- Advice for Consumers
- How to complain
- Ofcom licensing
- Find a document
- Research and Market Data
- Consultations
- Competition and Consumer Bulletin
- Media and Analysts
- Contacting Ofcom
- About Ofcom
Home > Research and Market Data > Telecoms research > Reports and Research > Online protection > Executive summary
Executive summary
Executive summary
1.1 As the communications regulator, Ofcom has a number of responsibilities in relation to the internet. We oversee the wholesale and retail markets for internet connectivity. We have a role in encouraging audiences to connect to the internet and in helping them learn how to manage the risks to which they are exposed when online, which arises from our duty to promote media literacy. We therefore have a clear interest in the protection of consumers from harm when they use the internet. Given our responsibility for the UK communications industries, the development of the institutional structures appropriate for the internet will profoundly affect Ofcom.
1.2 Ofcom believes that it would not be appropriate or effective to attempt to translate existing regulatory structures onto the internet. The internet was created as an essentially open access network. The existing lack of regulation has contributed to its very success and the innovation it has engendered. In the future, it will therefore be important to maintain the benefits of this open approach as much as possible in order not to cause undue negative impact on consumers as well as businesses.
1.3 The internet has become an increasingly important part of our daily life. 57% of all UK adults now have access to the internet at home(-1-). Electronic communication is an indispensable feature of almost every workplace, and has come to dominate not only our professional interactions but personal ones too. We are increasingly turning to the internet for news and information, as well as for many other services. 82% of online consumers use the internet for sending and receiving email, while as many as 65% now use it to purchase goods and services, and 47% use it for online banking services(-2-).
1.4 As legitimate use of the internet has grown, so have the scale and impact of its fraudulent and criminal uses. The international nature of the internet has generated new opportunities for consumers but it has also put them within easier reach of those seeking to take advantage of them. The internet has given rise to many new types of crime – for example, identity theft by phishing, malicious virus dissemination via SPAM, and online grooming of children. It has also made it easier for criminals to circumvent judicial systems by taking advantage of the impersonal nature of the internet to misrepresent or disguise their true identity.
1.5 The internet therefore raises important consumer protection issues for governments and policy makers to consider. In order to inform the current debate on how best to tackle them, we believe it would be helpful, for policy makers and the public alike, to present a survey of the key consumer protection issues related to the internet, and the approaches taken to tackling those issues in the UK and internationally.
1.6 In response both to the growing role the internet plays in delivering services to consumers and the risks it exposes them to, there has been an immense amount of activity at national and international levels in developing legislative and regulatory frameworks to deal with internet-specific issues. While some of these efforts have involved attempts to achieve international cooperation and harmonisation of laws, many have also been tailored to suit the particular circumstances, and cultural and political norms of local markets.
1.7 From our brief survey of different approaches to regulating some of the key consumer protection issues that the internet raises – such as privacy and security, and protection from illegal or inappropriate content, or from malicious software – we make four observations about the effectiveness of regulation relating to the internet and the services delivered over the internet:
- The attempts at consumer protection on the internet at both national and international level have met with varying degrees of success to date
- Successful consumer protection on the internet has generally involved a much higher degree of co- and self-regulation than has been the case for other media
- Effective consumer protection on the internet requires more significant levels of international cooperation than currently exist
- The internet inevitably places a much greater responsibility on consumers to take action to protect themselves
The attempts at consumer protection on the internet at both national and international level have met with varying degrees of success to date
1.8 The internet is a decentralised “network of networks” containing a number of parallel supply chains involving the physical infrastructure, application and service providers as well as governance structures.
1.9 Regulatory action can be taken at many different levels of the internet value chain. For example, content can be monitored and removed at the level of servers hosting the content; access to certain websites can be prevented at the level of search engines for all users; while controlled access for some users, such as children, can be maintained at the level of internet access at home.
1.10 In cases where effective action can be taken by national ISPs, or consumers have the information as well as relevant skills and tools like software application, actions to increase levels of consumer protection can be quite effective. In other cases, successful action has been more difficult to achieve because it requires cooperation between many different levels of the internet value chain.
1.11 For example, UK consumers now have a generally high level of SPAM awareness and most ISPs offer simple and effective filtering tools which allow users to easily identify and block unsolicited email communications. The problem of SPAM has not disappeared – it is still estimated to account for around 85% of all email traffic and has significant costs for businesses(-3-) – but there are now more tools available to consumers to reduce the amount of SPAM they receive.
1.12 Despite an increasing number of national and international laws and agreements, internet-related issues remain a serious and growing concern. For example:
- The Information Commissioner’s Office, the regulator charged with oversight of data protection regulation in the UK, received over 19,000 data protection complaints from the general public in 2004(-4-)
- Phishing incidents are becoming increasingly common. Globally, the Anti Phishing Working Group reported 16,882 unique attacks in November 2005, up from 8,975 unique attacks launched in November 2004(-5-). The UK government’s Get Safe Online report estimated the total cost of phishing in the UK reaching £12m(-6-)
- BT reported in December 2005 that its “cleanfeed” technology blocks an average of 45,000 attempted hits onto illegal child pornography sites each day(-7-)
- 20% of adverts on a child-orientated games site were promoting gambling services, which would be illegal for their underage viewers to use(-8-).
Successful consumer protection on the internet has generally involved a much higher degree of co- and self-regulation than has been the case for other media
1.13 The attempts to translate traditional direct regulatory structures onto the internet have for the main part been ineffective at achieving their desired goals. Where action has been effective, both nationally and internationally, it has often involved co- or self-regulatory measures developed with participation from the industry.
1.14 The Internet Watch Foundation (IWF) in the UK is one such example of self-regulation. The IWF operates a hotline for reporting illegal content on the internet. Once content is ascertained by the IWF to be illegal, it issues take-down notices to hosting service providers, when these are based in the UK. Additionally, it supplies ISPs with details of websites containing internationally hosted illegal content, and of online user groups dedicated to disseminating illegal and offensive material. Most UK ISPs have already voluntarily agreed to block those sites and user groups. The IWF has been a successful self-regulatory strategy – in 2005, only 0.4% of potentially illegal child abuse images reported to the IWF were hosted in the UK(-9-). However, the international problem remains.
1.15 At international level, industry-led measures have played a significant part in increasing consumer confidence in e-commerce and hence making the internet a more secure place for commercial transactions. For example, data encryption through the https protocol has been widely adopted by online banking and commercial sites, although there remains a need for on-going investments to ensure adequate levels of security. Furthermore, significant efforts have been invested by the industry in marketing its benefits to consumers – today, for example, the padlock symbol is displayed on many browser windows. Though further efforts are needed to ensure that the padlock symbol guarantees adequate levels of consumer protection, its use by e-traders can serve to give consumers the peace of mind necessary to decide to engage in e-commerce.
1.16 Another example of an international self-regulatory initiative is the Internet Content Rating Association (ICRA). ICRA encourages content providers to self-classify their content using its rating system, which in turn enables end-users to use filtering software to block access to any websites which they deem undesirable based on the rating information. Over 100,000 internet content providers have already self-labelled using ICRA’s rating system, including Microsoft, AOL, T-Online and Hustler. However, the vast majority of internet content is still not labelled.
Effective consumer protection on the internet requires more significant levels of international cooperation than currently exist
1.17 The internet has fostered unprecedented levels of exchange of information, services and trade across countries. This has been made possible by the international nature of the internet both in terms of its infrastructure, and in terms of content and reach. However, the internet’s international nature also means that regulatory action at certain levels of the value chain can only be taken at international level. While measures taken at the content access level, for example software applications, are most effectively achieved via ISPs, and therefore at national level, any action at the level of say hosting, would require international cooperation.
1.18 Additionally, lack of international cooperation on laws and measures to tackle criminal activity on the internet can render national laws ineffective, however stringent, because criminals can simply move their operation to countries where minimal protections exist.
1.19 International cooperation on internet-related issues has been growing. For example, the 2001 Council of Europe Convention on Cybercrime was the first international treaty to address cybercrime specifically. Signatories to the Convention are required to enact national laws criminalising four categories of computer related crime: fraud and forgery, child pornography, copyright infringements, and security breaches such as hacking, illegal data interception, and system interferences that compromise network integrity and availability.
1.20 To date, however, much international cooperation has lacked the enforcement means to make it effective. Most efforts involve greater knowledge sharing and information on best practice but there have been very few instances of any action taken against perpetrators.
1.21 Part of the reason for the lack of success in acting against perpetrators is the difficulty in achieving agreement on the appropriate action to be taken. Variations between cultural and political norms, as well as different stages of market development and levels of resources available to enforcement agencies, have often meant that international agreement is only possible at the level of the lowest common factor.
The internet inevitably places a much greater responsibility on consumers to take action to protect themselves
1.22 The international nature of the internet means that there are inherent limits on the regulatory action taken at a national level. In contrast to the closed access platforms, the open access nature of the internet means that internet service providers act primarily as conduits for information and do not exercise editorial control over the content that flows over their networks. As a result, consumers will inevitably have to take a much greater responsibility to take action to protect themselves both from unwanted content and services, and from the various types of cybercrime.
1.23 Several information and media literacy initiatives have been developed to date to educate consumers about the dangers of the internet and help them understand the consumer protection tools that are available to them. In the UK, websites such as Get Safe Online, a public-private partnership initiative – see www.getsafeonline.org – and www.consumerdirect.gov.uk (run by the OFT) provide information and advice on internet safety and consumer rights.
1.24 Additionally the development of quality seals aims to help consumers recognise which vendors have committed to following a code of conduct in relation to commercial transactions on the internet. For example, quality seal systems are in place in the UK (TrustUK), France (L@belsite), Germany (Trustedshops) and Japan (Japan DMA), while the Global Trustmark Alliance promotes the use of quality seals at an international level.
1.25 In the future, we believe that consumers will have to assume greater responsibility for protecting themselves online if they are continue to enjoy the benefits of plurality and diversity of content and services the internet brings. To be able to do that, the consumers will need to have access to trustworthy information and advice, and affordable, easy-to-use technological tools. Therefore, it will be crucial to foster the further development of end-user education and empowerment while addressing the needs of vulnerable groups.
Next steps
1.26 Ofcom intends this report to become the first in a series of regular surveys of international approaches to regulation and the internet, which will allow it to track the emergence of new regulatory tools and frameworks, and the development of new institutional structures dealing with the internet as a communications platform.
1.27 Parallel to this survey, Ofcom is undertaking a number of projects assessing the impact of increased convergence in communications markets, and identifying any changes in the regulatory approach that may be required as a result of convergence. They include:
- Convergent media: looking at the structure of content regulation as similar content is increasingly delivered over multiple platforms
- Approaches to regulation: looking at the major regulatory and institutional questions arising in other countries, and how those are being addressed
- Media literacy and digital consumer: research projects to understand the way in which different types of consumer understand and interact with digital media.
1.28 Finally, while we do not draw specific policy recommendations from this survey, we hope it will open a debate with and amongst interested parties on the appropriate response to the consumer protection challenges posed by the internet.
Footnotes:
1.- The Communications Market: Nations and Regions Report, April 2006
2.- Ofcom Residential Tracker, August 2004
3.- Messaging Anti-Abuse Working Group Q4 2005 Report
4.- Information Commissioner’s Office
5.- Anti-Phishing Working Group Phishing Activity Trends Report, November 2005
7.- BT
8.- NCH, GamCare, Citizen Card Report 2004
Back to top