by Tom Tugendhat, the Security Minister, in Belfast on 20 April 2023.

Thank you. It’s an enormous pleasure to be here with you today in Belfast.

It is also an incredible honour to be here in Belfast on this auspicious occasion. Not just to be here at this conference, but 25 years ago there was the extraordinary moment of the signing of the Good Friday agreement. That wonderful moment that gave hope to a new generation and demonstrated this country, the whole of the UK and the whole of these islands can move on from a difficult past to a much better future.

It’s a reminder that peace can never be taken for granted, and that service, debate and compromise define what is at the heart of our peaceful and democratic system, and together they must never be neglected.

It also makes me particularly mindful of my role today. I stand before you as Security Minister of the UK.

In one respect, that is quite a simple job: keep Britain safe. Of course, that clarity marks a complexity of the challenges we face from terrorism and state threats to organised crime and distributed attacks.

Those attacks are more your field and its there in the cyber world that the UK faces some of its sternest tests.

A quick look at the basic figures is enough to bring home the scale and severity of the issue we face.

New findings released just yesterday from the Cyber Security Breaches Survey show that 32% of businesses experienced at least one cyber breach in the last 12 months.

This year, for the first time, the survey also tells us how many of these breaches resulted in a cybercrime being committed.

We can now estimate that 11% of businesses were victim to at least one cybercrime. That cost each of them around £15,000 in the past year.

We must never lose sight of the fact that behind each of these online statistics is a real-world victim.

Each is a grandparent defrauded, and stripped of their savings.

Each is a small business held to ransom, and jobs lost.

Each is public money stolen, and the taxpayer short-changed.

The cyber-threat doesn’t just come from criminals. The ongoing war in Ukraine is a constant reminder of the threat we face from hostile actors. Russia has been trying to invade Ukraine’s cyberspace as much as its physical space, threatening critical information, critical services, and critical infrastructure.

The threat of further cyber fallout from conflict is very real to the United Kingdom and to all our allies.

At home we are seeing the overlap of state threats, terrorism and organised crime brought together online and off.

Against this troubling background our mission is clear. We must crack down on cybercrime, we must protect the United Kingdom from the most capable cyber adversaries – states, criminals and terrorists – all are trying to hurt us and all have made the online world work for them, delivering offline political gain and criminal profit.

That is no small brief, and it is not one any department, certainly not one Minister, can achieve alone.

That’s why this event is so important to me. This is why I’m so grateful to Lindy for inviting me and so grateful for the opportunity to speak to you. Because what we can achieve together is an all round ecosystem of cyber security built on the UK’s world class foundations of education, expertise, technology and capability.

The task of cyber security falls to government of course, but also to individuals, law enforcement, and to you, business.

Now today, I’d like to reflect on how far we’ve come, and where we need to go. Above all, I want to stress the core message, exemplified by those extraordinary events of 25 years ago – that only by working together can we collectively be safe.

I’d like to briefly outline my priorities in cyber policy, before affirming areas in which government and industry partnerships must go further if we are all going to succeed.

The government has already made phenomenal progress in building resilience and countering the threat from our adversaries.

The latest iteration of the National Cyber Strategy set out the UK’s role as a responsible and democratic cyber power, and laid down the framework on which the UK’s security and prosperity can depend.

It’s the bedrock of everything we do to keep the UK cyber safe.

It also important that our laws, the software of our society, are updated.

That’s why we recently published a consultation on improving the Computer Misuse Act, which is an important part of deterring those who would commit crime, and equipping law enforcement to carry out their duties.

That consultation is for you to contribute to and I look forward to hearing your thoughts.

We are proposing to include powers to take control of domains and IP addresses used by criminals and enable action against individuals in possession of or using data obtained through the criminal actions of others.

But I say again, your thoughts matter and I’m looking forward to your input.

We’re building the National Cyber Crime Unit to take on serious cyber criminals.

Its operational resources must deliver arrests and disruption, and build on the NCA’s enhanced intelligence picture to target criminals where they are most vulnerable.

We recently helped to dismantle Genesis Market – one of the biggest online marketplaces selling stolen logins and passwords to criminals across the world.

We’ve built a network of Regional Cyber Crime Units, ensuring that police units have access to specialists and capabilities.

I must also mention Ransomware attacks, where the National Cyber Security Centre assesses to be in the top tier of online threats to the UK.

Ransomware criminals cause harm and hurt. They cost more than cash. Hospitals and their patients in a pandemic were targeted, putting people and lives at risk.

Now this is a global problem, we are working with global partners.

With the US and others, the UK is a leading member of the international Counter Ransomware Initiative, and together we are going after these criminals.

Recently we sanctioned seven Russian cyber criminals who were behind some of the most damaging ransomware attacks in the UK in recent years.

With those priorities in mind, let me now turn to your role in the cyber community. Against this array of challenges, collaboration between government, law enforcement and industry is key.

I’d like to propose three areas where we must go further and faster, together.

First, prevention is always better than a cure.

Sometimes cyberattacks are sophisticated – but the vast majority are in fact simple, and can be easily prevented by a few simple steps.

Our aim is to make the UK the safest place to be online, and that starts with all of us working to ensure that everyone understands how to protect themselves.

The NCSC’s Cyber Aware campaign and the work of City of London Police leading this work, is I hope, of use to you all in providing advice that is simple, consistent and based on our collective latest understanding of the threat picture.

This room is filled with experts so please be active in shaping the guidance so that your staff and customers can avoid becoming victims in the first place.

Second, our most capable adversaries will only get better.

Malign states and crime gangs will look for chances in an open internet. We’ve got to do the same to protect ourselves.

Five years ago, WannaCry wreaked havoc in the NHS, leading to cancelled appointments and postponed operations on a huge scale.

North Korea’s cyber weapon was heralded in a new business model for criminals around the world.

Today, Ransomware is a chronic threat and is sold as a service to groups without cyber skills. The barriers to entry have come down. This is a democratisation of crime, just as much as any other.

The question that we should all be asking is: what next?

Breaking the future cyber-criminal business model – and understanding tomorrow’s state action in cyber space is key to pushing for more responsible, democratic behaviour.

The enemy will evolve and so must we.

Third, new technology will change the world we think we know.

Dawn has broken on the age of Artificial Intelligence. We’ve only just begun to wake up to the opportunities that will be unlocked in the coming years, and can only guess at the ways in which they’ll transform our world.

This speech wasn’t written by ChatGPT as you can probably tell. You’re not supposed to laugh at that. Very soon we are going to see Large Language Models such as Open AI’s ChatGPT which are already able to ace the bar exam and indeed write better speeches than this, and suggest new avenues for drug discovery. They’re not thinking yet, it is more pattern recognition and repetition than real thought, but the game is changing already.

The goal that many are working towards – an Artificial General Intelligence, or AGI – is looking more open and more possible.

It’s difficult to overstate what this would mean to all of us. Super intelligent computers that learn and develop autonomously would transform our society and our world, and more than almost any other advancement in human history.

Even in these early stages, AI can enhance our security but it can also threaten it. Our AI capabilities will be at the heart of our mission to protect the UK.

In Ukraine, AI is already being used to identify malicious Russian behaviour by analysing patterns of activity at huge scale, they are not just finding needles in the haystack but finding out what the haystack itself is saying.

At home and across our homes in the UK, AI could protect children from predators, unlocking advanced tools and techniques to identify potential grooming behaviour at scale and uncover rings of offenders right across the net.

However, in our line of work opportunity often comes hand in hand with risk, and AI is no different.

We already know because we’ve seen it, the cost of the advancement of technology and the challenge it has brought in biological space and we know because we’ve seen it the risks that a pathogen can cause to our world. We need to make sure that we do not see the same risk from AI.

It’s not hard to see future AGI coding weapons, even now there are threats we must guard against.

Cyberattacks work when they find vulnerabilities. AI will cut the cost and complication of cyber attacks by automating the hunt for the chinks in our armour.

Already AI can confuse and copy, spreading lies and committing fraud. Natural language models can mimic credible news sources, pushing disingenuous narratives at huge scale. And AI image and video generation will get better – so called ‘deepfakes’ – which make the danger to our democracy even greater.

Given the stakes, we can all understand the calls to stop AI development altogether. But the genie won’t go back in the bottle anymore than we can write laws against maths.

As Robert Oppenheimer once said, ‘technology happens because it is possible’.

Putin has a longstanding strategic interest in AI, and has commented that ‘whoever becomes leader in this sphere will rule the world’. And China, with its vast data sets and fierce determination is a strong rival.

But AI also threatens authoritarian control.

Other than the United States, the UK is one of the only a handful liberal democratic countries that can credibly help lead the world in AI development.

We can stay ahead but it will demand investment and cooperation and not just by government. Only by working together can we keep Britain in the front rank of AI powers and protect ourselves and our businesses.

As for the safety of the technology itself, it’s essential that by the time we reach the development of AGI we are confident that it can be safely controlled, and aligned to our values and interests.

Solving this issue of alignment is where our efforts must lie – not in some King Canute like attempt to stop the inevitable, but in a national mission to ensure that when super intelligent computers do arrive, they make the world safer and more secure.

Before I finish let me say again what a huge pleasure it is to join you for this outstanding event.

Last night at dinner I wasn’t with you in the Titanic Hall but instead at Hillsborough castle hearing those that had negotiated the complexity of the Good Friday agreement. I heard about the uncertainty and recriminations and the fear but I also heard about hope and the individual efforts by millions across Northern Ireland, and indeed across the islands of Ireland and Great Britain that changed our lives for the better.

This morning I’ve heard from others who are taking on a different challenge with its own complexity and uncertainty and indeed its own risk. But I’ve also heard the hope for a better future for us all. As we can cooperate to contain and confront the challenges, I am grateful to you all for everything you have done and continue to do in the name of keeping people safe online.

This is a ferociously difficult task. But I am constantly inspired and reassured by your talent, expertise and dedication.

I am very grateful for everything you do and I look forward to us working together to make sure that this revolution, the next revolution, serves us all and keeps us all safe.

April 24, 2023
Tom Tugendhat – 2016 Parliamentary Question to the Department for Transport

The below Parliamentary question was asked by Tom Tugendhat on 2016-03-14.

To ask the Secretary of State for Transport, how many foreign-registered HGVs entered the UK in 2015.

Andrew Jones

We estimate that in 2015, 2.0 million foreign registered powered goods vehicles entered Great Britain from mainland Europe.

Powered goods vehicles include some vehicles weighing under 3.5 tonnes, which would not be classed as heavy goods vehicles.

January 1, 2023
Tom Tugendhat – 2016 Parliamentary Question to the Department for Environment, Food and Rural Affairs

The below Parliamentary question was asked by Tom Tugendhat on 2016-03-21.

To ask the Secretary of State for Environment, Food and Rural Affairs, what proportion of funding from the new measures announced in paragraph 1.205 of Budget 2016 she plans to allocate for flood defences on the River Medway and its tributaries.

Rory Stewart

Of the additional £700 million announced at the Budget to be spent on flood defences and resilience, £150m has been allocated to new schemes in Yorkshire and Cumbria. The £40m per year increase in floods maintenance will be spent nationwide according to need. The remaining funding will be allocated following the outcome of the National Flood Resilience Review in the summer.

January 1, 2023
Tom Tugendhat – 2016 Parliamentary Question to the Ministry of Defence

The below Parliamentary question was asked by Tom Tugendhat on 2016-05-23.

To ask the Secretary of State for Defence, whether he has plans for the disposal of his Department’s vacant properties in the UK.

Penny Mordaunt

The Ministry of Defence (MOD) is developing an ambitious programme of estate rationalisation which will provide a plan for a smaller, but significantly better Defence estate to meet the needs of the Armed Forces as set out in the Strategic Defence and Security Review 2015. This strategic review of the Defence estate will provide a more efficient and better infrastructure laydown in support of military capability for future generations. The MOD expects to announce the final results of this review in the autumn. When the MOD no longer has a requirement for vacant properties they will be disposed of in accordance with the standard disposal procedure.

The MOD is also reducing the number of voids by leasing out vacant properties from directly renting to the general public and through other organisations. A number of properties are also vacant awaiting the return of remaining Army personnel and families from Germany over the next three years who will require accommodation.

January 1, 2023

Tom Tugendhat – 2016 Parliamentary Question to the Ministry of Defence

The below Parliamentary question was asked by Tom Tugendhat on 2016-05-23.

To ask the Secretary of State for Defence, how many of his Department’s properties and in which locations are classified as void.

Penny Mordaunt

The number and locations of properties classified as void as of 24 May 2016 are shown in the table below:

County	Voids
ABERDEENSHIRE	5
ANGUS	20
ARGYLL AND BUTE	237
AVON	42
AYRSHIRE	21
BEDFORDSHIRE	194
BERKS	276
BUCKS	183
CAITHNESS	1
CAMBS	373
CHESHIRE	50
CLWYD	1
CORNWALL	46
*COUNTY ANTRIM	647
*COUNTY DOWN	397
COUNTY DURHAM	16
CUMBRIA	14
DEVON	202
DORSET	151
DUMBARTON	4
DUMFRIES	3
DURHAM	8
DYFED	45
EAST SUSSEX	2
EAST YORKSHIRE	4
EDINBURGH	169
ESSEX	155
FIFE	221
GLOUCESTERSHIRE	88
GWENT	45
GWYNEDD	53
**HANTS	1074
HEREFORDSHIRE	8
HERTS	176
INVERNESS-SHIRE	58
ISLE OF BENBECULA	3
KENT	483
LANCASHIRE	86
LEICESTERSHIRE	162
LINCOLNSHIRE	294
LONDON	86
MIDDLESEX	163
MIDLOTHIAN	43
MORAY	121
NORFOLK	209
NORTH LANARKSHIRE	4
NORTH LINCOLNSHIRE	3
NORTH YORKS	522
NORTHUMBERLAND	67
NOTTINGHAM	58
ORKNEY ISLANDS	1
OXON	361
OXON	1
PEMBROKE	4
PERTH	3
POWYS	64
RENFREWSHIRE	26
ROSS AND CROMARTY	1
SHETLAND ISLANDS	1
SHROPSHIRE	223
SOMERSET	90
SOUTH GLAMORGAN	111
SOUTH YORKS	2
ST ANDREWS	3
STAFFORDSHIRE	83
STIRLING	1
SUFFOLK	281
SURREY	222
SWINDON, WILTS	19
TYNE AND WEAR	12
WARWICKSHIRE	69
WEST MIDLANDS	9
WEST SUSSEX	14
WEST YORKS	2
***WILTS	1294
YORKSHIRE	29
(blank)
Total Voids	10219

Of these properties 4623 were vacant for more than 12 months.

*The majority of void properties in Northern Ireland are awaiting demolition while 59 have been gifted to the NI Executive.

**Void properties in Hants have been retained due to short term Ministry of Defence requirements and plans have been made to release many of these for disposal.

***In the Wiltshire region a number of properties remain void to accommodate Army personnel returning to the area from Germany as a result of the Army Basing Programme.

January 1, 2023

Tom Tugendhat – 2016 Parliamentary Question to the Ministry of Defence

The below Parliamentary question was asked by Tom Tugendhat on 2016-05-23.

To ask the Secretary of State for Defence, what his Department’s target is for the proportion of its properties that are classified as void.

Penny Mordaunt

The Ministry of Defence (MOD) target for the proportion of Service Family Accommodation properties classified as void is 10 per cent which allows the MOD to facilitate moves in and out of each area, support short notice requirements and allow for upgrades to take place.

January 1, 2023
Tom Tugendhat – 2016 Parliamentary Question to the Ministry of Defence

The below Parliamentary question was asked by Tom Tugendhat on 2016-05-23.

To ask the Secretary of State for Defence, what steps he is taking to reduce the number of his Department’s properties classified as void.

Penny Mordaunt

The Ministry of Defence (MOD) is developing an ambitious programme of estate rationalisation which will provide a plan for a smaller, but significantly better Defence estate to meet the needs of the Armed Forces as set out in the Strategic Defence and Security Review 2015. This strategic review of the Defence estate will provide a more efficient and better infrastructure laydown in support of military capability for future generations. The MOD expects to announce the final results of this review in the autumn. When the MOD no longer has a requirement for vacant properties they will be disposed of in accordance with the standard disposal procedure.

The MOD is also reducing the number of voids by leasing out vacant properties from directly renting to the general public and through other organisations. A number of properties are also vacant awaiting the return of remaining Army personnel and families from Germany over the next three years who will require accommodation.

January 1, 2023