‘Big Tech Beware’
The ongoing COVID-19 pandemic has caused disruption and immeasurable change to the lives of most ordinary people around the world. Many have paid a serious financial price in this chaotic period following the first spate of lockdowns around the world in early 2020. However, there have been some major beneficiaries who have profited significantly from this unprecedented change to the lives of normal citizens and the increasing shift to a world where work, socialising and commerce increasingly exists in the online sphere. These strange times have also seen strange relationships form.
One of the undisputed big winners of the pandemic are online fraudsters who have benefitted massively from the significant increase in time ordinary people now spend online. The Coronavirus crisis has triggered an epidemic of cyber fraud, with organised criminals shifting their tactics in order to leverage more profit from an upcoming market. The cyber security company Trend Micro found that in the period between February and March 2020 alone, spam messages, phishing emails and malware attacks had increased by 220%. Malicious URLs, links leading to harmful downloads or scams had risen by 260% in the same period.
This new wave of cyber-crime has had a significant impact on the financial industry with banks expanding their fraud teams and losing significant amounts of revenue paying back customers who have fallen victim to online scams. A report published by UK Finance found that in 2020 banks in the UK paid out more than £147 million in reimbursements to customers who had been defrauded in APP (Automatic Push Payment) scams. It is thought that at least double that amount has been lost with customers here having no prospect of seeing their money returned.
Due to the combination of legal burdens and voluntary codes of practice, the financial industry has, at least, attempted to take steps to address the issue. However, it has been pointed out by individuals in both the banking and political spheres that big tech, specifically social media platforms, have emerged as a silent beneficiary of this rise in online scamming. A recent report from the Commons work and pensions select committee stated that tech companies, such as Google, were profiting from payments from scammers to host fraudulent adverts on their platform, whilst at the same time taking further payment from regulators to publish warnings. This practice was branded ‘Immoral’ by the committee who simultaneously noted that regulators currently appear ‘powerless’ to hold such companies to account.
So, what is being done from a legislative perspective to place responsibility at the feet of big tech when it comes fraud and scams facilitated through their platforms? The short answer is, for the moment at least, very little. The government’s much touted upcoming Online Harms Bill places no legal duty on internet companies to actively prevent economic harm. Instead, the bill levies heavy penalties on companies that fail to prevent harmful material, such as terrorist propaganda or images promoting self-harm, from being proliferated on their platforms. It appears that this new bill would act as an excellent legal vehicle for the government to ensure that big tech plays a part in the prevention of cyber-crime and share the financial burden imposed on banks when it comes to reimbursing victims of these crimes.
Indeed, as far back as 2019 UK Finance pushed for the Online Harms Bill to expand its remit, to include fraud among the harms that online companies would be responsible for tackling. This pressure has grown in recent months with senior figures such as the Bank of England’s chief Andrew Bailey imploring the government to take a tougher stance on the issue. The managing director of Economic Crime at UK Finance, Katy Worobec framed her argument in starker terms when urging the government to expand the remit of the new bill saying that “it cannot be right that online firms are effectively profiting from fraud, while society as a whole pays the price.”
There has been some effort on behalf of MPs to bring the issue into greater focus with Stephen Timms MP tabling an amendment to the Bill. In response to these external pressures the government has said that it is considering additional legislative and non-legislative solutions to tackle online fraudsters but provided no confirmation that any action would be taken through the Online Harms Bill. For the time being, at least, it remains unclear as to when real legislative change will occur.
At first glance, the government’s reluctance to place any legal or financial burden on large tech and internet companies appears a confusing misstep. However, a closer analysis of the situation and the global power and influence of big tech firms paints a compelling picture. Companies such as Google and Facebook have always been historically resistant to government regulation of any kind, often to the point of disdain, and there are significant challenges when confronting these multinational behemoths. One of the more recent examples of state legislation drawing the ire of big tech firms is Facebook’s reaction to Australia’s News Media Bargaining Code, the nation’s attempt to place a legal burden on companies such as Facebook and Google to invest in local independent news outlets. Facebook’s immediate reaction was to block all news content to Australia, forcing serious negotiations that led to changes in the law. When faced with that kind of bargaining power it’s not hard to understand the government’s reticence to hold such firms to greater account.
In the face of this legal vacuum one is left to ponder on what the ideal scenario may look like. It is clear that the current situation leaves much to be desired, both from a legal perspective and in terms of protecting normal citizens from falling victims to increasingly complex and effective online scams and fraud. For the time being at least, it appears that private business will take up the effort to ensure that big tech plays its part in preventing cyber-crime. An early sign of promise is eBay’s recent admission that it is open to joining Stop Scams UK, an initiative backed by the nation’s major banks and telecoms companies to develop strategies to counter fraud. The group claims that the support and involvement of tech groups is vital to the success of any future projects. More big tech companies becoming involved in such initiatives would be a strong step in the right direction when it comes to reducing the harm that online fraudsters are causing to the general public.
Voluntary codes and schemes, however, no matter how well intentioned, are at best, an inadequate substitute for genuine legislation and it is clear that the government will have to take, at the very least, some action to place a real legal burden on internet companies in order to drive down criminal activity on their platforms. The challenge that arises from this eventuality is any government, either present or future will have to forge a difficult compromise between ensuring its citizens are adequately protected whilst, at the same time, not over-burdening tech firms with onerous legal requirements that could force a challenging, and potentially politically embarrassing, standoff.
This legislation could take many forms, ranging from placing a duty on online platforms to help reimburse victims who have been defrauded through scams and fake advertising hosted on their websites to imposing real criminal liability on companies that continue to make a profit through fraudulent activity on their web pages. It seems clear that, at the very least, action must be taken by the government to provide a legal framework that ensures that big tech plays its proper role in fighting this new type of crime. However, the shape or form this framework will encompass is still very much anyone’s guess.
Brendan Kelly QC and Ralph Pickering