The dark side of the digital economy: Bad things come in small packages

Michael Morantz, OECD Public Governance Directorate

Blank.png
©David Rooney

In a small town just outside Montreal, Jake [not his real name] struggles with drug addiction. His dependence on numerous substances has brought him in and out of hospital and rehabilitation programmes many times. What is striking about Jake’s addiction is how he acquires the drugs: not from a neighbourhood drug dealer, but through the post and courier companies.  “It’s remarkably easy business,” he says. “Just like buying common, everyday items on the surface–as opposed to dark–web. Only there are a few extra steps. After you provide your false personal and delivery information and whatever sum of money is agreed upon, your package arrives at the designated address disguised as something else in order to get through the postal service.”

That “something else” is any of the countless innocent things we buy on the internet and have delivered to the house. Like a pair of shoes. A car part. A smart phone. A handbag. A children’s toy. Thanks to e-commerce, we can purchase these things from nearly anywhere in the world. This has led to a flood of small, individual packages that transit through international shipping every day. The packages arrive at customs facilities by the truck- or plane-load, often with little or no advance information other than the label affixed to the top of the parcel. And even when the information on the labels is accurate, how can inspectors possibly inspect each box and effectively risk-assess the contents without advance information? Criminal networks throughout the world are exploiting this gap.

Opioid-deaths

Small package trade is facilitating the global trade in counterfeits. The total value of fakes shipped globally was $US461 billion in 2013, or 2.5% of global trade, the OECD’s Task Force on Countering Illicit Trade estimates. Of this, over 60% of seizures by volume occurred in the mail stream in small packages. It is also one of the reasons why the current opioid epidemic has reached the proportions it has. The Center for Disease Control in the US reported a 30% increase in opioid overdoses nation-wide in 2016-2017. The high potency of fentanyl, the drug responsible for many of these deaths, means that an importer can smuggle tens of thousands of potentially fatal doses in a single small parcel.

Governments now realise the serious effects the small package trade can have. In an OECD report from 2018 on illicit trade, customs agencies reported that small, low-value shipments are a very real threat to national health, safety and security. Small parcels do not just contain illicit narcotics, but weapons, illegal wildlife products, or indeed nearly anything that will fit in a box.

A small-package delivery system which escapes controls has combined with the democratisation of trade through e-commerce to ignite a boom in illicit trade. Unlike illicit narcotics, customers need only go on the “surface web” to purchase counterfeits from e-stores. Popular social media sites make it even easier to access these marketplaces where you can buy anything from fake shoes and designer watches to deadly fakes like counterfeit medicines.

Fake-goods-1

The trouble is that customs agencies are geared to monitor large commercial shipments rather than a continuous flow of small parcels. Can they adjust? Luckily, this change in the nature of trade is not unprecedented. In the 1970s, authorities had to adapt to “containerised trade”, for instance. The global challenge for customs officials then was to examine and risk-assess goods loaded on and off ships in large, locked steel containers. Customs administrations gradually developed a host of measures to deal with this, such as advance commercial information requirements integrated into risk-assessment software and other trade facilitation procedures. International co-operation among law enforcement bodies was also key to ensure the process went smoothly. Today, many customs administrations can target and risk-assess containers days before they arrive, and scan entire containers without opening them. However, now they must adapt to high-volume shipments of small consignments.

The speed and agility of criminal networks are such that authorities are almost always playing catch-up. And they are doing so in the dark. The same goes for the customers and victims of the shadow economy. Jake notes, “I have no idea where the drugs come from, I have no idea who makes them and I have no idea of their quality. But that’s the name of the game.”

It doesn’t have to be. Though the institutional capacities of individual law enforcements agencies are weak, governments can co-operate with each other, and with courier services, postal administrations, e-commerce vendors and intermediaries, using fora such as the OECD’s Task Force on Countering Illicit Trade. Without these international partnerships pushing for effective regulatory reforms, illicit e-commerce will continue to enrich these criminal networks. People like Jake should not have to pay the price.

Links and references

OECD (2018), Governance Frameworks to Counter Illicit Trade, OECD Publishing, Paris,http://dx.doi.org/10.1787/9789264291652-en.

OECD/EUIPO (2017), Mapping the Real Routes of Trade in Fake Goods, OECD Publishing, Paris, http://dx.doi.org/10.1787/9789264278349-en.

OECD/EUIPO (2016), Trade in Counterfeit and Pirated Goods: Mapping the Economic Impact, OECD Publishing, Paris, http://dx.doi.org/10.1787/9789264252653-en.

OECD (2016), Illicit Trade: Converging Criminal Networks, OECD Reviews of Risk Management Policies, OECD Publishing, Paris, http://dx.doi.org/10.1787/9789264251847-en.

OECD Task Force on Countering Illicit Trade (TF-CIT), www.oecd.org/gov/risk/oecdtaskforceoncounteringillicittrade.htm

See “Opioid Overdoses Treated in Emergency Departments” at www.cdc.gov/vitalsigns/opioid-overdoses/index.html

©OECD Insights May 2018

The rising cost of cyber attacks

Balázs Gyimesi, OECD Observer

Blank.png

“Sorry, our website is temporarily unavailable.” While this message may cause you some inconvenience when surfing the web, it’s costly for companies. For over 50% of firms, the unavailability of their sites can cost as much as US$1,000 per minute. And technical shortcomings are not the only reason websites go down–targeted cyber attacks are too.

Cybercriminals bombard servers with traffic to overburden websites. These “denial-of-service” attacks (DoS) affect firms of all sizes in every region. In October 2016, a network of internet-connected devices attacked the servers of Dyn, a provider of domain name system services. It temporarily shut down several major websites in the US and Europe, including those run by television channel CNN, The Guardian newspaper, Netflix, a film entertainment company, and social media giant Twitter. While the cyber attack was neutralised in just over two hours, it caused business losses of an estimated US$110 million.

DoS-attacks-chart

This was an especially damaging denial-of-service attack compared to the average, whose cost is estimated at over US$50,000 for small firms and nearly US$450,000 for larger businesses. And the number of these harmful attacks is on the rise, targeting mostly government, media and financial services. After a peak of 4919 DoS attacks in the second quarter of 2016, the number fell to around 3164 in the first quarter of 2017, but rose again in the second quarter of 2017 to 4051.

Insurance can help companies be more resilient to cyber risks but there are challenges that need to be overcome before the cyber insurance market can reach its full potential. Governments should also support initiatives aimed at sharing knowledge and expertise on risk management practices, as set out in the OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity. When a DoS attack happens, every minute counts–we need responses to restore service now.

DOS-attacks
Cyberscare

OECD (2018), The cyber insurance market: Responding to a risk with few boundaries, www.oecd.org/finance/insurance/The-cyber-insurance-market-responding-to-a-risk-with-few-boundaries.pdf

OECD (2018), Unleashing the Potential of the Cyber Insurance Market: Conference outcomes, www.oecd.org/daf/fin/insurance/Unleashing-Potential-Cyber-Insurance-Market-Summary.pdf

OECD (2017), Enhancing the Role of Insurance in Cyber Risk Management, OECD Publishing, Paris, http://dx.doi.org/10.1787/9789264282148-en

OECD (2015), OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity, https://www.oecd.org/sti/ieconomy/digital-security-risk-management.pdf

OECD Unleashing the potential of the cyber insurance market, videos and conference summary: http://www.oecd.org/finance/2018-oecd-conference-cyber-insurance-market.htm

Digital Attack Map, www.digitalattackmap.com/about/

©OECD Insights May 2018

Corruption vs integrity: The battle continues

Peter Berlin, OECD Observer writer-at-large

©Integrity Action, youth community monitoring in the Palestinian Authority

Recently, a group of 15-year-old students from a girls’ secondary school in the Palestinian Authority audited the construction of a swimming pool in their town. Part of a competition organised by Integrity Action, a civil society organisation, the girls chose to do this because the local government had decided to build a male-only pool and they felt it was not meant for the whole community.

The girls visited the site and requested and examined all the papers related to the project, including the bills and the blueprints. They found that the lifeguard was unqualified and that the tiles were not of the quality specified in the contract. So they made a fuss.

The builder replaced the tiles. The town hired a real lifeguard and said it would think about adding screens for privacy and opening the pool for women on certain days.

“Working on this project was one of the most successful things we did in our lives. We were finally able to raise our voices and make them heard by decision-makers. We forced them to fix the problems!” said the students.

Fredrik Galtung, the founder and president of Integrity Action, told this story at “The Kids are Alright: Educating for Public Integrity”, a session at the OECD’s Global Anti-Corruption and Integrity Forum at the end of March.

Other sessions ranged from meetings of auditors on infrastructure, norms and standards to topics like corruption in sports, business ethics, human slavery and the law of the sea.

“Planet Integrity is not a distant dream, it’s an urgent necessity,” OECD Secretary-General Angel Gurría said in his opening remarks.

The cross-border reach of corruption and the problems it poses to national agencies was echoed repeatedly at the forum. “Slavery and human trafficking have no borders,” said Monique Villa, CEO of the Thomson Reuters Foundation and founder of TrustLaw and Trust Women.

In the session on sport, Ronan O’Laoire, Crime Prevention and Criminal Justice Officer, talked about the “perfect circle” of betting, money laundering and match fixing, with criminals in one country using the globalised betting markets to profit from sports events in other continents.

The cross-border problem is exacerbated by the speed with which the corrupt hop to new honeypots and how fast they adapt to technological and social changes, such as the dark web, e-trade and cryptocurrencies.

“Corruption is a moving target,” Mr Gurría said. “Corruption is often a faceless and borderless crime. Illicit financial flows, cybercrimes and human trafficking are the ‘dark’ side of globalisation. Tackling this must be a global priority.”

John Penrose, a British MP who has been appointed his country’s “anti-corruption champion” was worried: “We are slower than the corrupters at the moment. They are way ahead of us.”

Marcos Bonturi, who heads the OECD’s Directorate for Public Governance, said that people are our best weapon against corruption. “We have been too focused on legal implementation but we’re no longer ignoring the human dimension–how individuals see themselves and relate to society and how education can create a culture of integrity.”

He added, “But we cannot do that overnight. It takes a generation or two. We need to start now.”

That high-school students investigated the accounts of a community swimming pool and found information that led to changes is the kind of grass-roots activism that will beat corruption. But it’s an active vigilance that has to be taught, and taught while people are still young. Mr Galtung summed it up neatly: “Corruption is a skill set. Integrity is a skill set.”

NOTE: The statistical data for Israel are supplied by and under the responsibility of the relevant Israeli authorities. The use of such data by the OECD is without prejudice to the status of the Golan Heights, East Jerusalem and Israeli settlements in the West Bank under the terms of international law.

Links

www.oecd.org/corruption/integrity-forum/

www.oecd.org/gov/ethics/integrity-education.htm

https://integrityaction.org/case-study/can-girls-use-social-accountability-challenge-social-gender-norms-palestinian-girls

www.unodc.org/documents/corruption/Publications/2016/V1602591-RESOURCE_GUIDE_ON_GOOD_PRACTICES_IN_THE_INVESTIGATION_OF_MATCH-FIXING.pdf

©OECD Insights May 2018