Select Committee on Science and Technology Minutes of Evidence


Examination of Witnesses (Questions 566 - 579)

WEDNESDAY 21 FEBRUARY 2007

MR GARRETH GRIFFITH, MR ALASDAIR MCGOWAN, MR MICHAEL BARRETT AND MR JEREMY BEALE

  Q566  Chairman: Let me start by thank you all very much for coming to talk to us. We very much appreciate your giving your time to this hearing and helping us in this inquiry into personal Internet security. Perhaps we could start by you all introducing yourselves and perhaps we could start with you, Mr Beale.

  Mr Beale: Certainly. My name is Jeremy Beale. I am Head of e-Business at the CBI.

  Mr McGowan: My name is Alasdair McGowan, Head of Public Affairs for eBay UK Ltd.

  Mr Griffith: I am Garreth Griffith, Head of Trust and Safety for eBay UK and Ireland.

  Mr Barrett: I am Michael Barrett. I am Chief Information Security Officer for PayPal, based in San José, California.

  Q567  Chairman: Would any of you like to make an opening statement or shall we go straight into the questions?

  Mr Beale: Straight into the questions, My Lord Chairman.

  Q568  Chairman: Let me start with the first question. The Internet has presented huge opportunities to businesses across the world. It is now clear that it also presents huge security risks to individual users. It is not possible to put a figure, however approximate, on the cost to the global economy of the insecurity experienced by those using the Internet. What are the main categories of cost and where are they borne?

  Mr Griffith: The costs that we would experience in this area are around two sites, really: costs to us as a business to try to develop protections for our customers and ourselves. We spend a lot of time and money on resources and tools, et cetera, to protect customers across the world. Then a cost for us personally as a business would be customers who have a bad experience on the Internet generally and turn away from us. I think that is where it gets really difficult to quantify, when you think about lost business. We know that about 17% of active Internet users in the UK have decided not to log on any more to the Internet generally, based on some kind of experience that they have had. That was based on some Get Safe Online research that we did. That is probably where the most difficult cost to make out is.

  Q569  Earl of Erroll: Could you just repeat that? Seventeen per cent of those who have used the Internet ... ?

  Mr Griffith: Have said that, through some bad experience or negative experience that they have had, they have decided that they are walking away from the Internet, basically. They do not intend to log back on for any reason—which I think is scary for all of us.

  Lord Young of Graffham: That is a very high figure. If people have a bad experience of a shop, they do not avoid shops.

  Chairman: Although they might avoid a particular shop, might they not?

  Lord Young of Graffham: Yes.

  Q570  Chairman: Has the CBI taken a position on this?

  Mr Beale: I would make a number of points. The first is that, when we are talking about insecurity on the Internet, we are talking about a very broad range of things. Information security attacks now are not just of a particular kind; they are of many kinds. So it is hard to quantify an overall figure, precisely because you are looking at very different things involved in that. They often are of an international nature too, as your question indicates you are aware, and there is no systematic collection of data globally of attacks. There is in fact in the UK no rigorous and central collection of information on e-crime as a criminal activity. That is certainly one of the things that I think would be usefully done, because then we could get to grips with this subject in a better way. Precisely because it is not done here, it is not done elsewhere too. It is early days, but it would be a step towards answering your question if it was done in the UK and elsewhere. Having said that, I think that, yes, you see it very much at the company level now—the costs, where they occur—but even for businesses it can be very hard sometimes to ascertain the exact cost of replication, for instance, let alone the assets that might be taken or ruined, or the operational inefficiencies that might have been created.

  Q571  Lord Harris of Haringey: Could I follow that up, My Lord Chairman? You said you think it would be helpful to have statistics collected of e-crime. Do you think that there should be some change in the law so as to define e-crime, so that what would otherwise be a normal crime but because it is committed electronically is then classified in a different way, perhaps attracting different penalties?

  Mr Beale: No, I was not thinking of that so much as the police reporting crimes that are electronic, because they are aware. It is usually a crime like fraud, but it might be committed electronically; it might not be. It might have a component that is electronic. The police would be in the best position to be able to say whether it was really an e-crime or a broader one.

  Q572  Lord Harris of Haringey: So you would look to them to provide the definition?

  Mr Beale: Yes. I do not think that a change in the law is particularly helpful in this regard.

  Q573  Lord Mitchell: Do any of you, the commercial companies—eBay and PayPal—have a measure as to the cost of fraud? How many basis points on your business?

  Mr McGowan: It is very hard to put a precise cost on it, partly because there is obviously a cost to the individual in terms of losses; there is a cost to business in so far as underwriters' losses. There is also the cost of fraud prevention. We have something like 2,000 people in eBay who are dedicated to trust and safety efforts. They are people who are specifically dedicated to those tasks. I probably would not count within that 2,000, and yet a large part of my job would be dedicated towards trust and safety issues.

  Q574  Earl of Erroll: First, if we improve it, it will reduce employment! On a more serious basis, on that 17%, has anyone looked at how much of that is due to having very unreliable connections to the Internet and so people have got frustrated with using the Internet, and how much of it is actually fear of using the Internet?

  Mr Griffith: It was not broken down in that way, but I do think that when you look at the other questions on the survey around relating people's fear of the Internet to things like being mugged on the street, for example, 21% of people rated fear of actually being on the Internet higher than something like being burgled or mugged. So I think it was quite clearly around some kind of negative experience.

  Q575  Lord O'Neill of Clackmannan: Was this a self-selecting sample?

  Mr Griffith: It was a Get Safe Online survey that was done through—I cannot remember the name of the company—a research agency. It was basically sent out to a random group of active Internet users.

  Q576  Lord Young of Graffham: It was commercial activity on the Internet, not the use of the Internet? In other words, people would still carry on using email but it was a question of going on eBay, or the equivalent.

  Mr Griffith: The way it was positioned was that they were walking away from the Internet. It was very high.

  Mr McGowan: There is also another issue, which is not just about people switching off the Internet; it is also being less active on the Internet. One of the great strengths of the Internet and of e-commerce is that it has increased the velocity of trade and there is wealth creation associated with that. To the extent that people are less active, therefore, there is probably a cost to UK Plc in that respect.

  Q577  Chairman: Mr Barrett, do you have an idea about what fraction of the monies that PayPal transfers are fraud?

  Mr Barrett: We have a publicly published number of 41 basis points, which represents the total fraud costs on the network. Those are costs that PayPal itself bears. That is not broken down in any way and so all classes of fraud are lumped into that. As Garreth noted, however, that does not cover the kind of eBay Inc-level costs for, essentially, the 2,000 or so people that we employ to chase this stuff down.

  Q578  Chairman: Do you have a problem with people thinking they are using PayPal when they are not actually using PayPal?

  Mr Barrett: We have a serious problem with it. It is precisely the kind of incident that victimises both our brand and us as a company, as well as them as consumers and their experience of it. So we want to do whatever we can to prevent that from occurring.

  Q579  Lord Mitchell: This may be a ridiculous question, but is there any impersonation of eBay at all?

  Mr Griffith: Yes, we have a similar problem.

  Chairman: They are all over the place. I think there are more impersonations than there is eBay!

  Lord Young of Graffham: I am not sure.


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007