I have now received from Lord Stephen Carter a response to the points I made in the debate. Unfortunately, the response slightly misses the point (by about a mile, actually). It sets out the measures being introduced to improve the enforcement of consumer law applying to on-line transactions. This is all good stuff – a single online complaints register for people encountering an online scam; investment in new equipment, training and staff for on-line consumer law enforcers; and a review of enforcement powers in an on-line world. However, this is not really going to provide much reassurance for people nervous about letting an unknown person into their homes to fidedle around with their computer systems.
I have now written back to Stephen Carter – although my letter may well have arrived after his last day in office (he is one of the GOAT ministers who is resigning this month). My letter says:
“Thank you for your letter of 8th July. I am grateful for the clarification you have provided on the points I raised following your statement to the House on 16th June.
However, I would like to come back on the second issue I raised. This related to the need to ensure that consumers have adequate protection when dealing with suppliers, such as “The Geek Squad” or “The Tech Guys” – both specifically mentioned in “Digital Britain”.
In your response, you mention the measures being taken to improve enforcement of consumer law applying to on-line transactions. Whilst these measures are valuable, they rather miss the point of my concerns. Both “The Geek Squad” and “The Tech Guys” involve the consumer permitting individuals to access their computer equipment (and usually their homes). Such individuals are being given a position of trust by the consumers concerned, who will assume that they are (1) honest and (2) know what they are doing. As far as these points are concerned, it is extremely unlikely that the consumer will have the technical knowledge to understand (or indeed to be able to detect) what has been done to their equipment – that is after all why they have asked “The Geek Squad” or “The Tech Guys” to visit or to look at their equipment.
If you engage a security guard from a security firm, the individuals engaged are required to be registered with the Security Industry Authority and will have been vetted for criminality and there are requirements relating to their training. Yet the activities of most security personnel will usually be visible and will normally be comprehensible to the person engaging them. Should there not be some similar system of regulation and customer assurance of the quality of work in place for those individuals engaged by “The Geek Squad”, “The Tech Guys” or any other similar service? If no such system is in place, most customers – who are likely not to be skilled technically – will be vulnerable to data being stolen from them, to malicious code being placed on their machines or to more traditional forms of criminality.
I would welcome your comments on what can be done to address this. I am copying this letter to Lord West of Spithead (in view of the information security implications) and to Alun Michael MP (in view of his role chairing the Tripartite Internet Crime and Security Initiative).”
I will be interested to see if the civil servants get the point this time.