Computers are very useful to humans. Because of their general reliability – operating for long periods without problems, and giving correct answers to calculations – people tend to put their trust in these machines.
But computers do break down, and whole systems can crash, and of course there can be serious problems with software.
Because so many functions run on computer systems, society may malfunction when computer systems crash: citizens may not be able to receive their salary, social benefits, bank interest, and the like. What is more, the effect of computer failure is not limited to individuals. Companies may not be able to conduct their normal business because they cannot perform their accounting, payroll, inventory and other data-processing functions, and this effect extends to their business partners who supply them with goods, and so on.11 In fact, as we are now living in a society that is so reliant on computers, we all – experts and layman, individuals or the community – have, voluntarily or involuntarily, to face the risk of computer failure (Starr 1969:
1234-5).
In a society so heavily reliant on complex information technology, the risk of IT failure, especially the risk of computer failure, is ever present. Therefore I shall limit my discussion to the security aspects of computer failure.
The issue of security is important for the use of computers. With the rise of the Internet, the opportunity for conducting e-business, doing financial transactions, sending important data such as credit card numbers, security numbers, personal information and the like, has become widespread. In addition, sometimes people simply disclose their own personal data to others easily, such as through some communicating software like ICQ, AOL or Microsoft NetMeeting. However, in the Internet, some crackers/hackers may be able to access your personal and security number and you will have no idea about it. They can use your personal data and security number to commit crime or even use your credit card to purchase goods on your account. Therefore, what I mean about the security use of computers is whether computer users have the perception that their
10 http://www.acpf.org/WC8th/AgendaItem2/I2PpTurnbullHK.html.
11 http://www.year2000.gov.hk/english/index_2.html.
personal and important data is unsafe and whether they have taken measures to minimise the probability that this data might be revealed by unauthorised third parties. For instance, the selection of the computer software can be regarded as a matter of security concern to a person or an organisation. The reason is that some of the software is open to being invaded by hackers/crackers. A recent instance of showing security concern was when the Beijing government selected Linux rather than Microsoft’s products (Ming Pao, 7/1/2002).12
Methodology
I shall use my research findings on computer risk perception among students at Peking University (PKU) in Beijing and biannual survey reports on the development of China’s Internet conducted by the CNNIC to show the relationship between cyber-crime, risk perception and the development of e-business in China.
With a view to probing the computer risk perception among educated youth in China, a set of questionnaires was prepared at the end of September 2001. A total of 250 questionnaires were sent to the targeted respondents from the period 4 October 2001 to 19 November 2001 by direct distribution at PKU. I divided the students into computer-majored and non-computer-majored. With the help of my assistant at PKU, the questionnaires were distributed to a broad range of respondents in the dormitory and computer laboratory inside PKU. The completed questionnaires were collected immediately. No person other than my assistant could have access to the questionnaires, which for safety reasons were photocopied. The originals were then directly mailed to me in mid-November 2001 for data analysis. My assistant kept the photocopies. All the original and photocopied questionnaires were destroyed at the end of my data analysis.13
Two hundred and two completed questionnaires were returned, of which 90 were from postgraduate students and 112 from undergraduates; 55.4 per cent of respondents were computer-majored students while 44.6 per cent were non-computer-majored students.14 The response rate was 80.8 per cent.
The CNNIC is one of five organisations that provide inter-networks protocol (IP) and domain to either end users or Internet service providers in China. China connected with the Internet in 1994. In June 1996, China began to offer Internet services for commercial and private uses. In June 1997, the Chinese government institutionalised regulation of Internet use by setting up the CNNIC with a view of controlling use, especially regarding IP and domain. Up to July 2002, the CNNIC conducted ten surveys regarding the use of the Internet in China, in October 1997, July 1998, January 1999, July 1999, January 2000, July 2000, January 2001, July 2001, January 2002 and July 2002.15
12The government of the United States, for instance, has used a lot of software from Microsoft. Nonetheless, this government is now paying more attention to software security, especially when Microsoft products are reported to have many security problems.
Interested readers can refer to http://full.mingpaonews.com/20020118/t_tacl.htm for details.
13The author would like to acknowledge the financial support from the research travel grant offered by the School of Humanities and Social Science at the Hong Kong University of Science and Technology.
14The author further divided postgraduate and undergraduate students into computer majored and non-computer majored students.
As a result, four groups were created, namely, postgraduate computer majored, postgraduate non-computer majored, under graduate computer majored, and undergraduate non-computer majored.
15http://www.cnnic.net.cn/about.shtml.
As mentioned, the CNNIC conducted the surveys on Internet use in China biannually. It targeted mainly two groups of potential respondents: national households that had installed fixed telephone lines and whose ages were 6 or above, and high school students who were living in school. In the first group, the CNNIC further divided the respondents by province. In each province, the CNNIC, based on selected criteria, randomly approached the respondents, both in urban and rural areas, by means of telephone survey. The confidence level was set at 95 per cent. For the second group of potential respondents, the CNNIC randomly chose 120 high schools in China. Then it randomly chose 50 students in each school. The confidence level was also set at 95 per cent.16
Findings
I shall present the findings in two ways, showing the view of the respondents on hackers/crackers, and the level of security risk perception among the respondents. Before drawing a conclusion, I shall relate the respondents’ view on hackers/crackers, their security risk perception and their e-business behaviour together.
In presenting the data, I shall mention my findings first and then compare it with the CNNIC survey, whether appropriate and possible, and see if there are any differences between them.
View on hackers/crackers
From my research, though not many respondents experienced invasion by hackers/crackers, they tended to think that hackers/crackers pose a great threat to their society. In addition, they described the effect of such invasion as serious or moderate to them.
Table 3.1 Personal experience on getting hackers/crackers
Very often Sometimes Rarely Never No idea
N % N % N % N % N %
Personal experience on getting 7 4.2 15 8.9 75 44.6 62 36.9 9 5.4 hackers/crackers
Note: Due to the rounding of figures, the sum of the percentage in some of the items is not equal to 100 per cent. The same criteria applied to the following tables.
Table 3.1 shows that most of the respondents said they rarely experienced any invasion from hackers/crackers.
This finding was, however, different from the CNNIC’s result. The CNNIC pointed out that, up to January 2002, 63.3 per cent of Internet users in China experienced invasion by hackers/crackers in the last year (CNNIC survey, 1/2002).
16http://www.cnnic.net.cn/develst/fa.shtml.
Table 3.2 Threat of hackers/crackers to society
Do you agree that hackers/crackers pose a great threat to society?
Strongly Agree Disagree Strongly No opinion
agree disagree
N % N % N % N % N %
Threat of hackers/ 15 7.5 91 45.3 70 34.8 6 3.0 19 9.5
crackers to society
Table 3.2 shows that even respondents who rarely experienced any invasion agreed that hackers/crackers already posed a threat to society.
Table 3.3 Self-description of the effect of invasion from hackers/crackers
Very serious Serious Moderate Minor None
N % N % N % N % N %
Self-description of the influence 9 9.3 37 38.1 35 36.1 11 11.3 5 5.2 on invasion from hackers/crackers
Table 3.3 shows that the respondents tended to regard the effect of invasion of hackers/crackers as either serious or moderate to them.
Although my research does not match with the CNNIC’s finding in the experience of the invasion of hackers/crackers among Internet users, the figures above suggest two things: that Chinese Internet users believed that the hackers/crackers were posing a threat to their society; and that they thought the effect of invasion by hackers/crackers would be serious. This, in turn, would affect the security risk perception among the Chinese Internet users towards hackers/crackers and their attitude towards e-business.
Security risk perception
Table 3.4 Installation of firewall software
Installed
N %
Installation of firewall software 132 78.6
As illustrated in Table 3.4, most of the respondents tended to install firewall software in order to protect the security risk of surfing the Internet. This shows that the security risk perception among respondents was high. In fact this finding matched the result from the CNNIC survey, according to which, up to January 2002, 64.6 per cent of Internet users in China chose the installation of firewall software as the main method of protecting their security risk in surfing the Internet (CNNIC survey, 1/2002).
Table 3.5 Sending personal or important information
Sending personal or Very often Sometimes Rarely Never
important information
N % N % N % N %
A) In e-mail, without encryption 50 25.8 39 20.1 49 25.3 56 28.9
(secure format)
B) In e-mail, with encryption 29 15.3 69 36.5 54 28.6 37 19.6
(secure format)
C) Via the Internet, without encryption 27 14.2 51 6.8 62 32.6 50 6.3 (secure format)
D) Via the Internet, with encryption 17 9.2 73 39.5 49 26.5 46 24.9 (secure format)
E) In a computer that is not yours, 24 12.5 38 19.8 70 36.5 60 31.3 via e-mail
F) In a computer that is not yours, 23 12.0 37 19.4 70 36.6 61 31.9 via the Internet
As seen in Table 3.5, most of the respondents said they would send their personal or important information by using encrypted e-mail or via the Internet with encryption. Encryption is a kind of secure format in sending information to and from computers. Its use can lessen the chance of personal or important information being revealed by unauthorised persons during data transference. The result matched the CNNIC’s finding. Up to January 2002, there were only 45.0 per cent of Internet users in China who were satisfied with the protection of the personal privacy over the Internet (CNNIC survey, 1/2002). It suggested that a number of Internet users in China felt uncomfortable with Internet security.
These figures suggest that Chinese Internet users had a high security risk perception on their computers or their data. With a view to protecting their computers, most of them had installed firewall software. In order to protect their personal data, Chinese Internet users tended to use encrypted format during transmission.
This suggested that they were concerned about the security of their computers and their data. So how was the high security risk perception affecting e-business behaviour among Chinese Internet users?
E-business behaviour
Table 3.6 Purchasing from e-commerce websites is a widespread practice in your society
N %
A) Strongly agree 24 (12.0)
B) Agree 85 (42.5)
C) Disagree 69 (34.5)
D) Strongly disagree 10 (5.0)
E) No opinion 12 (6.0)
From Table 3.6, most of the respondents agreed that purchasing from an e-business website was a wide-spread practice.
Table 3.7 Frequency of visiting e-business websites
N %
A) Very often 22 (11.0)
B) Sometimes 26 (13.0)
C) Not very often 64 (32.0)
D) Occasionally 83 (41.5)
E) Never 5 (2.5)
Table 3.7 shows that although the respondents agreed that e-business was a widespread practice, most of them visited e-business websites only occasionally. The result was a little different from the CNNIC survey.
Up to January 2002, 49.8 per cent of Chinese Internet users sometimes accessed e-business sites (CNNIC survey, 1/2002).
Table 3.8 Frequency of purchasing from e-business websites
N %
A) Very often 9 (4.7)
B) Sometimes 16 (8.3)
C) Not very often 32 (16.6)
D) Occasionally 64 (33.2)
E) Never 72 (37.3)
Table 2.8 further revealed that the respondents occasionally or never purchase from e-business. This result matched the finding from the CNNIC survey. In accordance with the CNNIC’s report, up to January 2002, 68.4 per cent of Internet users in China had not purchased goods or services from e-business during the last
year. In addition, 93.1 per cent of Internet users in China did not purchase goods via auction e-business in China. Furthermore, 91.3 per cent of Internet users in China did not purchase second-hand goods via e-business in China over the last year. All these suggested that Chinese Internet users did not purchase goods or services from e-business websites very often.
Table 3.9 Method of payment method for online purchasing
N %
A) Online payment 7 (5.8 )
B) Mail the cheque to the company 7 (5.8 )
C) Deposit to the specific bank account 11 (9.1 )
D) Cash on delivery 93 (76.9 )
E) Others 3 ( 2.6 )
Security was the main criterion for the respondents in using e-business. Table 2.9 shows that most respon-dents preferred cash on delivery in settling the payment for any electronic purchase. This result matched the CNNIC’s finding. Up to January 2002, 42.8 per cent of Internet users in China preferred paying by cash on delivery to paying electronically. Moreover, if the bills were over RMB 1000, 73.3 per cent of Internet users in China would pay by cash on delivery (CNNIC survey, 1/2002). The above showed that Chinese Internet users were concerned about the security of their data and information when settling the payment for online purchasing.17 Security risk was a concern when choosing the method of payment for online purchasing among Chinese Internet users.
Table 3.10 Reasons for choosing the online payment method
Reason for choosing the online payment method N %
A) Convenience 36 (30.5)
B) Security 56 (47.5)
C) Most of my friends do it in this way 4 (3.4)
D) Convenience and security 13 (11.0)
E) Others 9 (7.6)
As illustrated in Table 3.10, most of the respondents expressed that they considered security as the main reason for choosing this payment method for e-business.
17There was another explanation for the data on the method of payment for online purchasing in China. From the knowledge of the author, credit card was still not popular among Chinese. In view of this, among the payment methods, most of the e-business in China would provide an option of cash on delivery for their customers. Nonetheless, when considering the figures in Table 2.10, the author believed that security was still one of the main concerns in choosing the method of payment for the online purchasing.
Generally speaking, the figures from my research and that of the CNNIC suggest that Chinese Internet users are still not adopted to e-business. Most of them still went to the traditional shops to purchase their own necessaries. Worse still, for those who were willing to get in touch with e-business, most of them tended to regard it as a high-risk activity. I suggest that this was because of the activities of hackers/crackers.
Although not all subjects experienced invasion from hackers/crackers, they feared that hackers/crackers could steal their personal information from e-business or even during a transaction. With such a perception, Chinese Internet users who made purchases through e-business tended to choose cash on delivery to settle the payment. This suggests that the current e-business failed to offer a strong sense of security to their customers. If this situation does not improve, the development of e-business in China will be hindered.
Conclusion
The introduction and development of e-business in China are believed to be beneficial to Chinese society.
Nonetheless, the high security risk perception of the threat from cyber-crime has hindered the development of e-business in China. I suggest that the perception of security risk among Chinese respondents depends on whether or not they have an accurate understanding and appreciation of the issue of cyber-crime and e-business. Their understanding and appreciation of the issues in turn depend on whether young people have received accurate knowledge or information on the issue. The ability and willingness to receive such knowledge or information, as suggested by Morgan (1981), are affected by the interaction between humans and their environment. Even though not all the people will agree on the causal relationship between risk perception and risk behaviour, the more knowledge the respondents have of cyber-crime and e-business, the more options will be available to them to facilitate the development of e-business. Most of the information comes from education. Thus, with an aim of increasing the knowledge among the Chinese respondents on cyber-crime and e-business, proper education is very important.
References
Castells, Manuel, The Rise of the Network Society, Oxford: Blackwell, 2000.
Gray, Peter, Psychology, New York: Worth, 1991.
Http://app.singpao.com/20020409/internatinal/99089_main.html.
Http://full.mingpaonews.com/20020118/t_tacl.htm on 18 January 2002.
Http://www.acpf.org/WC8th/AgendaItem2/I2PpTurnbullHK.html.
Http://www.cnnic.net.cn/about.shtml.
Http://www.cnnic.net.cn/develst/200201/doc2002-1.zip.
Http://www.cnnic.net.cn/develst/fa.shtml.
Http://www.mingpaonews.com/20020107/t_gaa1h.htm on 7 January 2002.
Http://www.mpinews.com/fprint.cfm?htm=htm per cent5C20020408 per cent5Cta11441a per cent2Ehtm.
Http://www.nielsen-netratings.com/pr/pr_020422_eratings.pdf.
Http://www.pricewaterhousecoopers.co.uk/extweb/newcolth.nsf/docid/1A47C7356C 3D57AC85256AD1005834D1?OpenDocument.
Http://www.year2000.gov.hk/english/index_2.html.
Http://www.ust.hk/itsc/y2k/.
Morgan, M. Granger, ‘Probing the Question of Technology-Induced Risk’, IEEE Spectrum 18(11) 1981:
58-64.
Nader, J.C., Prentice Hall’s Illustrated Dictionary of Computing, 3rd edn. Sydney: Prentice Hall, 1998.
Pfaffenberger, Bryan, Webster’s New World Dictionary of Computer Terms, 6th edn, New York: Que, 1997.
Smith Ronald E., Irwin G.. Sarason and Barbara R. Sarason, Psychology: The Frontiers of Behavior, Cambridge: Harper & Row, 1986.
Starr, Chauncey, ‘Social Benefit Versus Technological Risk’, Science 165(19) 1969: 1232–8.
Sterrett, C., and A. Shah, ‘Going Global on the Information Super Highway’, SAM Advanced Management Journal, 63(1) 1998: 43–8.
Yuang Xia, ‘Searching for Substance: The Reality of China’s Internet Development’, Harvard Asia Pacific Review 4(2) 2000: 17–18.