UNCORRECTED TRANSCRIPT OF ORAL EVIDENCE To be published as HC 305ivHouse of COMMONSMINUTES OF EVIDENCETAKEN BEFOREWELSH AFFAIRS committee
DIGITAL INCLUSION IN
|
|
1. |
This is an uncorrected transcript of evidence taken in public and reported to the House. The transcript has been placed on the internet on the authority of the Committee, and copies have been made available by the Vote Office for the use of Members and others.
|
|
2. |
Any public use of, or reference to, the contents should make clear that neither witnesses nor Members have had the opportunity to correct the record. The transcript is not yet an approved formal record of these proceedings.
|
|
3. |
Members who receive this for the purpose of correcting questions addressed by them to witnesses are asked to send corrections to the Committee Assistant.
|
|
4. |
Prospective witnesses may receive this in preparation for any written or oral evidence they may in due course give to the Committee. |
Oral Evidence
Taken before the Welsh Affairs Committee
on
Members present
Dr Hywel Francis, in the Chair
Mr David Jones
Alun Michael
Hywel Williams
Mark Williams
________________
Memoranda submitted by Department of Media and Communications, London School of Economics and the Family Online Safety Institute
Examination of Witnesses
Witnesses: Professor Sonia Livingstone, London School of Economics, Department of Media and Communications, Mr David Miles, European Development Director, Family Online Safety Institute and Mr Robin Blake, Head of Media Literacy, Ofcom, gave evidence.
Q189 Chairman: Good morning, and welcome to the Welsh Affairs
Committee and our fourth evidence session for the inquiry on digital inclusion
as it relates to
Professor Livingstone: Sonia Livingstone from the
Mr Blake: Robin Blake from Ofcom.
Mr Miles: David Miles from the Family Online Safety Institute.
Q190 Chairman: Could I begin by simply asking the question: in what ways does young people's use of the internet differ from adults?
Professor Livingstone: In quite a number of ways I would say. You have not said what ages you are talking about, but I would say young people, teenagers especially, are notably: more experimental; more exploratory; more confident in trying out new things - and it includes taking risks as well as looking for new fun things to do. They are probably much more focussed than adults: on communication; on networking; on widening their networks so that they are part of ever-wider circles of peers. Whereas many adults I think use the internet primarily for information research and more instrumental purposes - and adults are probably more likely to do what they need to do and then stop - I think children take the next step and look further. I think there are some more experimental opportunities and some greater risks.
Q191 Chairman: In that context they are much more exposed to risks because they are more experimental; and they are by the very nature of their age more immature and not capable of dealing sometimes with those risks. Is that what you are saying?
Professor Livingstone: Yes, I think they are more exposed to inadvertent risks, risks that they do not anticipate. They are less exposed to financial scams than adults who use their credit cards, and clearly many adults who seek out pornographic sites or certain kinds of sites that young people might not know exist. I think there is a different pattern of risks. The inadvertent stumbling upon things and then looking to see what that is clearly is a great risk.
Q192 Hywel Williams: Adolescents typically take risks as part of learning what burns you when you put your finger in the fire, as it were. Are the risks taken by adolescents in this field substantially different from other sources taking risks?
Professor Livingstone: There is a very severe limit in what we know in terms of the empirical evidence on what risks they really take and what consequences it has - a point I could develop at length, but will not. I think the crucial point is that it is important that adolescents take risks, that they learn how to cope and that they learn to become competent to manage their environment. What is distinctive about the internet is that often one problematic content or interaction can lead to the next and lead to the next. I think in the offline world there is a certain problem one might encounter but it does not necessarily lead on to the next: we have designed a world that manages and contains what young people can do in various ways. Online we do not have as many constraints and management strategies to stop one thing leading to the next.
Q193 Mark Williams: In your research you have said about the limitations of the empirical evidence, are there any particular groups of young people who are vulnerable when looking at the internet and other technologies?
Professor Livingstone: I think the evidence there is really at the stage of tentative suggestions rather than very clear conclusions; but we are beginning to build up a picture, I guess unsurprisingly, that those who are vulnerable in various ways in the ordinary world tend also to be those who are vulnerable online. So it can be those who do not have sufficient parental supervision; it can be those who are unhappy at school or in some way unsupported by their friends; it can be those who have various mental health issues. I think the picture of vulnerability offline is pretty similar to that online. There is American research from a centre focussing on exploited children that confirms a kind of cycle of disadvantage there - that those who are lonely or unhappy or have low self-esteem will take more risks or seek out inappropriate contacts online and compound the problem.
Q194 Mark Williams: Do you feel the Government's Digital Inclusion Action Plan takes sufficient account of those risks of the exposure to those vulnerable people?
Professor Livingstone: A lot of the proposals depend on exactly how they are going to be implemented. I think the difficulty is always how one really identifies and supports particularly vulnerable children, which is a problem I think in many areas of social policy. There is a heavy reliance in the plan on the role of parents and on teaching children, improving their media literacy, which I am sure Robin will talk about. I think what worries me there is often there are parents who will respond very positively to that requirement to be responsible and there are children who are very willing to learn; but it may not be the vulnerable children who have either the responsible parents or the capacity to learn those new skills. I think the key thing is the balance between what is required in terms of the Government's frameworks, and what responsibility we place on young people.
Q195 Mark Williams: Do you think there is a gap there in the teaching profession, for instance? I used to be a teacher and it astounded me how aware the children were as opposed to my own awareness in terms of accessing any site.
Professor Livingstone: The priorities I think probably for schools would certainly centre on teacher training, and here a mounting call that teacher training really should adequately address online safety issues, and on an updated basis and not as a one-off. I think there is still an issue that schools have tended to think that the risks happen outside the school gates and it is therefore not especially the school's problem; but of course the school is the means by which all children can be addressed, as it were.
Q196 Mark Williams: You have said, "The Family Online Safety Institute suggests that there is a 'digital generation gap'", that spans far beyond the teaching profession.
Professor Livingstone: Yes.
Q197 Mark Williams: We have heard of obviously a lot of reports in the media about the extent to which young people are exposed to dangerous sites on the internet, including technology. Do you think those reports have been exaggerated? If so, what do you think are the implications of that in terms of medium-term planning and risk management strategies?
Professor Livingstone: The media reports, yes, are probably exaggerated, and they emphasise certain risks more than others. Particularly in this country we have a lot of headlines around the risks of paedophile contact and pornographic content. Of course those are both real risks but there are other things that do not get headlines so much: children being vulnerable to various commercial scams, and data protection and privacy issues do not hit the headlines in the same way.
Q198 Mark Williams: How is that going to impact in terms of risk management strategies? Does it have an impact on this? Should it have an impact on this?
Professor Livingstone: There is a curious pattern by which media headlines lead parents to get anxious which might lead them to ask their children what they are doing, and yet some do not. I would not say that the headlines are all bad in that sense.
Q199 Mr Jones: Professor Livingstone, I would like to explore that a bit further - the issue of the role of parents. To what extent do you consider that parental influence, parental supervision, can be sufficient to reduce risk? To what extent do you think it needs to be supplemented, for example, by regulation?
Professor Livingstone: I will give you the researcher's answer to that because I am not a regulation specialist. I think the researcher's answer is that every time we look at practices of parenting we see that they are stronger and more practised and probably more effective for most families, particularly parents who have the time, effort and resources to attend to what their children are doing online; and there is always the group who get left out, whose parents, for whatever reason, do not give that degree of attention. When we set overall recommendations for parental legislation I think we always have to worry about, say, the 20% of children whose parents are not taking on that responsibility for whatever reason or are not able to.
Q200 Mr Jones: I guess you arrive at an age, however, where children violently object to their parents interfering with what they are doing online - somewhere round about the early teens?
Professor Livingstone: I think the key age for experimentation is probably from 11-14; after that most teenagers have learned not only to be very good at managing the internet but also to manage contact requests from people they do not wish to be in contact with. They have learned something about their personal data protection and so forth. The key risky age is probably at the start of secondary school, and most children will take risks at that point and experiment with what they can do that is precisely outside their parents' eyes; and parents are putting the internet in children's bedrooms and other private places more and more. I think there is a real limit to what we can ask parents to do.
Chairman: Mr Blake, you have been remarkably silent but I am not sure whether you are agreeing with everything?
Q201 Mr Jones: I was just going to ask Mr Blake and Mr Miles if they would like to comment on the issue of regulations in this context?
Mr Blake: I think there are different levels of regulation we need to be mindful of. The point Sonia was making, about the importance of regulation within the family, a relationship between the parent and the child which leads to guidance and support to the child in their online journeys, there is regulation that can be provided, for instance, by the service providers by way of information, advice, support guidance tools and so on. Then the most extreme kind of regulation is where we see some kind of state intervention, which I think is not necessarily the most appropriate in this kind of relationship with technologies.
Q202 Mr Jones: I would like to move on to software tools which are readily available. How practical are they; how usable are they; and how up-to-date are they?
Mr Miles: I think they are. I think the first point I would make is that there is currently a natural generation divide between, let us say, those people who are 30-35 and over and the current generation of youngsters and children, which has really stemmed from the 1990s when most adults came into contact with computers through business, through using it as a productivity tool, by using e-mails and so on. Children use it in a fundamentally different way; they use it as a means of communication and self-expression which is just really very different. I think as a consequence, the solution that may have been appropriate a few years ago - with filtering of inappropriate content which is a relatively easy thing to do - does not really acknowledge the problem of user-generated contact; in other words creating a MySpace profile and Facebook profile; taking digital pictures and putting those things up; and using mobile phones. The challenge here is that filtering, whilst probably one of the means of dealing with children's access to the internet, does not really meet all the needs that are currently being addressed by how children use it. I think that is the challenge - that it has gone well beyond that.
Q203 Mr Jones: Are there no software products that can address the issues you have just outlined?
Mr Miles: I think filtering is very key, and I think there is a very substantial shift going on which the mobile industry in particular as been initiating, which is that until now we have seen laptop sites as being a device installation of a filtering product. Children are clever enough to circumvent quite a few of those, and although they are relatively effective - particularly for younger children, teenagers less so - if you take the mobile phone, for example, it is extremely difficult to circumvent a mobile phone device, because most of the filtering is done up on the network: and I think that is a very promising trend, where I think you will see devices which are much more appliance-based; where those kind of things are fixed-up online and whatever the child does at a device level it will be more difficult to circumvent.
Q204 Mr Jones: If I could just explore that. Would it be possible, for example, to have a hardware device, a dongle or something, that you could actually plug into the machine?
Mr Miles: There are examples of that around, but they have not proved very effective, to be honest. I think filtering only represents one aspect. For example, in things like cyber-bullying, which is the relationship between children as they interact and communicate online, it is not something that filtering could address, and yet that is a very real problem. That is why something like a dongle is only partially effective, even if it existed.
Mr Blake: I just wanted to add to what David was saying there. Research done by the ITC and Ofcom has identified that one of the reasons why parents in particular have not been using the available filters is that they consider them to be difficult to use and to implement; not very effective; they often are perceived to over-block, that is stop content which is legitimate, being accessed by a person. As a result of that, parents tend not to use those tools. It is not going to be the answer but it is one of the potential answers. Working with the Home Office and the British Standards Institute, Ofcom has worked with the industry to create a British standard for internet content control software. The intention is that that would raise the barrier in terms of effectiveness - how effective they are at blocking inappropriate content, and to minimise the impact of over-blocking; to make them easier to use, easier to load, easier to refresh and update; thereby giving some confidence to parents that they have a tool available to them to help manage their young person's journeys. No filter will ever be 100% effective in blocking all inappropriate content; but we take the view even if they only block 70% or 80% of that inappropriate content that is better than nothing at all. The slight disappointment at the moment is, having created this standard, none of the software companies, bar one very recently, have applied for that Kitemark, which will give them the opportunity to put a badge on their box or their site saying that this particular product meets the specification set out in that standard; which I think would be an opportunity for parents to have confidence that that would be better than the old product and should be used. Our research suggests that from 2005 to 2007 the number of parents using content control software on their PC has fallen. That is something we need to address specifically in terms of raising awareness of them and making sure that when you get them they perform more effectively and are easer to use; so there is a job of work to be done there.
Q205 Alun Michael: Can I address this to Ofcom, continuing to probe the same area, and then perhaps ask Professor Livingstone if she has got any comments in response. If I understand you correctly you are saying that essentially the technology cannot solve people problems; and, secondly, young people are way ahead of their parents in terms of the technology in general; but it is also a difficulty because they are speaking a different language; their behaviour and their use of computers and of the internet is radically different from that of their parents. Given that is the situation, what is the best way of achieving a balanced perception and an understanding of the risks that need to be addressed? What is the role of Ofcom in enabling that to happen?
Mr Blake: I think one of the key problems we see is awareness amongst parents and adults in general of the risks, but also the potential benefits of going online. There is a balance that needs to be drawn there. I think research suggests overwhelmingly parents and young people consider the internet to be a great value for a whole range of things; but sometimes the media highlights the risks as opposed to promoting some of the benefits.
Q206 Alun Michael: They do not do that in any other field of endeavour, do they!
Mr Blake: We find parents feel as if they do not have the skills, knowledge and understanding of the technology, so they often abrogate their responsibility to the child. They often do not set rules or manage those rules for behaviour.
Q207 Alun Michael: I am expecting that as the starting point. I am asking: how do we give the parents and others, including teachers, a proper understanding and a balanced understanding of the problems and what needs to be done?
Mr Blake: I think there is a significant opportunity for schools to be more proactive in relating to the parents of the children in their schools and providing the support for parents. The experience that young people have of using the internet in schools is quite different from using their internet at home. The schools often have in place quite effective filters and user rules about what you can and cannot do. When they go home they are often unfettered in their use. I think there is a particular role to play from the experts in the school to support the parents, and I would like to see further development of that.
Q208 Alun Michael: Can we probe that a bit further. At a general level I can accept that, but an individual parent is in an individual circumstance, and Ofcom has had responsibility for promoting media literacy for the past five years. You have got a Wales Network, as I understand it. What have you learned from that in terms of online safety; what interventions have the most impact in terms of reducing risk; and how do you drill this down to the level of the average parent, rather the particularly knowledgeable parents?
Mr Blake: It is a very difficult question. Although Ofcom undertakes research to monitor people's attitudes and behaviours in terms of the internet, mobile phones and other digital technologies, it is very hard at the parent level, at the individual level, to understand what is effective and what is not. I think a lot more work needs to be done about the impact of particular interventions, and I do not think we are at that point of having a better understanding.
Q209 Alun Michael: Forgive me, am I not right in the question that Ofcom has had responsibility for promoting media literacy for the last five years?
Mr Blake: It has.
Q210 Alun Michael: The outcome of that five years' work - where does that take us?
Mr Blake: It has taken us a long way down on a particular journey: we have not yet achieved the point where we want to be. If we consider that Ofcom's media literacy journey is to find every parent, every adult, every child fully media literate to be able to cope, then we have not got there. We have begun a journey. In the period we have been working we have established a strong and robust research base, which tells us about people's attitudes and behaviours. We have used that in order to raise awareness amongst a whole range of stakeholders about what they need to do, both in industry and in education.
Q211 Alun Michael: Can I simplify it, and ask you to use all that experience you are pointing to, to ask a question: what are the key things that young people and their families need to learn to avoid or manage the impacts of risks on the internet? What are the best ways of teaching those skills; and who should be doing that? Perhaps that should be: who is doing that?
Mr Blake: I return to the point that I think schools have a key part to play.
Q212 Alun Michael: What are you advising them to do on the basis of your five years of experience of the research base and so on? I want to get beyond the generalities into the specifics if we can.
Mr Blake: Clearly we are talking to those organisations, often in Government, who have responsibility in the area of developing the curriculum; and it is at that point where Ofcom has an opportunity to intervene to make sure there is a recognition that e-safety has an important part to play within the provision of learning for all children. As I say, we have talked about the importance of schools building links with parents. Ofcom does not have a remit to guide the curriculum or require the curriculum, but we use our evidence to build a case for those organisations that do that.
Q213 Alun Michael: Let me try to simplify it: a parent wants to know more; knows that Ofcom has this media literacy remit; if they go to your website will they be able to find a page that gives them the answer to the question I asked in the first place?
Mr Blake: If they go to our website they will find a range of indications about where they can go for support, depending on the different aspects they are interested in.
Q214 Alun Michael: Is that the right place for them to go, rather than, for instance, Get Safe Online, the Department for Education or the Welsh Assembly Government? Where would parents start?
Mr Blake: If parents come to Ofcom either through the phone line or online then we direct them to a range of existing provisions, like Get Safe Online, the other organisations like CEOF(?) the Internet Watch Foundation, who are providing advice and guidance to parents. Ofcom does not duplicate all that information on its website but acts as a signpost to the appropriate organisation which is on the ground delivering that support and providing that information.
Q215 Alun Michael: It sounds very complicated from the starting point of an average parent. Does not the complication make it more likely that parents, like the 11 year-old, are going to deal with it by experimentation rather than feeling that there is an authoritative source of advice from Ofcom on what to do?
Mr Blake: I agree.
Q216 Alun Michael: I thought that question was potentially a criticism of Ofcom, by the way, but you agree with it?
Mr Blake: I agree, if we had the resources to provide, for instance, a one-stop stop, a telephone line and a website that was promoted nationally and everybody was aware of it, that I think would be a better tool than the tools we have available at the moment.
Professor Livingstone: In the process of the Byron Review there were repeated calls for a one-stop shop (and that is now under the remit of the Council for Child Internet Safety) which should be at least a single clear website and I hope also some kind of telephone support that would be the first port of call for parents; not the end resource, as it were, but the first place that they would go, where everyone could say, "This is the Government's place for advice and redirection for whatever issue". I think there is a very serious issue of sourcing and that has got to be completely up-to-date. It has got to really be able to direct people out to where the other sources of advice are; and these are indeed very complicated decisions. You do not want to go to the IWF unless you are dealing with something you suspect to be illegal; and you do not know what the criteria of illegal content might be compared to harmful; so I think these are really tough judgments we are putting on parents. The one-stop shop remains a goal that currently we do not deliver, so parents will simply say, "I don't know where to turn". On the second point, I think over the last five or more years many organisations, both public and private sector, have been developing some great resources to raise awareness and encourage media literacy but they remain one-off sets of resources or initiatives. We know how many thousands get sent out but what we do not know, I think, is whether every child has yet had an up-to-date briefing on issues from illegal content, to copyright issues, to how they should treat their personal information and what to do if someone bullies them. We do not know from the child's point of view have they all had that, and do they get it on an updated basis. It seems to me the best place that should happen would be in PSHE classes. Whoever advises children at school on sex, bullying, parenting and so on would include the internet as one source of risk associated with each of those different areas; but I do not think at the moment that is happening in any systematic way.
Q217 Mark Williams: Could I just take that point further. Do you think the opportunity is there to pursue awareness?
Professor Livingstone: Yes.
Q218 Mark Williams: More generally though, schools are undertaking their legal responsibilities in terms of sending out notices for parents' permission for children to use the internet. That is raising awareness at the parental level to some extent.
Professor Livingstone: They send out acceptable use policies for the use of the computer and internet in school, I think. That is different from general guidance on what to do if you feel you are being bulled.
Q219 Mark Williams: Do you think there is a more proactive role schools can undertake in the next step that we can try to probe?
Professor Livingstone: They seem to be the only agencies that are already set up to address every child so, yes, absolutely. Perhaps apart from Social Services, they are also the only agency that can catch those children who have not got the attentive parents looking for them for good advice.
Q220 Mark Williams: There is a resource implication there; and there is a time consideration there as well?
Professor Livingstone: Every parent understands they have been told by the British education system to get their child online to help them with their learning and benefit them; so it does seem to me that attaching a safety message, that encouragement to go online for educational reasons, would be appropriate.
Q221 Mark Williams: Indeed that is replicated in the national curriculum in terms of the IT curriculum?
Professor Livingstone: I was just trying to attach it to the PSHE curriculum, rather than the IT curriculum, because these are not really technology issues but social and personal issues..
Q222 Hywel Williams: Mr Miles, in your submission you specifically recommend more "industry self-regulation". Would this apply to hardware providers, service providers, large content providers and platform providers?
Mr Miles: Yes, I think there is an enormous amount of work which has been going on within the industry to make the internet safer. An ISP or a provider over the internet, it is in their own interests really to make sure that they are relatively safe environments. I think there is no question that most ISPs these days either offer filtering or internet safety advice pretty much as standard; there are some who will not, but for the most part around the world that is generally the case. Particularly when parents have actually paid for the subscription, it makes commercial sense for parents to have the tools and facilities really to protect their children on the internet; and that is one of the big sources which filtering arrives in the home from - ISP-type packages - and in many cases these days they are offered for free as part of that combination. I think there are a lot of things now in place already that are making the internet safe within the home; but I think one of those challenges is that in many cases they are optional. There is a question there: should we mandate that sort of thing; or should we make that a question of choice?
Q223 Hywel Williams: Do you see a role for the actual point of sale? Some people think that, whatever the industries do on a large scale, it tends to be the shop assistant selling something who does not have the knowledge, skills, interest or whatever to point out the particular features available. Is there a particular point of contact that should be addressed?
Mr Miles: There has been quite considerable discussion about the idea, for example, of preloading filtering technology onto PCs, for example, and laptops, and that is a relatively easy thing to do; but within the really aggressive bill of materials that a PC manufacturer has to conform to, to achieve certain retail prices, that is relatively expensive. That is why very often PC manufacturers make it a question of choice really because there is an inherent cost in providing that. I think the other thing at a retail level is that, whilst there are a significant number of parents that will buy a PC for the family, you are talking about multiple user types, and for a retail assistant to really advise on all those aspects is quite difficult. I do not think the onus is so much on the retailer; although I do think the concept of a BSI Kitemark standard, as Robin has referred to, is really a key step forward because I think if parents can see a Kitemark which they can trust then that is something a retail assistant can point to and could be a key differentiator in terms of buying one PC over another, or one piece of software over another.
Q224 Hywel Williams: I suspect the parents in the particular incident of what a child does in the privacy of their own bedroom would be susceptible to the price advantage?
Mr Miles: Yes, I know, and I think that is the
trouble. Over the years, having been in
companies that have made their living from some parental control products, it
is staggering just how little the take-up is in real terms. Even in the
Q225 Hywel Williams: If filters were mandatory there would be a level playing field and price advantage would disappear, would it not?
Mr Miles: To a degree, but I think there is an issue which Robin referred to earlier on, and I think it is changing, but traditionally in the past filtering products have been quite restrictive. If you go back four or five years when there was only a single profile access to a PC - and it is now multiple profiles - the problem was that if you imposed a filtering product four or five years ago it affected everybody that accessed that PC. The moment the adult decided to type the word "private" into a Word document it would block it. That has changed markedly and filtering has got cleverer; but the reality is that a significant number of people who buy PCs and laptops are not families - they are adults using it for personal use.
Q226 Hywel Williams: I should say that a friend of mine had an e-mail from his girlfriend and she put three kisses at the bottom and it would not come through! That was some years ago.
Mr Miles: That is a classic case in point. Absolutely, that is a very good example.
Q227 Hywel Williams: Just one other point, you said earlier on that user-generated content has gone well beyond that. Have you any suggestions as to how user-generated content could be brought into some form of regulation?
Mr Miles: I think the first thing to remember is that you look at user-generated content like, for example, social networks, which are a real phenomenon in terms of this current generation of children and teenagers. There are quite significant guidelines already in place that you need to be over 13, and there is very strong evidence to indicate that that is enforced relatively well. I think the challenge is that there is an enormous amount of effort involved in monitoring, in people posting up pictures and using inappropriate content; and there is quite a lot of technology at an industry level now which monitors profiles and has an established take-down policy when they see inappropriate content. When you think that these environments never existed four to five years ago, if you talk to the people in those industries these are new challenges, partly because of the scale of the growth of social networking sites; but overall I think they are doing a relatively good job. I think children are not sometimes given enough credit for actually managing their own environment in a relatively safe way. Kids will use a social network environment in really quite a constructive positive way to build their social lives. It is only a minority that perhaps try and circumvent the system, or do something inappropriate.
Q228 Hywel
Williams: Would that inappropriate
content be language in particular? There
is a particular issue in
Mr Miles: You would have to ask the social networking
people in relationship to Welsh, I have to say.
Having been brought up in
Q229 Hywel Williams: Can I ask all the witnesses: what is the role for industry regulation and what should be the key priority areas for regulation?
Professor Livingstone: I think there is more attention now to the self-regulatory mechanisms, whereby the industry monitors usually reactively but sometimes proactively to change the environment in relation to content hosting, search provisions, so that if you type in "I want to kill myself" you get advice on suicide rather than how to do it. It is a significant intervention to make that kind of change. I think we could probably do a lot of that. If teenagers type in "drugs" they will get "Talk to FRANK" rather than "this is where to buy it". I think the managing of that environment, which has to be done by the industry, is something you could call for on a larger scale; and I think there is something really crucial in the public interest there which is that it should be done transparently. At the moment there is quite a lot of this kind of content management and we have no idea how much is going on and how much is taken down and what the principles are. I think it would be fair to say the industry is best placed to do that; that it should be done according to a transparent code.
Q230 Alun Michael: I am a little bit concerned by the reference to "self-regulation". Self-regulation has been given a bad name by the Press Council and it is not a place, it seems to me, that the industry should be going. Surely it has to be some form of regulation which is more transparent. I can appreciate the reasons for not wanting something bureaucratic or legalistic, apart from anything else it would never keep up with the rapid changes in the environment that you are dealing with. Should we not be referring to something a little more sophisticated than self-regulation or just leaving it to the industry - call it cooperative regulation, partnership regulation or whatever - in which Ofcom and the industry would clearly have a mutually supportive role to each other?
Mr Blake: Clearly Ofcom is concerned about various issues related to content being delivered online. We also recognise that Parliament did not give us powers to regulate the internet. I suspect members would recognise that traditional regulation, in the sense that we all know it in terms of broadcasting, is an inappropriate model for an internet where there are no boundaries between various states, and therefore the remit of the state is different.
Q231 Alun Michael: That surely means we need a cleverer, more flexible, more industry-engaged form of regulation, does it not, rather than we do not need any regulation at all?
Mr Blake: No, and I think that is where the whole debate in Europe is around co-regulation and self-regulation: the relationship between the state, the regulator and the industry in order that they set standards of behaviour amongst the industry and deal in an appropriate way, as Sonia said, in a transparent way that has clear sets of rules that the industry sign up to. As you indicated, that kind of model of regulation is likely to be much more effective in dealing with the rate at which things change and the new initiatives that come forward in providing the kind of level of protection that is appropriate on the internet.
Q232 Alun Michael: Would you accept - and it may be a different way of doing things than we were used to in the past - that there is a need for engagement of parliamentarians and wider civil society, obviously the point of transparency Professor Livingstone was referring to?
Mr Blake: Yes, I do.
Q233 Alun Michael: Is that something you are working on?
Mr Blake: I think Ofcom is looking very carefully at the debate that is going on in this House and elsewhere.
Q234 Alun Michael: And participating?
Mr Blake: Absolutely. I think Ofcom has a key part to play in bringing together those interested stakeholders. As members will know for some time we have been engaged with a whole raft of stakeholders and are promoting the kinds of best practice, self-regulatory codes both in terms of broadcasting and online delivery and I think Ofcom can act as an honest broker setting an appropriate standard and then bringing those stakeholders to bear to deliver on that.
Q235 Alun
Michael: My final question really is
about the issue that Professor Livingstone mentioned earlier with the UK
Council for Child Internet Safety. Do
you think that the right areas for the first actions of that Council have been
identified; and do you think those are capable of being followed up and
implemented properly in relation to
Mr Blake: Yes, I do. I think the working groups are appropriate. I think the opportunity that began quite a number of years ago with the Home Office taskforce in bringing the industry together, encouraging open dialogue where these issues are common across the piece, delivered significant change in terms of best practice that was published and the industry signed up to. The opportunity for UKCCIS now to take that to the next level and to see some significant implementation monitoring and development I think is a great step forward. I think it is exactly the way to go. It is an example of Government regulator, industry and stakeholders coming together in an attempt to do the right thing in what is a very challenging environment, where all the issues around the internet come to bear. I am very encouraged by that. We look forward to seeing the working groups bringing forward proposals.
Professor Livingstone: I am on the executive board so, yes, of course - the Action Plan as currently formulated.
Q236 Alun Michael: You are allowed to say that is why!
Professor
Livingstone: I think there may be a future
issue of resourcing. It is an ambitious
plan and mobilises a lot of people. It
is not my understanding there is a lot of money that can be spent on making all
that come about at the moment. There is
a debate about how to implement and how much priority to give particularly
vulnerable groups. I do not know if that
especially implies anything in
Q237 Alun
Michael: There is an issue not just
for
Professor Livingstone: I do not think UKCCIS as yet have said anything in particular about different regions, but it is aware of issues to do with socioeconomic disadvantage and forms of psychological vulnerabilities. Those are very much on the agenda wherever they may fall.
Mr Blake: Where Ofcom works in terms of promoting media literacy then clearly we have devolved nation offices and networks of stakeholders who are mindful and aware of the local conditions in order that they can deliver appropriate responses and work in partnerships. I suspect at the various media literacy networks, the Welsh Media Literacy Network is the most vibrant and active in delivering in this area.
Alun Michael: Could I just underline this in view Professor Livingstone's board level, that there is a tendency sometimes to think that if things are dealt with on an England strategic basis that that has dealt with the regions, never mind the differences in education in Wales. It would be important to get that built in at an early stage.
Chairman: Thank you very much for your evidence today. Thank you also for the written evidence you have submitted to us. It was extremely helpful in preparing this session. I hope you feel it has been a worthwhile exercise. If you should feel you wish to add anything to what you have said today we would be very pleased to receive a further memorandum. Thank you very much.
Memoranda submitted by Get Safe Online and e-Crime
Examination of Witnesses
Witnesses:
Mr Tony Neate, Get Safe
Online and Detective Chief
Superintendent Christopher Corcoran, Divisional Commander, Crime Services e-Crime
Q238 Chairman: Good morning and welcome to the Welsh Affairs Committee. Could you, for the record, introduce yourselves, please!
Mr Neate: Tony Neate, Managing Director of Get Safe Online.
Detective Chief
Superintendent Corcoran: Christopher Corcoran. I am a senior police officer in North Wales
and Chair the e-Crime
Alun Michael: Chairman, could I say this is not a financial interest but I chaired the UK Internet Governance Forum and also the e-crime group of EURIM; I am therefore acquainted with both witnesses and their work.
Q239 Chairman: Could we begin by asking a simple
straightforward question about the e-crimes which cause the most problems for
individuals and businesses in
Detective Chief
Superintendent Corcoran: I can give you a
generalisation. It is hard to say which
exact crime causes the most problem. The
e-Crime
Mr Neate: From my point of view - which looks at crime prevention and preventative measures throughout the whole of the UK, but also with an interest of Wales because that is where I live and I also sit on the steering group for e-Crime Wales - there is not much of a difference between what is affecting Wales to what is affecting the rest of the country. I think it is what the current threats are, and they are never one but always numerous; and I think the threats that are affecting business can also affect individuals and vice-versa. You have to look at what those current threats are at the moment to decide how that affect should be dealt with. It does not change that much over the scale. Having a background in law enforcement for 30 years, I can see the majority of the time it is related to fraud; it is obtaining information in order to further a criminal's advancement to obtain money.
Q240 Hywel Williams: Does your remit also include illegal downloading and file sharing?
Detective Chief Superintendent Corcoran: It can when we know about it, when we are told about it and when it is reported. That is the crux of the matter for us in many ways. We do not know the scale of the problems because the reporting either is not captured properly through the Police Service, through the financial sector or through a business medium and we look to those to tell us what is going on. When we are told of course that does capture that data.
Q241 Hywel Williams: It just seems to me from the submission that there are traditional kinds of fraud which are furthered by using these methods, and then there are the kinds which specifically arise from the situation; but you would look at both kinds?
Detective Chief Superintendent Corcoran: Yes, and I guess it is fair to say that e-crime is any crime. It is all old crimes but using new technology; it is not suddenly technology now but it is almost any crime; there is no limit to it.
Q242 Hywel Williams: What sorts of businesses and types of people are most particularly vulnerable to e-crime, do you think?
Detective Chief Superintendent Corcoran: Again, data capture is sparse but it is the small businesses, simply because they do not have the level of investment to make in either technology, advice, support or security advice; hence the e-Crime Wales Project being set up in the first place: whereas the larger scale bigger employers do employ the technical ability and the support that they need to make them more secure.
Q243 Hywel
Williams: Do you think there is a particular
Welsh issue here? I am aware in my own
constituency that the overwhelming majority of businesses are single operators
or partnerships. Is this a particular
problem given the nature of the economy in much of
Detective Chief Superintendent Corcoran: I think it is more about education and understanding; about people always thinking - like they do with any kind of crime - "It won't happen to me; it will happen somewhere else". There is that naivety about it, and I think we need to be smarter with our education processes and how we get that message across so people take simple steps to try and make them a bit safer. It does not matter whether it is a sole trader or a fairly medium-sized business; it is about understanding the potential threat and the damage that that could cause.
Q244 Hywel
Williams: Everybody will have had
e-mails from various African countries offering all kinds of stuff to us and
large amounts of money. E-crime is
international, much of it. Does that
limit the capacity of law enforcement agencies to tackle that sort of crime
specifically in
Detective Chief
Superintendent Corcoran: It does on a number of
scales. The e-Crime
Q245 Mr
Jones: Mr Corcoran, the 2005
Manifesto said that urgent action was needed to improve information on the
level of e-crime that is affecting
Detective Chief
Superintendent Corcoran: We are still struggling to
collect the data and that is for several reasons. Pre-2005 there was virtually no data
collected on e-crime as an e-crime;
it was just a crime and it was down to the call-taker or the receiver of the
complaint as to how they interpreted what type of crime that was. Was it a theft or a fraud, or was it
committed to a computer medium? So we
were not very good at that. I can tell
you that in
Q246 Mr Jones: I guess part of the difficulty you have got is that more or less every day anybody who uses an e-mail is subject to a phishing intent; I think I have deleted three e-mails of that sort this morning from my own e-box; so it is a very common crime which people simply do not report. Is that part of the problem?
Detective Chief Superintendent Corcoran: There are a number of issues again. If it is a financial crime it goes through to the financial sector, it will make its way around the system and then come back to a local police force for investigation; that will change when we have the Police Central e-Crime Unit up and running, which is just in its infancy; and the National Fraud Reporting Centre will help achieve some of this data capture: but it does not solve the problem of the local business being subject to a phishing attack, what they do about it and how that gets reported. Some of that is lack of confidence in the Police Service. They either fear that if it gets reported and taken to court there is a damage issue in terms of reputation and share price; will the police come and take away their computers and keep them for several months. It is an understanding about what we can and cannot do and what we will and will not do for businesses when they report. We need to continue to build the trust we are starting to build. We have put in local liaison officers to have face-to-face contact to build that trust.
Mr Neate: If I may, there is an important part of reporting - and something I have always been taught - which is: that which is measured is dealt with. If we have not got measurement then we do not know what the true problem is and the necessary resources are not put into it. One of my great fears is, two years ago when a decision was made that online financial fraud would not be reported to law enforcement but would be reported to financial institutions, the idea being that they would feed that information back, historically - because I think it is going to take a while - that has not necessarily happened. I am hoping there is going to be a major difference when the Fraud Reporting Centre sets up and we will see it. My question on that is: will they be reported as crimes? I think for the Government to realise that there is a major problem by the fact that the crime reports go up then they will have to do something about it; but until that happens maybe the resources that really should be put into this area are not being put in.
Q247 Mr Jones: Mr Corcoran, you mentioned that the Home Office's e-crime strategy is in its infancy really. In fact before this meeting I visited the Home Office's website and there is not a huge amount of information on that. Why is it taking so long for the Home Office to develop this strategy against e-crime?
Detective Chief Superintendent Corcoran: It is difficult to comment upon. I can say that the e-Crime Project came out of some frustration because there were a lot of things going on, lots of national and international debates about the threats. I will say now that there are a number of helpful websites. The e-Crime Wales Project website, the Get Safe Online website are now central points for information where people can seek advice, with one voice in many ways so there is a consistent message coming out. The Home Office issues have been around funding, numbers, resources, who should own the problem and who should deal with it. The problem is massive; the resources simply are not there; it takes a lot of finance; there are a number of policing issues, as well as e-crime; and so it is about priorities; and it is about trying to service many areas of the business.
Q248 Mr
Jones: To what extent has e-Crime
Detective Chief
Superintendent Corcoran: I am a member of the National
Working Group so I feed in what Wales are doing as the Chair; I take away what
the national strategies are and I build those into the Welsh strategies so
there is lots of consistency. I speak to
Q249 Mr
Jones: Does this fragmentation not
cause you any concern, that there is no overarching approach, that it seems to
be fragmented around
Detective Chief
Superintendent Corcoran: I do not think it is
fragmented any more. The Police Central
Unit, SOCA, the Get Safe Online medium I think they are stopping the
fragmentation. What we have is localised
units feeding into the national strategy.
It is what we want - to deal with problems locally; find out what the
picture is in
Q250 Alun Michael: Can I just clarify the point on the reporting of crimes. If there is a crime - let us say it is a fraud that uses the internet - it is still a fraud, is it not?
Detective Chief Superintendent Corcoran: Yes, it is.
Q251 Alun Michael: So presumably when you are recording internet related crime, if you like, that is not a separate category; it is recording the fact that the internet is being the vehicle, as it were?
Detective Chief Superintendent Corcoran: It is capturing the "e" element of the crime.
Q252 Alun Michael: In other words, it is not an additional crime?
Detective Chief Superintendent Corcoran: No.
Q253 Alun Michael: It is an identification of the kit that is being used, in the same way that a motorway or whatever physical means would be used to commit a crime?
Detective Chief Superintendent Corcoran: Absolutely. It is dependent upon the complainant. The victim of that particular crime might say, "I've had a fraud committed against me", or they might say "I've had a fraud committed against me via my computer", which then tells the call-taker, the recipient, there is an "e" element to it. It is a two-way communication. The call-taker, receiver, has to ask the relevant question to capture the data; and the victim, or the complainant in the case, also has to give some information back. If they do not understand what it is that is difficult. Again, part of the education process both ways is to try and educate people to say: how was this committed; what was the medium for this crime; was it through mobile technology, computer technology or another means; and therefore get some meaningful data to help us drive the agenda forward.
Q254 Alun
Michael: Could I ask both of you what
you think the impact of your work has been, for instance, in relation to
e-crime
Detective Chief
Superintendent Corcoran: I think in terms of education
for e-Crime
Mr Neate: Get Safe Online is treated as the main
Government initiative to educate computer users, but we are limited in the
resources that we have. It is a true
public/private partnership in what we try to do, so law enforcement, the
Government and the private sector are fully involved. We do see peaks of extra people coming onto
the website when we are doing a PR strategy and i-campaign. It is not big enough, where we can actually
take serious measures as to the increases.
A study that we did three or four years ago when Get Safe Online started
said that 55% of people had anti-virus; now it is up around 89%; I would love
to claim that for Get Safe Online but it would not be honest if I did so
because there are a number of other reasons why people have it. I would like to think that we add to it. We are a source of information that is easy
to understand, is neutral and balanced.
Whether we make a massive impact is very difficult to understand; but
certainly we are there in
Q255 Alun Michael: So it is cooperation rather than duplication?
Mr Neate: Absolutely.
Detective Chief
Superintendent Corcoran: One of the quick wins for us
was that we held across the whole of
Q256 Alun
Michael: I think I am right in saying,
am I not, that you have a role in support of the ACPO approach to this
activity. You referred to the links with
the group in
Detective Chief Superintendent Corcoran: Yes.
Q257 Alun Michael: Do you think that network is starting to, if you like, lift the game across the country now?
Detective Chief Superintendent
Corcoran: A good example of a simple
example of how it fits into the national agenda is that the e-Crime Wales
Project has just developed a learning pack for first responders, what we call
almost "first-aiders", into e-crime for SMEs; the Yorkshire Forward Business
Trust has just developed a one-day training pack for businesses; we have joined
them up together and given them to the National Police Training Centre to
develop the rollout for the UK as good practice across the UK. It is that type of partnership we are working
with. Scotland Business Crime Centre has
asked to partner now the e-Crime
Q258 Alun Michael: Apart from that example, the bottom-up identification of what can be done, the other end of it obviously is with the serious end of criminal activity. How do you manage the community-based approach that you are adopting with the work of, what is a fairly new organisation obviously, the Police Central e-Crime Unit, and with the Serious Organised Crime Agency, which also has a role at that hard end, if you like?
Detective Chief
Superintendent Corcoran: We do that in several
ways. If you take the concept that a lot
of e-crime is serious and organised crime, there is a lot of organisation
behind lots of e-crime, then SOCA have a remit.
SOCA are, in every police force, liaison officers, so we have this
continual debate about what the threats are to our local communities and local
police forces. I look at that
holistically across the whole of
Q259 Alun Michael: In terms of Get Safe Online, are you satisfied that you are sufficiently connected into those networks to be able to offer well-informed advice?
Mr Neate: Being an ex-South
Q260 Alun Michael: You have referred to the difficulty of collecting information, and obviously that is something that needs to be improved over time, but where you have got information about reported crimes - I am very nervous about using the term e-crime, it is internet related crime - how do you use it and how does that inform your work? Going in the other direction, what do you see the pattern in the future being for people to be able to report incidents, not necessarily so that they trigger off specific police investigations but so that there is information being collected, the two sides? What do you do with the information and how do you improve the collection?
Detective Chief Superintendent Corcoran: The first point is around some of the analytics about types of crime, types of businesses being focused upon or subject to a crime attack, day, week, why. That analysis then helps us to focus on areas that we should be targeting across Wales, what type of business is there a pattern across the whole of Wales, in particular are they a set of businesses, is it competitors, is it organised crime. That allows us to focus some of the resource and some of the education profiling around making those businesses more secure. The second part is around the more holistic view of what is coming in the future, how we integrate with our partners, what the focus will be. We are very mindful that it is not what is here today, it is what coming. We are smartening up in terms of data capture to make sure we have got a true record of what is happening. The intelligence picture is critical to that. It is not all about reported crime, it is about report of incidents which may not be a crime but people may not know what it is. The more information we get, the better. One of the slight obstacles is the financial sector not coming directly into the locality, it goes around the national arena first and comes back. That slows things down in terms of getting the true picture quickly to put some preventative measures in to scams that are happening today. It may take us a month to get that information, which is very frustrating.
Q261 Mark Williams: Turning now more generally to the Government's digital inclusion agenda, which is quite clear in developing the opportunities available and talks about assisting and motivating the most disadvantaged citizens and communities to achieve independence and opportunity through direct access to digital technology and skills, and we would all applaud that, do you feel there is sufficient emphasis on the plan with regard to the risks involved to vulnerable groups?
Detective Chief Superintendent Corcoran: The honest answer is no. I have seen bits of the plan. I have not been asked to partake in that plan or in any part of the debate, but the bits I do know about the plan show there is little emphasis on security, education and awareness. It talks about using the internet safely and some of the safety issues, and some of the earlier debates I was privy to, but there is not enough emphasis on evidencing how they are building in some kinds of security products to help all end users being mindful of the risks, not to frighten them away but to encourage them to use it, but safely. I do not see those elements there strong enough.
Mr Neate: I have read all the digital
inclusion documents I can find - not from
Q262 Mark Williams: We have seen some very good local initiatives. I attended a scams awareness event organised by Help the Aged, two events actually, in my constituency. Those meetings were very good organised under the auspices of the local authority and Help the Aged in terms of bringing awareness. This leads me to my next question in terms of what skills and equipment do those potentially vulnerable individuals need to protect themselves from e-crime. You hear some incredible stories of individuals losing thousands of pounds over the Internet, elderly people, and vulnerable people.
Mr Neate: It is about education. I always say it is about education. Find the methods to speak to those individuals in order to pass on that information. The thing I say is it does not have to be complicated, it can be very simple. We have methods of doing it. We have a website that people can link into and go to and with more resources we could be looking at pamphlets and CDs to pump out to tell people. My daughter is a primary school teacher and is part of the IT co-ordination and she tells me near enough every week that nothing is talked about to these children about safety and security. One concern there is for themselves, but the other thing is they are going to grow up to be IT users and they are not being educated. I love educating silver-surfers, they are keen for that information and I enjoy it but, again, we need to tell them how safe it can be. It falls into two areas. First of all, there is the technology side, which is relatively a lot easier now than it used to be, so protecting the PC with antivirus, anti-spyware and firewalls.
Q263 Mark Williams: You intimated earlier that there has been some success in terms of the take-up of anti-virus software.
Mr Neate: Absolutely. Certainly in small businesses we have seen an even bigger increase in relation to that, firewalls, updating operating systems, updating applications, which is very important now, so if you have Microsoft Office or the spreadsheets you update those on occasion as well. Also, educating the individual is important, so protecting yourself, knowing what those scams are when the emails come through. I was involved in the very first phishing email that came through that went via Barclays in 2003 and I did not think it was going to last. I honestly thought that within three or four years everyone would have heard of phishing and no-one would ever fall foul of it again. I was wrong because people still fall foul of phishing emails because they do not know that they are out there. The other thing is you have to educate people that we have moved on with technology terminology. My father, who is 80, knows what texting means and nobody would have known what texting was ten years ago. When you say "phishing", it is a new crime that is with us. We know what a theft is, deception, burglary, and what we should be expecting is that people know what phishing is because it is with us today. It is no good hiding saying, "It's a new technology term", it is not, it has been with us now for seven years and we need to start education. For me, education is the big thing that we need to do. We are doing that, hopefully with Get Safe Online. I was quite surprised to hear Robin Blake from Ofcom who said they are now a sponsor for Get Safe Online. I was going to beat him up afterwards and say, "Why weren't you using Get Safe Online as the mechanism for getting to the question that came from Alun Michael about how do you get there", because that is what we should be doing, educating people.
Q264 Mark Williams: It is a moving target constantly, is it not? What was discussed in the classroom five years ago is now redundant.
Mr Neate: I have an IT director who tells me it takes four or five hours to get something up on the website, but just to make me nervous he does it within about half an hour to an hour. That is what we need to do when the latest scam comes out. A couple of months ago smishing came out, which is texting, phishing emails but using text. Within an hour we were talking about it on the BBC and we had it on the website, so if people heard about it that was where they went. It is about education and knowing. It is not complicated, it is simple and easy to understand, and once they do they are going to be a lot safer when they are online.
Q265 Mark Williams: You mentioned Ofcom and you heard Mr Michael's persistent questioning of Ofcom's work over the last five years. Do you think Ofcom's work on media and literacy has taken sufficient account of the risk of e-crimes? Seemingly not from your last answer.
Mr Neate: They have now because they have joined Get Safe Online. They were always interested. As a result of the House of Lords Committee report that said Ofcom should take a greater interest in Get Safe Online, in fairness I phoned their switchboard and it took them about 30 seconds to come back to me to say, "Absolutely, we would like to speak to Get Safe Online" and they have come on board. We have discussed with them a strategy for how we take their agendas forward through Get Safe Online, and that is what we are doing. They have taken that quite seriously by going down the route of Get Safe Online. They have got an awful lot of other routes, but one of the strands is about Get Safe Online, not specifically about children because that is not necessarily what Get Safe Online is about, it is about fraud, protecting individuals, not on the child abuse side and illicit material, there are other fantastic organisations that we point people to on that basis.
Detective Chief
Superintendent Corcoran: Ofcom are involved in some of the projects in
Chairman: Could I thank you both for the evidence you have given today, your
enthusiasm and your professional shines through. Could I also place on record our thanks as a
Committee for the excellent work that you are doing on behalf of the public in