Select Committee on Science and Technology Minutes of Evidence

Examination of Witnesses (Questions 408 - 419)



  Q408  Chairman: Mr Haley, thank you very much for joining us. I think you have been attending the session so you know how we proceed. Would you like, please, to introduce yourself and to make any opening statement, if you so wish?

  Mr Haley: Thank you. My name is Mike Haley and I am the Deputy Director for Consumer Advice and Trading Standards at the Office of Fair Trading and one of the teams I head is our national Scambusters team which deals with mass marketing scams. It is probably better described as mass direct marketing scams, including those scams disseminated by email and on the Internet. Perhaps I will touch on why we define scams and fraud as different problems for consumers a bit later. I do want to speak a little bit about the OFT's role, because I think it is slightly different from some of the other contributors, who have a direct interest in security and fraud, in that we are the lead competition and consumer protection agency and our role is about making markets work well for consumers.

  Q409  Chairman: That was part of the answer to my first question, which is what is OFT's role with regard to personal Internet security?

  Mr Haley: We see the Internet as providing an unrivalled potential for cross-border transactions, in particular opening up a whole new world for consumers to shop on-line. We think this drives competition across the internal and global marketplaces. We are currently undertaking a major market study, a market study is an in-depth survey of the Internet as a shopping channel and that will produce recommendations for actions. We plan to publish that report in the spring of this year. It is a wide-ranging study which will be largely descriptive, covering a wide range of issues, including the regulatory framework around Internet shopping, consumer awareness of rights, business compliance with regulations and enforcement of consumer protection laws in the on-line environment, and also looking at the barriers there may be for consumers and business to take full advantage of the Internet as a shopping channel, that is why we have an interest in the issue of consumer confidence. There are a number of factors we are looking at which may affect consumers' confidence about participating in on-line markets and one of those factors is personal Internet security. Although it is only one, others will be addressed, such as the failure to deliver products and services, but it is the sphere of consumer confidence which gives us a real interest in personal Internet security. We are considering whether there are real threats and what are the perceived threats, and whether they are becoming a barrier to the continued growth of the Internet as a shopping medium, because we think that consumer confidence for on-line shopping is probably quite fragile because of a number of factors, including the amount of spam, the amount of viruses and other factors which you have been touching upon today.

  Q410  Chairman: Can you describe the London Action Plan and what is OFT's role?

  Mr Haley: Yes. The London Action Plan is basically a simple work plan promoting flexible action-orientated spam enforcement. I think it differs to other international arrangements. Its particular role is looking at how to facilitate enforcement action against spammers through public and private agencies and through the different agencies which have some interest in spam. It has members from about 27 different countries now, about 80 members, and they include government agencies, whether they be data protection agencies, telecommunication agencies, consumer protection agencies, Internet Service Providers or security companies. It works through a number of mechanisms of networking. We have regular conference calls where the members will call in and share best practice, talk about enforcement cases which are ongoing, information they may wish to share, and in fact there is one of those regular conference calls tomorrow if any of the Committee members would like to attend and listen in. That is the primary mechanism of how it works, information exchange. We also hold a conference once a year. For the last two years the conference has been in collaboration with the Contact Network Spam Authorities, which is an EU network of spam authorities in Europe. We also have regular emails because people get to know each other and their interests, and then there are bilaterals which then look at particular spammers to take enforcement cases. So it works in a loose and flexible way, trying to reduce the bureaucratic barriers to the minimum in terms of membership, particularly across the public/private divide.

  Q411  Chairman: How effective is international co-operation currently in dealing with spam?

  Mr Haley: It is quite good where there are enforcers who have a specific duty to enforce spam and have competent technical investigative staff and who have a real drive to go after spammers. An example would be OPTA, which is the independent telecoms agency in Holland, which is a member of the London Action Plan, it has a small dedicated force looking at spam and they are very competent officials. They have given training to some of my staff and internationally. They have recently contacted the Australian Communications Agency (ACMA), which is part of the London Action Plan, to look at a spammer from Australia targeting Holland and collaborating to track down the spammer. So I think it is effective in that way. It has also been effective in opening up the organisations for those developing countries and countries from which the threat originates, such as Russia, India, China, to be members of this network, who may have taken a lot longer to become a member of a formal network because of political problems, perhaps, but people like the Union Network of Beijing are members of the London Action Plan and that facilitates good contacts whereas before we may have given up, thinking, "They're from the Ukraine, or from China," and you may be aware that a lot of our spam investigations just would have finished in the past.

  Q412  Chairman: What percentage of this work is effective? In the Dutch/Australian case did they catch the spammers and prosecute them in Australia?

  Mr Haley: The Dutch have been particularly effective and they quote figures where they have reduced spam from Dutch spammers to Dutch citizens by 70%, which is a very impressive figure.

  Q413  Chairman: They have done this by actually prosecuting people?

  Mr Haley: Prosecuting and other disruptive measures, working with Internet Service Providers, but I would not want to give a false impression that in Holland you will not get spam because obviously so much spam originates from other countries around the world, but in terms of cleaning up their own backyard they have done, I would say, a particularly effective job.

  Q414  Chairman: A much better job than we have done?

  Mr Haley: I think in the UK—and I would back Phil here—we have very few complaints about UK originating spammers, that is spammers who are not sending spam to corporate addresses, and I think some of the spammers in the UK—and there are some—have been quite cute in recognising the differences in the rules and not spamming, perhaps, to my personal address but spamming me at my OFT address and therefore not being spam in terms of it being unsolicited.

  Q415  Chairman: How easy is it to be a UK spammer and to be unidentifiable as a UK spammer?

  Mr Haley: I think it is quite easy to identify someone to be a UK spammer. The problems we have faced in particular cases have been where it has been a spammer who is spamming from the UK into other countries, particularly outside the European Union, because it has been difficult, if not impossible, to act against someone who is not affecting the economic interests of the UK consumer. I think in an international global market if we cannot act to protect consumers in another country, we will end up with spammers targeting each others' countries with spammers sitting in third countries.

  Q416  Chairman: Is the European Commission a party to the London Action Plan?

  Mr Haley: Yes, the EU is.

  Q417  Chairman: To what extent do you co-operate with the Commission in developing new proposals for European action or legislation on spam, or e-crime more generally?

  Mr Haley: There is good co-operation with the European Union and with the OECD. The OECD have produced a spam toolkit. Myself and others from the EU and other European countries around the world were members of the working party putting together the best practice for the spam toolkit. As I mentioned, the two conferences we have had with the London Action Plan, when they have been in Europe, have been with the Contact Network for Spam Authorities, so they have set up a network of spam authorities. I think within the European Union we have a common rule as well, so we know that with the Directive, where the privacy and electronic communication regulation has come from, we have a similar regulatory framework. I do not think we see many problems which are intra-Europe. Things were coming into Europe, from spammers from around the world into Europe and elsewhere.

  Q418  Chairman: The European group is in Greece, is it not? Am I right?

  Mr Haley: I think one of the last meetings was.

  Q419  Earl of Erroll: Could I just ask a quick supplementary, which is that you have just highlighted an area where maybe a new law is required because the trouble is that a spammer can sit in the UK, spam abroad and is untouchable under UK law. Unless you manage to get an extradition together, nothing can be done about it. So is this just an example where the evidence we have just been given by the two previous witnesses is incorrect, in that here is somewhere were we should in fact have specific e-crime laws, because spam is really an e-crime?

  Mr Haley: Whether or not a specific e-crime law is needed, I certainly agree that there is a gap. In fact I investigated a specific case of a spammer based in London targeting US consumers. It was just after 9/11 and he used a fake top-level domain name. So he emailed spam saying, "Why be dot US when you can be dot USA? Be patriotic," and this went out to millions of US consumers, and it was a fake. You could not use that Internet address, and he made several hundred thousand pounds. When the Federal Trade Commission from the US approached us we struggled to take any action because no UK consumers had been affected by the spamming operation. In the end there was a successful action which we took by getting undertakings from him not to do it again and the Americans tried to seize assets both in the US and with UK banks. It was a successful co-operation, but it exposed the gap that we could not take a court action to stop him spamming outside the European Union. I think we are not the only ones who have that problem because we have also had spam from the US into the UK with no US detriment.

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007