Cybercrime and the Internet PDF - An Introduction

1 CYBERCRIME AND THE INTERNET An Introduction OVERVIEW Chapter 1 examines the following issues: how cybercrime is perceived and discussed in society, politics and the media; the kinds of questions that criminologists ask about cybercrime; the emer- gence and growth of the internet, the role it plays in a wide range of every- day activities, and how this growth creates new opportunities for offending; how cybercrime can best be defined and classified; whether and to what extent cybercrime can be considered a new or novel form of criminal activity; issues confronting criminology in explaining cybercrime; the challenges that cybercrime presents for criminal justice systems. KEY TERMS Anonymity Hacking Piracy Stalking Crime Information Policing Surveillance society Cybercrime Pornography Transnational Internet crime and Cyberspace Representations policing Internet of of crime Deviance Things (IoT) Viruses Social inclusion e-Commerce Moral panic and social Globalization exclusion 2 CYBERCRIME AND SOCIETY 1.1 PERCEPTIONS OF CYBERCRIME Over the past few decades, there appears to have been an explosion of crime and crim- inality related to the growth of new forms of electronic communication. Since the mid-1990s, the internet has grown to become a fact of life for many people worldwide. Its relentless expansion is perpetually in the process of transforming the spheres of business, work, consumption, leisure and politics (Castells, 2002). The internet is part of a globalization process that has supposedly swept away old realities and certain- ties, creating new opportunities and challenges associated with living in a ‘shrinking’ world. We are said to be experiencing a ‘new industrial revolution’, one that has led us into a new kind of society, an ‘information age’ (Webster, 2003). Yet awareness of, and enthusiasm for, these changes has been tempered by fears that the internet brings with it new threats and dangers to our well-being and security. ‘Cyberspace’, the realm of computerized interactions and exchanges, seems to offer vast opportunities for crimi- nal and deviant activities. Three decades on from the internet’s first appearance in popular consciousness, the intervening years have been replete with fears about its darker, criminal dimensions. Businesses cite threats to economic performance and stability, ranging from vandalism to e-fraud and piracy; governments talk of ‘cyber- warfare’ and ‘cyberterror’, especially a$er the September 11, 2001 (9/11) attacks in New York and the more recent incidents of ‘hybrid warfare’ following the 2022 Rus- sian invasion of Ukraine; parents fear for their children’s online safety, hearing of per- verts and paedophiles stalking the internet’s social networking platforms looking for victims; almost every computer user has been subjected to attack by viruses and other forms of malicious so$ware; the defenders of democratic rights and freedoms fear the state itself, convinced that the internet is a tool for the surveillance and control of citizens, an electronic web within which Big Brother can watch us all. The internet and related communication technologies therefore appear to present new challenges to individual and collective safety, social order and stability, economic prosperity and political liberty. Our awareness of the internet’s criminal dimensions has been cultivated by mass media representations. The news media play their part in identifying and intensifying public concerns, and almost every day sees some new report of an internet-related threat. Demata’s (2017) study of cybercrime reporting in two popular British news- papers (The Sun and The Mirror) found that it was framed in a language of ‘othering’ that emphasized threats posed by foreign countries. Imamgaiazova (2020) examined cybercrime reporting in Russian and English media, revealing that attacks were ‘rep- resented via frames of war, game, pandemic and crime’ (Connolly and Piper, 2022: 2). A search of the LexisNexis database indicates that news coverage of cybercrime has increased significantly over time, with 462 articles in 2000 and 4,460 in 2017. Evidence also indicates that coverage of certain cybercrime topics has grown more than others. For instance, in their study of international news media coverage from 2008 to 2013, Jarvis et al. (2015: 70) found that the number of news items discuss- ing cyberterrorism has increased, with a notable uptick a$er 2010. In addition to the print media, we must also consider broadcast media (television, radio) and the internet itself (now a major source of cybercrime reportage). Popular fiction has also CYBERCRIME AND THE INTERNET 3 dramatized the internet’s problematic dimensions, with films such as Hackers, The Net, Black Hat and Live Free or Die Hard sharpening the sense that our safety may be under threat from irresponsible individuals and unscrupulous authorities (Stein- metz, 2016; Webber and Vass, 2010). Perhaps such representations and fears should not altogether surprise us. A$er all, while the internet is relatively new, history shows us that rapid social, economic and technological changes are o$en accompanied by heightened cultural anxie- ties (even panics) about threats to our familiar ways of life. Levi (2008: 373) notes that cybercrime ‘is used as titillating entertainment which generates fear at the power of technology beyond the control of respectable society’. Thomas and Loader (2000a: 8) suggest that social transformation wrought by internet technologies ‘makes the future appear insecure and unpredictable’, producing a public and political over- reaction. Such moral panics lead to an excessive and unjustified belief that individu- als, groups or events present an urgent threat to society (Critcher, 2003). Yar (2012a) suggests that popular representations of the internet have become characterized by a ‘cyber-dystopian’ outlook, portraying the social effects of new technologies in over- whelmingly negative terms. Internet-related panics include those over the effects of pornography in the mid-1990s, over threats to child safety from paedophiles in the 2000s, and most recently concerning the impact of social media (Walsh, 2020). The proliferation of such anxieties is perhaps best viewed as a result of the rapid shi$s and reconstructions occurring today. This doesn’t mean that the dangers posed by cyber- crime can be dismissed as wholly unfounded. Nor should such widespread reactions simply be ignored by criminologists. Media representations are an important crimi- nological research topic in their own right; their careful examination reveals how the problem of cybercrime is being constructed and defined, and how this shapes social and political responses (Taylor, 2000; Vegh, 2002). Yet such representations can also obscure the realities of criminal activity and its impacts, hindering rather than help- ing a balanced understanding. 1.2 CYBERCRIME: QUESTIONS AND ANSWERS Making sense of cybercrime presents a significant challenge, as it requires us to take a more sober and balanced view, si$ing fact from fantasy. The existence of this book demonstrates the authors’ belief that such an examination is both possible and worthwhile. Indeed, numerous scholars have made considerable strides in this direction. By using a combination of theoretical analysis and empirical investiga- tion they have attempted to answer many pressing questions: Just what are ‘cybercrimes’? What is the scope and scale of such crimes? How are these crimes both like and unlike ‘o!fline’ o!ences? Who are the ‘cybercriminals’? What are the causes and motivations behind their o!ending? What are the experiences of the victims of such crimes? 4 CYBERCRIME AND SOCIETY What challenges do such crimes present for criminal justice and law enforcement? How are policymakers, legislators, police, courts, business organizations and others responding? How are such responses shaped by popular perceptions of computer crime and computer criminals? How is cybercrime shaping the future development of the internet itself? There is now extensive literature addressing these issues from a wide range of dis- ciplines, including criminology, sociology, law and socio-legal studies, political sci- ence, political economy, cultural and media studies, science and technology studies, business and management, and computing. The ever-expanding range of such mate- rial, and its location within multiple disciplines, makes it di&cult for the newcomer to find an accessible route into current debates. This is made more di&cult because cybercrime refers not to a single, distinctive kind of criminal activity, but to a diverse range of illicit activities that share the unique electronic environment in which they take place. Consequently, different studies focus on some selected aspects of the cybercrime problem, to the detriment or neglect of others. Hence this book, which aims to offer a thorough and up-to-date introduction to the range of issues, questions and debates about cybercrime that characterize it as a field of study. We draw upon theoretical and empirical contributions from different areas of scholarship, but the focus falls upon criminology and sociology, our own primary fields of expertise. The chapters will furnish a critical introduction to a variety of issues. Many focus on rec- ognizably different kinds of cybercriminal activity, such as hacking, e-fraud, cyber- stalking and cyberterrorism; each is examined and analysed considering its social, political, economic and cultural context. Other chapters consider more general mat- ters, addressing, for example, the tensions apparent between internet security and policing on the one hand, and individual rights, freedoms and liberties on the other. Given the range of issues covered, their treatment cannot be exhaustive. Hence each chapter contains guidance for further, more in-depth reading, in print and online. Before moving on to detailed discussions, however, there are important issues of background and context that must be outlined, and some important conceptual issues to address. The remainder of this chapter will situate cybercrime in relation to the development of the internet and ask questions about how we might classify cybercriminal activities, and why cybercrime might need to be viewed as different from other kinds of criminal activity. 1.3 A BRIEF HISTORY AND ANALYSIS OF THE INTERNET Any examination of cybercrime begins with the internet, simply because without the latter, the former could not exist. It is the internet that provides the crucial electroni- cally generated environment in which cybercrime takes place. Moreover, the internet is not simply a piece of technology, a kind of ‘blank slate’ that exists apart from its users. Instead, it needs to be seen as a set of social practices – the internet takes the form that it does because people use it in certain ways and for particular purposes. CYBERCRIME AND THE INTERNET 5 What people do with the Net, and how they go about it, are crucial for understand- ing what kind of phenomenon the internet is. Indeed, it is the social uses we make of the internet that create the possibilities for criminal and deviant activity. To give one example, if people didn’t use the internet for shopping, then there wouldn’t be opportunities for credit card crimes that exploit users’ financial information. These opportunities can put millions of people’s sensitive data at risk, as when the network of the Target retail chain was breached in 2013 and offenders absconded with the credit and debit card information of potentially over a hundred million customers (Kassner, 2015). Similarly, it is because we use the internet for electronic communica- tion with friends and colleagues that viruses targeting the email system we use for that purpose can cause great disruption and damage (Grossman et al., 2000). The internet, as its name suggests, is in essence a computer network; or, to be more precise, a ‘network of networks’ (Castells, 2002). A network links computers together, enabling communication and information exchange between them. Many such networks of information and communication technology (ICT) have existed for decades – those of financial markets, the military, government departments, business organizations, universities and so on. The internet provides the means to link up the many and diverse networks already in existence, creating from them a single network that enables communication between all ‘nodes’ (e.g., individual computers) within it. The origins of the internet can be traced to the development of the Semi- Autonomous Ground Environment (SAGE) system, which was an early warning and interception system developed by the US military in the 1950s. The system emerged from concerns over domestic bomber strikes such as those witnessed in World War II. As Thomas Rid (2016: 78) explains, ‘turning the entire North American continent into an air defense battery meant that radar stations, computers, and interceptors needed to be linked in real time and on a massive scale’. The efforts involved in devel- oping such a system were monumental and ‘had a most surprising and underappreci- ated impact: it helped lay the foundation for networking computers, and ultimately for the internet’ (Rid, 2016: 79). In the 1960s, the US military, through its Defense Advanced Research Projects Agency (DARPA), would further explore the develop- ment of major computer networking systems. These efforts resulted in the Advanced Research Projects Agency Network or ARPANET (Hafner and Lyon, 1996). The aim was to enable the secure and resilient communication and coordination of military activities. In the political and strategic context of the Cold War, with the ever-present threat of nuclear confrontations, such a network was seen as a way of ensuring that critical communications could be sustained, even if particular ‘points’ within the computer infrastructure were damaged by attack. The ARPANET’s technology allowed communications to be broken up into ‘packets’ that could then be sent via a range of different routes to their destinations, where they could be reassembled into their original form. Even if some of the intermediate points within the network failed, they could simply be bypassed in favour of an alternate route, ensuring that messages reached their intended recipients. The creation of the network required not just new computer hardware, but also new protocols, the codes and rules that would allow 6 CYBERCRIME AND SOCIETY different computers to ‘understand’ each other. This development began in the late 1960s, and by 1969 the ARPANET was up and running, initially linking together a handful of university research communities with government agencies. From the early 1970s further innovations appeared, such as electronic mail applications, which expanded the possibilities for communication. Other net- works, paralleling the ARPANET, were established such as the UK’s JANET (Joint Academic Network) and the US’s NSFNET (belonging to the American National Science Foundation). By using common communication protocols, these networks could be connected, forming an internet, a network of networks. A major impetus for the emergence of the internet as we now know it was given when, in 1990, the US authorities released the ARPANET to civilian control, under the auspices of the National Science Foundation. The same year saw the development of a web browser (basically an information-sharing application) by researchers at the CERN physics laboratory in Switzerland. Dubbed the World Wide Web (www), this so$ware was subsequently elaborated upon by other programmers, allowing more sophisticated forms of information exchange such as the sharing of images as well as text. The first commercial browser, Netscape Navigator, was launched in 1994, with Micro- so$ releasing its own Internet Explorer the following year. These and other brows- ers made internet access possible from personal computers (PCs). In the early days of ARPANET, few businesses saw the commercial potential of the internet. For example, as Curran (2010: 18) explains, ‘the commercial giant AT&T was actually invited in 1972 to take over ARPANET, the forerunner of the internet, and declined on the grounds that it lacked profit potential’. By the mid-1990s, however, numerous internet service providers (ISPs) had entered the market, offering internet connections for anyone with a computer and conventional telephone line. These ser- vices, while popular, were slow and offered a very limited capacity for transmitting data. They have since been supplanted by much faster broadband connections as well as services offering data connections to mobile devices. Since the commercialization of the internet in the mid-1990s, its growth has been incredibly rapid. Between 1994 and 1999 the number of connected countries increased from 83 to 226 (Furnell, 2002: 7). In December 1995 there were an estimated 16 million internet users worldwide; by May 2002, this figure had risen to over 580 million, almost 10 per cent of the world’s total population (NUA, 2003). As of June 2017, the total number of internet users had reached an estimated 3.89 billion, comprising some 51.7 per cent of the global popu- lation (IWS, 2017). However, despite this phenomenal growth, access to the internet remains uneven both between countries and regions, and within individual nations. The technical capacity enabling internet access (PCs, so$ware, reliable telecommu- nications grids) is unevenly distributed: for example, an estimated 84.2 per cent of households in Europe have internet access, while the comparable figure for the Afri- can continent is around 18 per cent (ITU, 2017). Unequal access also follows exist- ing lines of social exclusion within countries – factors such as employment, income, education, ethnicity and disability are reflected in the patterns of internet use (Cas- tells, 2002: 208–23). These inequalities are criminologically important, as they tell us something about the likely social characteristics of both potential online offenders and their potential victims (a point we shall return to later in the chapter). CYBERCRIME AND THE INTERNET 7 It is further worth considering not only who is online, where, and in what numbers, but also what they do in online environments. As noted earlier, the social practices that people legitimately engage in will create distinctive opportunities for offending – what criminologists call ‘opportunity structures’ arising from people’s online ‘routine activi- ties’ (Grabosky, 2001). Therefore, an important area of internet usage is its application in electronic business, or e-commerce. Businesses use the internet routinely in their activities, ranging from research and development, to production, distribution, mar- keting and sales. These uses enable various criminal opportunities: for example, the the$ of trade secrets and sensitive strategic information; the disruption of online selling systems; and the fraudulent use of credit cards to obtain goods and services (Grabosky and Smith, 2001; Smith, 2010). Online banking and similar financial services likewise generate opportunities for crimes that exploit systems for identity authentication. Simi- larly, the internet is now used by various actors for political purposes – governments use it to inform and consult citizens, political parties use it to recruit supporters, pres- sure groups use it to organize campaigns and raise funds, and so on. Consequently, we see the emergence of cybercrimes that are political in nature; these range from the sabotage and defacement of o&cial websites, and the use of the internet to instigate hate campaigns by far-right extremists, to the activities of terrorist groups aiming to recruit members and raise funds (Denning, 1999: 228–31; Denning, 2010; Whine, 2000). Another important area of internet activity relates to leisure and cultural consumption. People use the internet to access everything from music and movies to celebrity gossip and online video gaming. Yet again, the demand for such goods creates opportuni- ties for offending – ranging from the distribution of obscene imagery to the trade in pirate audio and video recordings and computer so$ware (Yar, 2005a). Further and notably, the massive uptake of social media platforms generates new patterns of vulner- ability to misuse and abuse (Yar, 2012b). The emerging ‘Internet of Things’ (IoT), a term which ‘quite literally means “things” or “objects” that connect to the internet – and each other’, also introduces new patterns of internet use (Greengard, 2015: 15). IoT includes consumer technologies like fitness bands, smartwatches, kitchen appliances, laundry machines, scales, thermostats and automobiles that connect to the internet to allow the provision of additional services. It also includes a range of commercial, industrial and governmental devices linked to the internet. While the IoT provides convenience and novelty for consumers, businesses and governments, it also becomes ‘a hotbed for hacking, data breaches, malware, cyber-attacks, snooping, and myriad other problems’ (Greengard, 2015: 24). These examples suggest that illegitimate online activities cannot be viewed in isolation, but must be seen as deeply interconnected with their legitimate counterparts; with every new internet development, there coincides a range of both licit and illicit uses. The internet has a ‘depth’ to it, and social activity occurs even in its abys- sal layers. Most users only access the ‘surface web’, comprising content indexed through search engines – the realm of social media, funny cat memes, celebrity gossip, and news websites. Attention is now turning to activities in the ‘deep web’ – content not indexed in search engines (for example information secured behind paywalls, email accounts, etc.). Within this collection of unindexed websites is what some refer to as the ‘dark web’ or ‘a collection of thousands of websites that 8 CYBERCRIME AND SOCIETY use anonymity tools like Tor [The Onion Router] and I2P [The Invisible Internet Project] to hide their IP addresses’ (Greenberg, 2014). The key distinction concern- ing dark websites and surface websites is that the former ‘hide the IP addresses of the servers that run them’ (ibid). Dark web tools also protect the geo-location data of their users. The term dark web sounds insidious and has become synonymous with illegal marketplaces like the infamous (and now defunct) Silk Road. Though it is true that the dark web contains numerous websites peddling contraband (like guns, stolen data and drugs), supplying illicit content (such as illegal forms of por- nography) and providing venues to discuss illegal matters, criminals are not the only ones interested in the secrecy the dark web provides. For example, the dark web may also be used by political activists trying to avoid government surveillance and censure or other persons wishing to maintain their privacy online. 1.4 DEFINING AND CLASSIFYING CYBERCRIME A key problem facing scholars of cybercrime is agreeing upon definitions and cate- gories of cybercrime. Generating a consensus may be di&cult because of the ambig- uous nature of the ‘cyber’ prefix itself. Cyber has a complicated history. The term was originally coined by Norbert Wiener and Arturo Rosenblueth in the 1940s as they pioneered the field of ‘cybernetics’ (Wiener, 1948). Wiener and his contemporaries saw cybernetics as an emergent field focused on machines and feedback systems (Rid, 2016). In this context, cyber was derived from a Greek word for ‘steersman’ (Wiener, 1948: 19). The pioneers of cybernetics used the term to focus on machines that could reciprocally interact with their environments. The field was as much philosophical as technical, imagining a future of autonomous or semi-autonomous machinery. It not only became a serious academic area, but its ideas resonated with a populace that was both fascinated by and afraid of high technology. While cyber originally had a specific use in cybernetics, its increasing use as a portmanteau meant the prefix dri$ed further away from its original use by cyber- neticists. Cyber became a popular way to describe anything related to comput- ers and their potential. Perhaps the term became somewhat superficial – though stylish and futuristic sounding, cyber in its current use doesn’t seem to lend con- ceptual specificity to the phenomena it denotes. For example, the popularity of cyber soared in the 1980s where it would resurface to describe a new genre of sci- ence fiction and its associated concepts. During this period William Gibson (1984) introduced ‘cyberspace’ to the popular lexicon through his acclaimed novel Neu- romancer (Gordon et al., 2022). In a 2013 Q&A session, he stated that cyberspace constituted an attempt to describe an ‘arena in which I could set science fiction sto- ries’ oriented around computers and computer-generated spaces (Gibson, 2013). This new storytelling landscape, he explained, needed a really hot name … dataspace wouldn’t work and infospace wouldn’t work but cyberspace … it sounded like it meant something or it might mean something but as I stared at it in red sharpie on a yellow legal pad, my whole delight was that I CYBERCRIME AND THE INTERNET 9 knew it meant absolutely nothing so I would then be able to specify the rules for the arena. (ibid) Thus, cyber became a ‘plug-and-play’ prefix that could be conjoined to any noun or verb to denote some relationship to computers and the internet. Throughout the 1980s and 1990s, uses of cyber proliferated to include cyberspace, cybersex, cybershopping, cybersurfing and, of course, cybercrime. McKenzie Wark (1997: 154) describes the problem as ‘cyberhype’ or the use of certain prefixes to give the illusion of explanatory power and significance to concepts. As he explains: The problem with cyberhype is the easy assumption that the buzzwords of the pre- sent day are in some magical way instantly transformable into concepts that will explain the mysterious circumstances that generated them as buzzwords in the first place. Cyber this, virtual that, information something or other. Viral adjectives, mutated verbs, digital nouns. Take away the number you first thought of and hey presto! Instant guide to the art of the new age, cutting edge, psychotropic anything- but-postmodern what have you. Not so much a theory as a marketing plan. At some point, however, we collectively decided that not everything online needs to be designated ‘cyber’. Instead of ‘cybersurfing’, for instance, we now say ‘brow- ing the web’. ‘Cybershopping’ is just ‘online shopping’. Even terms like ‘cyberspace’ and ‘cybersex’ have mostly fallen away. Cyber endures in certain forms, however, most notably in its application to harmful or illicit activities like cybercrime, cyber- stalking, cyberharassment and cyberterrorism. While originally uses of cyber were ‘pregnant with the promise of technology’, they have since come to connote the dangers of the internet (Steinmetz and Nobles, 2018: 3; Wall, 2012: 5). Thus, cyber no longer really refers to the field of cybernetics, but it describes anti-social inter- net activity. These negative connotations persist as politicians and pundits identify the threats (real and imagined) that ‘cyber-attacks’, ‘cybercriminals’ and ‘cyberter- rorists’ pose. Despite any issues that surround cyber, the prefix has become a com- monplace term in criminology to describe computer network-related crimes. The conceptual ambiguity of cyber applies to cybercrime as well. A major problem for cybercrime studies is the absence of a consistent current definition, even among those law enforcement agencies charged with tackling it. As Wall (2001a: 2) notes, the term ‘has no specific referent in law’, yet it is o$en used in political, criminal justice, media, public and academic discussions. We have already suggested that instead of trying to grasp cybercrime as a single phenomenon, it might better be taken to signify a range of illicit activities whose ‘common denominator’ is the central role of ICT net- works in their commission. A definition along these lines is offered by Thomas and Loader (2000a: 3) who conceptualize cybercrime as those ‘computer-mediated activi- ties which are either illegal or considered illicit by certain parties and which can be conducted through global electronic networks’. This definition contains an important distinction, namely that between crime (acts explicitly prohibited by law, and hence illegal) and deviance (acts that breach informal social norms and rules and hence con- sidered undesirable or objectionable). Some analysts focus their attention on the for- mer, those activities that attract the sanctions of criminal law. Others, however, take a 10 CYBERCRIME AND SOCIETY broader view, including within cybercrime acts which may not be illegal, but which many citizens might view as deviant. An example of this would be sexually explicit speech and imagery online. Given that our primary focus is crime rather than deviance, discussions centre upon those internet-related activities that carry formal legal sanc- tions. It is important to remember, however, that crime and deviance cannot always be strictly separated in criminological inquiry. For example, the widespread perception of a particular activity as deviant may fuel moves for its formal prohibition through new laws. Alternatively, while certain activities may be illegal, much of the population may not think them deviant or problematic, thereby challenging and undermining attempts to outlaw them (one such instance, discussed in Chapter 8, is that of media piracy). Such dynamics, in which boundaries between the criminal and the deviant are socially negotiated, are commonplace in contemporary developments around the internet. Starting from cybercrime as ‘computer-mediated activities that are illegal’, we can further classify such crime along several different lines. One approach is to distinguish between ‘computer-assisted crimes’ (crimes that pre-date the internet, but which are renewed online, e.g., fraud, the$, money laundering, sexual harassment, hate speech, pornography) and ‘computer-focused crimes’ (crimes that have emerged in tandem with the internet, and couldn’t exist apart from it, e.g., hacking, viral attacks, website defacement) (Furnell, 2002: 22; Lilley, 2002: 24). On this classification, the main way to subdivide cybercrime is according to the role played by the technology – whether the internet plays a ‘contingent’ role in the crime (it could be done without it, using other means), or if it is ‘necessary’ (without the internet, no such crime could exist). This kind of classification is adopted by policing bodies such as the UK’s National Crime Agency, its National Cyber Crime Unit, and the National Cyber Security Centre. While the above distinction is helpful, it may be rather limited for criminological purposes, as it focuses on the technology at the expense of the relationships between offenders and their targets or victims. One alternative is to use existing categories drawn from criminal law into which their cyber-counterparts can be placed. Thus, Wall (2001a: 3–7) sub-divides cybercrime into four established legal categories: 1. Cyber-trespass – crossing boundaries into other people’s property and/or causing damage, e.g., hacking, defacement, viruses. 2. Cyber-deceptions and thefts – stealing (money, property), e.g., credit card fraud, intellectual property violations. 3. Cyber-pornography – breaching laws on obscenity and decency. 4. Cyber-violence – doing psychological harm to or inciting physical harm against others, breaching laws protecting the person, e.g., hate speech, stalking, harassment. Such classification sub-divides cybercrime according to the target of the offence: the first two categories comprise ‘crimes against property’, the third covers ‘crimes against morality’ and the fourth relates to ‘crimes against the person’. To these we might add ‘crimes against the state’, those activities that breach laws protecting the integrity of the nation and its infrastructure (e.g., terrorism, espionage and disclo- sure of o&cial secrets). Such a classification is helpful, allowing us to relate cyber- crime to existing conceptions of prohibited and harmful acts. CYBERCRIME AND THE INTERNET 11 1.5 WHAT’S ‘NEW’ ABOUT CYBERCRIME? The classification outlined thus far may not by itself illuminate all the relevant charac- teristics of cybercrime. By relating such crime to familiar forms of offending, it stresses aspects of cybercrime that are continuous with ‘terrestrial’ crimes. Consequently, it doesn’t really isolate what might be qualitatively different or new about cybercrimes, when considered from a broader, non-legal viewpoint. This question of the novelty of cybercrime is an important one. For some, cybercrime is largely the same as ‘old- fashioned’ non-virtual crime – it just uses some new tools that are helpful for offend- ers, what Grabosky (2001) dubs ‘old wine in new bottles’. Others, however, see it as a new form of crime that is radically different from familiar o(ine crimes. Among this latter group, many criminologists find novelty in the social-structural features of the environment (cyberspace) in which such crimes occur. This environment is seen to have a profound impact upon how social interactions can take place (both licit and illicit), and so transforms the potential scope and scale of offending, altering the rela- tionships between offenders and victims, and the ability of criminal justice systems to respond (Capeller, 2001). Particular attention is given to how cyberspace transcends, explodes, compresses or collapses the constraints of space and time that limit interac- tions in the ‘real world’. Theorists of the internet suggest that cyberspace makes possible near-instantaneous encounters and interactions between spatially distant actors, creat- ing possibilities for ever-new forms of association and exchange. Criminologically, this renders us vulnerable to an array of potential predators who can reach us instantane- ously, untroubled by the normal barriers of physical distance. Moreover, the ability of offenders to target individuals and property is seemingly amplified by the internet – computer-mediated communication (CMC) enables a single individual to reach, inter- act with, and affect thousands of others simultaneously. Therefore, the technology acts as a ‘force multiplier’ enabling individuals with minimal resources to generate poten- tially huge negative effects (mass distribution of email scams and distribution of viruses being two examples). Additionally, emphasis is placed on how the internet enables the manipulation and reinvention of social identity – cyberspace interactions give indi- viduals the capacity to reinvent themselves, adopting new virtual personae potentially far removed from their ‘real world’ identities (Turkle, 1995). Criminologically, this is a powerful tool for the unscrupulous to perpetrate offences while maintaining anonym- ity through disguise, and a formidable challenge to those tracking down offenders. From the above viewpoint, it is the novel social-interactional features of cyber- space (the collapse of space–time barriers, many-to-many connectivity, and the anonymity and changeability of online identity) that make possible new forms and patterns of illicit activity. It is this difference from the ‘terrestrial world’ of conven- tional crimes that makes cybercrime distinctive and original. 1.6 EXPLAINING CYBERCRIME Criminology has long sought to uncover the underlying causes behind law- breaking behaviour. Thus, theories of crime attempt to locate the forces that propel 12 CYBERCRIME AND SOCIETY or incline people towards transgressing society’s rules. Such explanations are inevi- tably based upon data relating to criminal activity in ‘real-world’ settings and situ- ations. The emergence of the internet poses challenges to existing criminological perspectives in so far as it exhibits structural and social features unlike those of conventional ‘terrestrial’ settings. It is not entirely clear whether established theo- ries are compatible with cyberspace and the crimes that occur within it. Although Chapter 2 explores criminological theory in detail, it is worth highlighting two such challenges for criminology here: 1. The problem of ‘where’: Many criminological perspectives are based upon ‘ecological’ assumptions. That is, they view crimes as occurring within places that have distinc- tive social, cultural and material characteristics. It is in these distinctive environmental features that the causes of the crime are supposedly to be found. Many recent crimi- nological perspectives focus upon the spatial organization of lived environments and explain patterns and distributions of offending according to how such environments are configured. So, for example, routine activity approaches focus on how potential offenders can converge in space and time with potential targets, thereby creating the conditions in which offending takes place (Cohen and Felson, 1979). Such thinking has also inspired a range of crime mapping, measurement and prevention programmes, again focused on identifying criminogenic environments and localities whose crime- inducing characteristics can then be removed (Fyfe, 2001). However, such approaches run into difficulties when we consider cybercrimes. The environment in which such crimes take place, cyberspace, cannot straightforwardly be divided into distinctive spatial locations, in the way we can distinguish in the ‘real world’ between neighbour- hoods and districts, urban and suburban, the city and the country. Rather, cyberspace can be viewed as basically ‘anti-spatial’ (Mitchell, 1995: 8), an environment in which there is ‘zero distance’ between all points, so that identifying locations with distinc- tive crime-inducing characteristics becomes well-nigh impossible (Yar, 2005b). The inability to answer the question of ‘where’ crimes take place in cyberspace indicates that criminological perspectives based on spatial distinctions may be of limited use. 2. The problem of ‘who’: Criminological theories also seek to understand why some indi- viduals engage in law-breaking behaviour while others don’t. Official statistics indicate that offending is socially as well as spatially located; offender profiles show a prepon- derance of those with certain shared characteristics. One such characteristic has been the over-representation among known offenders of those from socially, economically, culturally and educationally marginalized backgrounds. Consequently, the fact of deprivation has come to be causally linked to offending behaviour (Finer and Nellis, 1998). Not all criminologists concur, as Marxist and other critical criminologists claim the association of socio-economic marginality with criminal activity is more a product of the class-based prejudices of the criminal justice system than of any real concen- tration of offending among particular social groups. However, much mainstream criminology gives credibility to the view that the ‘crime problem’ is one predominantly centred upon those who suffer social exclusion (although controversy continues to rage between those on the political Left who find the causes of such exclusion in eco- nomic structures and processes (Wilson, 1996), and those on the Right who attribute it to the individual’s fecklessness and irresponsibility (Murray, 1984). Wherever we stand CYBERCRIME AND THE INTERNET 13 on the ultimate origins of exclusion, the relationship between marginality and offend- ing is an established feature of criminological explanation. When we come to consider cybercrime, however, this correspondence appears to break down. It was noted earlier that the capacity to access and use the internet is unevenly distributed across soci- ety, with those in the most marginal positions enjoying least access. Conversely, the skills and resources required to commission offences in cyberspace are concentrated among the relatively privileged: those enjoying higher levels of employment, income and education. Consequently, the social patterns of internet criminality may turn out to be different from those identified in the terrestrial world, with cyber-offenders being ‘fairly atypical in terms of traditional criminological expectations’ (Wall, 2001a: 8–9). If true, then using concepts such as marginality and exclusion to explain the ori- gins of offending behaviour, so prevalent in relation to offline criminology, might be of limited value when explaining the genesis of cybercrimes. Thus criminology, as much as criminal justice, faces challenges from the emergence of cybercrime. Rather than transposing an existing stock of empirical assump- tions and explanatory concepts onto cyberspace, the appearance of internet crimes might require considerable theoretical innovation. Criminology itself may need to start looking for some ‘new tools’ for these ‘new crimes’. 1.7 CHALLENGES FOR CRIMINAL JUSTICE AND POLICING From the discussion above, we can see the internet’s distinctive features that shape the crimes taking place online. These features pose di&culties for tackling crime using the established structures and processes of criminal justice systems. Not least among these is that policing has historically followed the organization of political, social and economic life within national territories. Moreover, crime control agen- cies traditionally operate within local boundaries, focusing attention and resources on crimes occurring within their ‘patch’ (Wall, 2007a: 160). Yet cybercrime, given the global nature of the internet, is an inherently de-territorialized phenomenon. Online crimes bring together offenders, victims and targets that may be physically situated in different countries and continents, and so the offence spans national ter- ritories and boundaries. While there are ongoing attempts to strengthen transna- tional policing through agencies such as Europol and INTERPOL, these are largely focused upon sharing intelligence related to large-scale organized crime. That said, increasing efforts are being made to facilitate transnational cooperation between countries investigating cybercrime. For instance, a more focused transnational ini- tiative is the EU high-tech crime agency European Network and Information Secu- rity Agency (ENISA), established in 2004; yet its role is not directly investigatory, but restricted to coordinating investigations into cybercrime by police in member countries (Best, 2003). The United Nations also fosters international cooperation on cybercrime through the United Nations O&ce on Drugs and Crime (UNODC), specifically through their Global Programme on Cybercrime. However, its primary mandate is to ‘assist Member States in their struggle against cyber-related crimes through capacity building and technical assistance’ (UNODC, 2018b). In the US, 14 CYBERCRIME AND SOCIETY the Bureau of International Narcotics and Law Enforcement Affairs (INL) – part of the US State Department – has also been fostering international relationships to combat cybercrime, although these efforts are primarily about promoting and exporting American policing strategies and policies and reinforcing the US’s abil- ity to investigate transnational crimes that impact itself. The point is that efforts are being made but are incremental rather than revolutionary in the development of international cybercrime investigative capabilities. Further problems relate to the constraints of limited resources and insu&cient expertise. For example, the UK’s National Hi-Tech Crime Unit (NHTCU) was estab- lished in 2001, comprising 80 dedicated o&cers and with a budget of £25 million; how- ever, this amounted to less than 0.1 per cent of the total number of police, and less than 0.5 per cent of the overall expenditure on ‘reduction of crime’ (Home O&ce, 2002). Moreover, by 2009 the NHTCU had been absorbed into the Serious and Organised Crime Agency (SOCA) and was subsequently displaced by the Police Central e-Crime Unit (PCeU). SOCA and the PCeU were both absorbed by the National Crime Agency and now cybercrimes are handled by the National Cyber Crime Unit (see discussion of these and other related developments in Chapter 15). The agency reported that in 2016–17 they expended £5.74 million on their National Cyber Crime Unit, which was approximately only 1.12 per cent of the agency’s total operating costs (NCA, 2017: 76). In the US, the Bureau of Justice Statistics collects data from over 3,000 local and state law enforcement agencies. According to their estimates, while 76 per cent of police departments with 100 or more o&cers have special units or personnel designated to the investigation of cybercrime, only 26 per cent of departments with 99 o&cers or fewer have such designated expertise within their departments (Reaves, 2015: 9). Unfor- tunately, 94.7 per cent of police departments in the US have fewer than 100 o&cers (Reaves, 2015: 3). From these statistics, most US police departments do not appear to have o&cers assigned to cybercrimes investigations. Part of this issue stems from train- ing, which is o$en limited as a result of ‘a range of factors … such as operating budgets and the total available agency manpower’ (Holt, Burruss, and Bossler, 2015: 44). The lack of organizational stability and continuity in cybercrime policing may itself disrupt efforts to effectively tackle online crime. ENISA, the EU agency, labours under similar budgetary constraints. It was established with an annual allocation of just )24.3 million to coordinate transnational investigations spanning the then 25 member countries (Best, 2003); by 2012, this budget had been cut to a mere )8.5 mil- lion (ENISA, 2012). While the budget for 2016 increased to around )11 million, and it increased again to nearly )17 million in 2019, it nevertheless remains well behind even the modest funding that was allocated at inception (ENISA, 2018, 2019). In the US, federal investment in law enforcement training and technologies to combat cybercrime has been increasing. In 2023, the federal budget included $10.9 billion allocated for civilian cybersecurity, in addition to the substantial (but unspecified) amounts spent by the military on cyber capabilities (Statista, 2023). This indicates that growing concerns about cybercrime are now being reflected in significantly increased resource allocation. Despite this shi$, it is notable that resources are (a) unevenly distributed across nations and regions, and (b) need to keep pace with a problem that CYBERCRIME AND THE INTERNET 15 continues to grow in scope, scale and complexity. Consequently, it remains to be seen whether such investment is effective or adequate to address the challenges at hand. A lack of expertise also presents barriers to the policing of cybercrime. Inves- tigation will o$en require specialized technical knowledge and skills, and there is little indication that police have the appropriate training and competence, although inroads are being made, predominantly through the creation of specialized o&cers and units (Reaves, 2015: 9). Moreover, research indicates that many police don’t view the investigation of cybercrime as part of their normal responsibilities, prefer- ring that these investigations be handled by cybercrime units or specialists (Holt et al., 2015: 63). For instance, Holt, Burruss, and Bossler (2015: 88) found that a large proportion of officers [in their study’s sample] were actually unsure about what they thought about cybercrime and what should be done about it. Most of the officers had little direct experience with computer crime to help them form opinions on these offences. The evidence seems rather clear, however, that officers would prefer to not become directly involved in cybercrime cases and would rather see changes in citizen online behaviour and to the legal system. The di&culties are intensified by the existence of different legal regimes across national territories. The move towards the international harmonization of internet law has already been noted. While initially many countries lacked the legislative frameworks to effectively address cybercrimes, more countries are building such legal frameworks. The UNODC Cybercrime Repository indicates that 159 coun- tries have laws addressing cybercrime, amounting to over 1,300 individual pieces of legislation (UNODC, 2018a). While laws addressing cybercrime proliferate, issues arise in their implementation. Attempts to legislatively tackle cybercrime may also clash with existing national laws. In one example, the US introduction of the Com- munication Decency Act in 1996, aimed at curbing offensive and indecent images on the internet, was partly overturned as some of its provisions were held to breach constitutional guarantees relating to freedom of speech and expression (Biegel, 2003: 129–36). Even where appropriate legal measures are in place, many countries (espe- cially in the developing world) simply lack the resources needed to enforce them. In countries facing urgent economic problems and considerable social and political instability, the enforcement of internet laws will likely be low on the list of priorities, if it appears at all. In fact, it may be that many of the laws developed to address cyber- crime constitute what Drezner (2004: 484) calls ‘sham standards’ where ‘governments agree to a notional set of standards with weak or non-existent monitoring or enforce- ment schemes. Sham standards permit governments to claim the de jure existence of global regulatory coordination, even in the absence of effective enforcement.’ 1.8 SUMMARY Over the past three decades, cybercrime has become a widely debated topic. Our understandings of cybercrime are simultaneously informed and obscured by polit- ical and media discussions of the problem. The rapid growth of the internet has 16 CYBERCRIME AND SOCIETY clearly created unprecedented new opportunities for offending. These developments present serious challenges for criminal justice, as it struggles to adapt to crimes that occur in the virtual environment of cyberspace, which spans the globe through the internet’s instantaneous communication capability, and affords offenders new pos- sibilities for anonymity, deception and disguise. Society’s increasing dependence on networked computer technology renders us vulnerable to the failure and exploita- tion of those systems. Equally, cybercrime poses di&cult questions for criminolo- gists. The discipline has formed its theories and explanations based on assumptions (about who, what, where and so on) drawn from offending in the terrestrial world. If the virtual environment is radically different from its terrestrial counterpart, crimi- nology is challenged to adapt its perspectives in order to properly grasp cybercrime, or to develop new concepts and vocabularies better suited to the online world. STUDY QUESTIONS How does public discourse represent the problem of cybercrime? What kind of questions does the emergence of cybercrime invite us to ask? How great a problem are cybercrimes compared to those terrestrial crimes with which we are more familiar? What is new or different about cybercrime? What kinds of cybercrimes do internet users encounter? Who are the cybercriminals? Are they the ‘usual suspects’ of criminal justice and criminology? How might the growth of cybercrimes shape the future development of the internet? FURTHER READING Castells M (2001) The Internet Galaxy. Oxford: Oxford University Press. Greengard S (2015) The Internet of Things. Cambridge, MA: The MIT Press. Hafner K and Lyon M (1996) Where the Wizards Stay Up Late: The Origins of the Internet. New York: Simon & Schuster. Jewkes Y and Yar M (eds) (2010) Handbook of Internet Crime. London: Routledge. Miller V (2020) Understanding Digital Culture, 2nd edition. London: Sage. Rid T (2016) Rise of the Machines: A Cybernetic History. New York: WW Norton. Wall DS (2007) Cybercrime. Cambridge: Polity.

Cybercrime and the Internet PDF - An Introduction

Document Details

Tags

Related

Summary

Full Transcript