Select Committee on European Union Minutes of Evidence


Examination of Witnesses (Questions 280 - 299)

WEDNESDAY 1 MARCH 2000

MR IAN BRUCE, MP, MR RICHARD WALES AND MR PHILIP VIRGO

Lord Faulkner of Worcester

  280. And "rebuilding our web site".
  (Mr Wales) Absolutely, and you do not get this problem when you do it on the telephone. Going back to where Philip led in to me on the question of business to business e-commerce and the huge volumes that go through the City of London, we are talking about people like APACS and Swift for banking transactions, huge volumes of foreign exchange, absolutely monumental securities dealing. In all of those security is an absolute prime consideration and obviously the people who are operating these systems are always in a race to keep ahead of what we might call the e-criminal; it is the most pressing issue for them. Therefore, the important thing is to ensure that any regulation which is designed to build trust for the consumer and designed to build consumer confidence, does not actually damage in any way the existing business to business structures because it could have disastrous effects. This is why EURIM, for example, was so anxious to ensure that key escrow as it is called, placing your encryption keys in escrow, did not form part of any licensing regime for trusted third parties. Although the trusted third party approach is one way of building confidence, if you build in key escrow then you hit at the basic security of many of the City of London systems and this, of course, is likely to be an issue with the new regulations. That is really the key message, we are looking after consumers, do not destroy the existing business to business structure.
  (Mr Bruce) Government for two years has been trying to get an Electronic Commerce Bill which became the Electronic Communications Bill. When one analysed it there was very little that Government had to do, so the Bill is now very short, it is now in your Lordships' House, but we are concerned from EURIM's point of view that many of the things that we persuaded the DTI would close down e-business have now gone into a Home Office Bill and the Investigation of Regulatory Powers Bill is now sitting with that and I think we will have to consult with Government again about whether they are doing the right thing on that Bill.

Chairman

  281. Could I come back to the issue of technology and none of us around the table is a technician. You were talking about operating these Pcs as technology develops. You said there probably will be many more people using the TV as it is easier to handle and more user friendly. Presumably one will move on to using mobile phones for access to the Internet. You can change your mobile phone fairly frequently. People have half a dozen of them as fashion items and all rest of it. Tvs you do not change very often in my experience. I have changed my lap-top more than I have changed my television. How will people cope with changing technology if you are using the TV as the prime medium for access or is there a mechanism where you can plug something into the television periodically?
  (Mr Bruce) I think that is what will happen. Your existing television will have a box plugged in the back. As things develop new boxes will get plugged into the back. Many of the services are being plugged into digital televisions.

  282. Which are more expensive.
  (Mr Bruce) And there is a whole pile of products now being issued by people through cable TV, terrestrial broadcasting of digital and through satellite digital all designed to give Internet access by any other word and to do e-commerce over the Net, but the consumer sees it as using their normal "zapper" with their television because they are used to that interface and they can make it work properly.
  (Mr Wales) Basically, in the end television will become a dumb terminal and intelligence will lie at the other end of the line.

Baroness O'Cathain

  283. I want to go back to something you said about trust and the consumer. I know that you made a passionate plea, which was do not let this problem about trust with the consumer get in the way of the business to business area. The fact is that it is a new technology, it is something that although we say we understand it as consumers, we are still slightly scared of it. We are not necessarily that scared of using it, it is not like driving a new car where you think you are going to crash it. But actually one is slightly scared of what it is out there in the ether and how when you allow your credit card to go through you could be duped, one hears many horror stories. Can I just spend one minute telling you what happened to me today? I logged on to my e-mail and I found a message from Amazon.co.uk. I am a great supporter of theirs. I have not bought any books since last November. I got a message from them saying, "We regret that your credit card has not been accepted"—in other words you are a fraudster—"Before we process your order please send us a cheque in sterling in order to support the order that you made at the weekend." On the 2nd December I was mugged in Buenos Aires and my visa card was taken along with my purse, etc and it has not surfaced until now. Obviously somebody has got my visa card. I am feeling pretty miffed about it in that, first, I am regarded as being unable to afford to pay for the books and my credit has been withdrawn on the Visa and, second, if things like this can happen I am not desperately keen on it. I am a bit anti Amazon.co.uk today.
  (Mr Bruce) If one does what I always try to do with these cases, which is to say what happens in the existing world, somebody could have been using your credit card in South America from last December until somebody gets round to stopping it. Once the electronic systems that are now being dealt with have gone on to line there has been a check electronically which has thrown up the fact that—No doubt you have told them that your card is no longer valid and no longer available and they are therefore giving you that information and stopping fraud going on. I would have thought you are using a new number on your new credit card—

  284. All I am saying is that I get the impression that they will think "We don't want to do business with her again".
  (Mr Virgo) Part of the thing here is how the system actually works because what has almost certainly happened is that the payment went through and they have now received a recharge long after the event and that is the point of that Visa statement on recharges, because what appears to happen is these supposed online credit card verification routines only check that it is a valid number and it has not yet been reported as stolen. The actual recharges may come through anything up to six months late. There are a lot of problems in those payment systems and the checking of security, which is why you have got people like the Identrus consortium trying to produce much faster online verification systems, but those systems will be quite expensive. I think Identrus is likely to be about $10 to $15 per transaction when it comes in, i.e. it is there for higher value transactions.

  285. It does knock the trust.
  (Mr Virgo) It does indeed.

  286. I take your point, Mr Bruce.
  (Mr Bruce) One should also focus on the worst part of this which is the company that is being defrauded and not getting paid in the past rather than you actually losing anything from your credit card because you can go back and say, "Something has been charged against my credit card when I have told you to cancel it."

  Baroness O'Cathain: Except my good name. That is the thing I am worried about.

Lord Chadlington

  287. I was interested in appendix C on regulation of content on the Internet and I have two inter-related questions. As I understand it your argument is that we cannot do much about the point of origination but we can do something about the point of access in broad terms. I would like to know how that is moving forward in terms of EU initiatives and so on, what your current view is on this issue; in addition, if we move into this area of voluntary regulation, I would be interested to hear about the Internet Watch Foundation, its role and its parentage and how effective it has been in its policies?
  (Mr Virgo) The issues of content and liability for content are largely under the e-Commerce Directive and I will ask Richard to speak to that in a moment or two. We have got to a situation now where the e-Commerce Directive essentially says regulation at the point of origin except where this offends against consumer protection or other existing statutory protections, or if it is illegal in the country of destination. The issue is how you reconcile these positions. Hence the various initiatives for alternative disputes resolution. The Internet Watch Foundation was relaunched a couple of weeks ago and Roger Darlington has become the new chairman and the remit has been extended to cover racism. There is also an initiative for a thing called "Rights Watch", which is a separate body which is going to be policing breaches of copyright on the Net. If one makes a comparison, ICSTIS, which is the chatline regulator, has a budget of about £2 million a year to do a much simpler job albeit with a broader remit than the Internet Watch Foundation which has very limited resources and is purely focused on the issues of pornography and primarily focused on paedophilia.

Chairman

  288. We are having evidence from them.
  (Mr Virgo) Certainly, my feeling all along has been that the Internet Watch Foundation needs far more resources to do its job and it needs a remit and a position much more akin to that of ICSTIS to be effective.
  (Mr Wales) The focus of the e-Commerce Directive and the liabilities section is actually to relieve Internet Service Providers (ISP) from liability where they are not responsible for content, but this is a very good example of how regulation should not be drafted because the provisions are actually technology specific, launching into descriptions of what is a mere conduit, as they call it, caching and hosting. These are incorrect descriptions of current technology and they will be overtaken by new technology very quickly. The result at the moment is a fair degree of confusion and it would look as though, unless you are simply providing a line over which information is being transmitted, you are likely to have some form of liability for the content which makes life almost impossible for the average ISP because they are obviously transmitting vast amounts of information for all sorts of customers and they cannot possibly take responsibility for the content of that information. So there is quite an issue there.
  (Mr Bruce) Just one small point on the regulation of all of this. Your Lordships will know that there is a Utilities Bill going through the House at the moment which reforms OFTEL, but the Government has also announced it will bring out a White Paper in the Autumn which will reform both OFTEL and all the regulation of broadcasting and Internet content and all of those sorts of things could come within that remit. There are rumours that the Government might actually pull telecommunications regulation out of the Utilities Bill because it is effectively going off half cocked in trying to regulate only one part, i.e. the technical side of telecommunications as opposed to everything that needs to be included and I am sure the Government will be interested in the report that is coming forward from your Committee as to how you see these things, but it is currently a matter of some difficulty to the Government to decide how it deals with this.

Lord Cavendish of Furness

  289. It seems to me the Internet is just a new twist in the globalisation which is affecting powers of nation states and Parliaments and one thing and another. There is nothing new in that except that it is quite a big new twist. There seems to be some consensus over what should and can be done in the fields of privacy, intellectual property and one thing and another, but generally speaking this powerlessness which does seem to have come across from witnesses has got to be coped with by the institutions in the political class particularly in an area where pressure groups are so predominantly forming opinion and they can be internal, they can be police forces and Treasury people. I would like to have a flavour of what colleagues in the other place are feeling about these really rather conflicting views that it is going to affect the business of government, it is going to affect their constituents.
  (Mr Bruce) I think the feeling is very clear amongst colleagues, particularly those who just have a passing interest in this, which is that they do not want to have pornography delivered into the home, they do not want to see children being exploited in other countries or women being exploited in other countries and for this information to come into the United Kingdom. It is a very difficult one on jurisdiction but it is not impossible. One has to remind people that Gary Glitter ended up in prison because he had used a computer to look at pornography. I suspect that if he had had it through the post or gone and bought it and brought it in in a suitcase he would not have been caught, so one has to have a bit of a balance on this. It is something that my colleagues in the other place certainly do exercise their minds on. I had a researcher who came over for three months from the States look at this for me and an interesting fact that she came up with was that there is one piece of legislation that everybody (other than America, unfortunately) is signed up to and that is the UN rights of the child and under the UN rights of the child every country is there to protect children from being exploited sexually but also being exploited by seeing adults having pornography. One could actually say to any government in terms of material coming from that particular country that they are actually breaking the conventions of the rights of the child and they should take action against the people who are providing the material. I think this is an international issue, but not one that is insurmountable in terms of being able to take action. I think the Utilities Bill needs to look very carefully at the situation where very often a telecoms provider who is providing a line in and knows material is coming through is prevented from licensing conditions of cutting off the customer and even sometimes in international treaties for cutting off the customer and I think the European Commission and all the international bodies must look at having a clause which says where something is not in the public good in terms of information coming through in that way it can be cut off, but it does get even more complicated. I think the issue of freedom of speech and the fact that in America you can say virtually anything about any group of people yet in Germany, for instance, you cannot have Holocaust denial, that is a criminal offence, you cannot try to pretend that the jews were never gassed in gas chambers, that is a criminal offence, but that information could come from America straight down to a computer, but once it is on that person's computer then they have effectively broken the law of that country and the jurisdictions there.

  290. Is there a danger, feeling what you feel, that the pressure will come in to strengthen it and do damage?
  (Mr Bruce) Knee-jerk reactions can have that effect. We are looking at the Regulation of Investigatory Powers Bill where my colleagues are worried about pornography coming through and that is the 1, 2, 3 per cent of the traffic that might come through and business is then concerned that the regulations that are brought in kills the other 97 per cent of traffic coming through and, indeed, it does not stop the pornography coming through, it simply moves to a step outside of the jurisdiction within the United Kingdom and one has to be very careful in this international environment not to kill the golden goose simply by thinking that one can go in and try to regulate heavy handedly.

  291. Do you want to add to this?
  (Mr Virgo) You have industry saying leave it to us, self-regulation, but unless that self-regulation is seen to be effective and credible then you will have statutory regulation and there is this tension that self-regulation has to be seen to be effective in time to head off inevitable pressures that will lead to statutory interference as scandals and so on emerge. One of the big debates is about how far industry really can deliver self-regulation in time and in areas where there is not a consensus between the players. The debates in this area are clearly changing with a number of the large players becoming quite draconian in the conditions that they want to impose on those whose traffic they carry while other players are wanting to be very liberal and libertarian because their cost models are different and there is a confused debate going on in the industry.
  (Mr Wales) I agree with you entirely. This is a terrific problem with the Internet and electronic commerce. There are no boundaries and it makes the creation of laws and their enforcement extremely difficult. If you try and control at the point of origin, the provider simply changes the place he is operating from. It has to be controlled from the point of consumer access. Therefore, if you are trying to produce some sort of international coordination, the easiest way to do it is through self-regulation. The industry has to do it itself.

Lord Faulkner of Worcester

  292. Forgive me if my approach is a little simplistic. I am concerned about consumer confidentiality. I have been reflecting on some of the evidence we have been hearing in previous weeks about the way in which cookies work. As I understand it—and I would like you to comment and correct me if I am wrong—it is possible for the provider of information, when an individual accesses their site, to be aware who that individual is through the installation of a cookie inside that customer's machine and then for them unwittingly to go on a database and to be targeted for the promotion of products and services and junk mail. First of all, am I correct in saying that that is possible with the way things stand at the moment? Secondly, if it is so, do you have any thoughts on how what I would regard as an abuse can be dealt with?
  (Mr Virgo) I think that is quite a reasonably accurate summary of what those who plant the cookies there would like to achieve. How reliable their technology is and how effectively these things work I am less certain, but that is what they are wanting to achieve. There is a range of reactions. There are some technology enthusiasts who are quite happy for this to be done to them because they think it will help target services; they will get all sorts of benefits and so on. There are others—and certainly I am one of them—who regard this as a gross intrusion and I would like to be in control of what information those seeking to sell to me have. This is one of those areas where there was a period when the whole of the industry seemed to be going down the route of "these cookies are a marvellous thing to help us target our products and services", and then suddenly realising that they are turning off key audiences. In Al Gore's first report on the Internet he quoted American market research which showed that about 70 per cent of Americans were less likely or unlikely to use the Internet for e-commerce because of fear of such intrusions. In other words, the American population had by and large similar attitudes to those which I think most of the European population have. It is a very real issue. It would appear to be a gross breach of data protection legislation. Then we run into the issue that there is a great deal of data protection legislation within the United States. It is however at state level, not federal level. The issue is not that they are not concerned about privacy but that it is remit outside of the federal government. Once again, the resolution is going to come largely as a mix of the legislative positions in Europe and within the States of America, causing the Internet service providers and the businesses to change their business models. There have been a number of cases in America where banks and ISPs have already been fined several million dollars a time for selling and providing financial information in breach of state banking regulations. I think there are a number of cases pending regarding medical information in America. There are also some civil cases pending regarding breach of the common law right to privacy. I do not profess to understand how that is interpreted in America.

Chairman

  293. What kind of timescale do you perceive for this change? We were with some Americans last week and they were reflecting the view which you have just expressed, that there is a growing concern about cookies and something needs to be done.
  (Mr Virgo) I confess I was talking with one of the staffers when the Americans had dinner in this place and all we got to at that point was agreeing that we need to exchange notes on the situation.
  (Mr Bruce) Elizabeth France was here at a colloquium in this or another room a week or so ago and she indicated that she is currently considering some cases against people who are using cookies. If information is collected without people's knowledge and is used for purposes that the individual has not given permission for, they are undoubtedly breaking the Data Protection Acts. I think today the new Act came into being in totality and that gives the data protection registrar additional ways of dealing with this.

Lord Faulkner of Worcester

  294. It is the "without people's knowledge" point. Is there any way in which I, as a user and frequenter of the Internet, can know whether or not I am having unwelcome cookies implanted in me?
  (Mr Virgo) "Yes", I think, is the technical answer but, as a non-technician I do not know whether I have them in my machines.
  (Mr Bruce) You should be informed but I strongly suspect that, unless you know sufficient to check your machine for them and delete them, it could well happen to you without your knowing.
  (Mr Wales) They will often show up on the Explorer programme on your PC.
  (Mr Virgo) They will show up on Explorer but do they necessarily show up on all browsers?
  (Mr Wales) No.

Viscount Brookeborough

  295. In your appendix C on page three where you talk about trade bodies and regulatory bodies and the ISP Association, could you tell us how many associations such as that there are? Presumably, you include in that the Internet Watch Foundation. Secondly, you state there that not all the ISPs are actually members, even the major ones, of such an organisation. What proportion of Internet providers are members of those types of organisations, or not?
  (Mr Virgo) I do not think there are many other bodies representing ISPs, other than ISPA and its equivalents in the other European Member States, but a large number of the nominal ISPs that you see take a high street name and add "net" on the end. The odds are that that ISP is run under contract by IBM, EDS, ICL or AOL. Many of those are not represented directly or indirectly via ISPA.

  296. Surely if we go down the self-regulation route, it has to be agreed between the government and a body or a small group. Is it therefore not possible to legislate rather than in detail to say that any provider must be a member of a recognised body and allow the regulation to be formed through the body by agreement? I cannot see how one is going to deal with the myriad of providers.
  (Mr Virgo) One of the consultations that is out at the moment is the implementation of the Injunctions Directive. This is the Directive that basically gives powers to take injunctions for consumer protection purposes. In there, the proposal from DTI is that the umbrella body within the United Kingdom is the Office of Fair Trade but there are nominated bodies which can issue injunctions in that hierarchy. Those are essentially going to emerge as the bodies which are the United Kingdom end of international disputes resolution processes. Whoever ends up nominated in that area are effectively going to be the only bodies that can take action through the courts for injunctions stating what it is you may or may not do. I think it is going to happen anyway without legislation but there is a period until 2 May for consultation on that. One of the things I am trying to get our members in the journalistic world to do is to publicise that because it is very important as to who those nominated bodies are and that they have the confidence of the consumers and of the suppliers. Your point is absolutely right.

  297. It is much more practice for the consumer to know that if an Internat provider is on the net at all he is regulated or he should not be there, rather than having to close the stable door after the horse has bolted and take action.
  (Mr Virgo) I do not know the full details as to why many of the largest ISPs are not members of ISPA. It has been said that it is because they take a far more draconian view of their responsibilities and the enforcement that they should be doing than the smaller ones and that they are far more hawkish with regard to consumer protection and that there are quite fundamental differences of policy within the different groups in that industry. There may be other situations elsewhere but this is what has been alleged to me when I ask, "Why are you not a member?" and then I hear all these allegations.

Baroness O'Cathain

  298. What is your own personal view? Do you think there should be a regulatory association for these like this body? Do you think the big boys have right on their side in that statement and that the grouping is the lowest common denominator?
  (Mr Virgo) I have to say I do not know. What I would most like to see is these issues debated out in the open rather than behind closed doors.

Chairman

  299. This is an issue for us to turn our attention to?
  (Mr Virgo) I think it is indeed.
  (Mr Bruce) It is possible that in one of the regulatory Bills, including the Utilities Bill—I am not plugging this because I am not sure it is the right amendment anyway, but I have an amendment in the Utilities Bill saying that the authority that collects money from telecoms companies should put in things like ICSTIS and the Internet Watch Foundation. It could well be that there should be a power of a regulator to insist that people who are running services over telecoms lines should be a member of one of the groupings and that there is a power there at some point, if they are not behaving themselves, and for the authority to insist that happens. It is quite strange that the government has come forward, saying it needs more regulation, has provided the Utilities Bill with more regulation and has not actually addressed this particular issue.


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2000