06 Grabowsky (bc/d)

30/4/01

10:30 am

Page 243

VIRTUAL CRIMINALITY: OLD

WINE IN NEW BOTTLES?
PETER N. GRABOSKY
Australian Institute of Criminology, Australia

INTRODUCTION

T HAS become trite to suggest that the convergence of computing and

communications has begun to change the way we live, and the way we
commit crime. Whether this will necessitate a revision of our philosophical, historical and sociological assumptions, however, is another matter. One
must beware of overgeneralization and hyperbole, which characterize a great
deal of discourse on the digital age. In the pages that follow, I suggest that
virtual criminality is basically the same as the terrestrial crime with which
we are familiar. To be sure, some of the manifestations are new. But a great
deal of crime committed with or against computers differs only in terms of
the medium. While the technology of implementation, and particularly its
efficiency, may be without precedent, the crime is fundamentally familiar. It
is less a question of something completely different than a recognizable crime
committed in a completely different way.
Perhaps the most remarkable developments relating to crime in the digital
age are its transnational implications, and the threats to personal privacy
posed by new technologies. The speed of electronic transactions allows an
offender to inflict loss or damage on the other side of the world, bringing new
meaning to the term remote control. In addition, digital technology facilitates surveillance, by public agencies and the private sector, to a degree that
is quite revolutionary.
MOTIVATION
Let us look first at motivations of those who would commit computer-related
crime. One could perhaps be excused for observing plus ca change, plus cest
la meme chose. Computer criminals are driven by time-honoured motivations, the most obvious of which are greed, lust, power, revenge, adventure,
SOCIAL & LEGAL STUDIES 0964 6639 (200106) 10:2 Copyright 2001
SAGE Publications, London, Thousand Oaks, CA and New Delhi,
Vol. 10(2), 243249; 017405

Downloaded from sls.sagepub.com at University of Portsmouth on January 3, 2015

06 Grabowsky (bc/d)

244

30/4/01

10:30 am

Page 244

SOCIAL & LEGAL STUDIES 10(2)

and the desire to taste forbidden fruit. While many criminal acts flow from
mixed motives, it is greed that primarily underlies electronic funds transfer
fraud, and lust that drives the traffic in child pornography. The ability to
make an impact on large systems may, as an act of power, be gratifying in and
of itself. The desire to inflict loss or damage on another may also spring from
revenge, as when a disgruntled employee shuts down an employers computer
system, or ideology, as when one defaces the web page of the United States
Central Intelligence Agency. Much activity that occurs on the electronic frontier entails an element of adventure, the exploration of the unknown. The
very fact that some activities in cyberspace are likely to elicit official condemnation is sufficient to attract the defiant, or the irresistibly curious. Given
the degree of technical competence required to commit many computerrelated crimes, there is one other motivational dimension worth noting here.
This, of course, is the intellectual challenge of mastering complex systems.
None of the above motivations is new. The element of novelty resides in
the unprecedented capacity of technology to facilitate acting on these motivations.
INTERPERSONAL RELATIONS IN CYBERSPACE
Digital technology has, to some extent, impacted on interpersonal relations.
The illusion of anonymity seems to have elicited more candour over the internet than one would expect in face-to-face communications. But whether the
role play that occurs in some chatrooms constitutes something completely
different from good theatre, in which the actors are immersed in their roles,
is open to question. To be sure, some of this role play is extremely aggressive, or otherwise antisocial. But any more so than a performance of Hamlet?
The internet has indeed brought about significant changes in human interaction. Ordinary investors are now able to buy and sell shares online without
dealing through intermediaries such as underwriters, brokers and investment
advisers. While this may enhance the efficiency of securities markets, it also
provides opportunities for criminal exploitation. But the fundamental criminality is still reducible to the basics: misrepresenting the underlying value of
a security at the time of the initial public offering, or market manipulation
during secondary trading of a security, through the dissemination of false
information, or engineering a deceptive pattern of transactions to attract the
attention of the unwitting investor.
One hears anecdotes about children who have been lured from the safety
of their homes by paedophiles after an initial encounter in an internet chatroom, or women who, after an electronically arranged assignation, meet with
foul play at the hands of a predator. But is this really new? Cyberspace serves
the same function as the busstop, the schoolyard or the disco.
There is another sense in which digital criminality may be similar to conventional criminality. At the risk of oversimplification, one may divide conventional criminals into two classes: the competent and the incompetent.

Downloaded from sls.sagepub.com at University of Portsmouth on January 3, 2015

06 Grabowsky (bc/d)

30/4/01

10:30 am

Page 245

GRABOSKY: VIRTUAL CRIMINALITY

245

Sooner or later, most of the latter wind up in prison. The competent ones
avoid detection, or at the very least, prosecution and conviction. So it is with
cybercriminals. The most adept are never noticed, much less identified. By
contrast the inept cybercriminal leaves his footprints all over cyberspace.
NEW CHALLENGES FOR THE STATE
The digital age has begun to pose new challenges for the state. Blasphemous,
seditious, salacious, and otherwise offensive communications have long been
the focus of governmental preoccupation. In an era where many governments
seek to shed functions and devolve powers, the urge to control digital technology remains strong. And yet the ability of governments and legal systems
to adapt to new media for the transmission of offensive content is somewhat
limited. Of course, one could always pull the plug, and severely restrict citizens access to cyberspace. But those governments which seek to maximize
the economic well-being of their citizenry realize that it is futile to try to hold
back the tide of globalization, and that failure to get in on the ground floor
of electronic commerce may retard economic development.
The challenges faced by governments are by no means limited to the regulation of online content. In English-speaking societies at the very least, the
capacity of public police is now acknowledged to be limited. Most victims of
residential burglary are aware that they stand little chance of recovering their
lost possessions; they harbour few illusions that their offender will eventually be brought to justice. The role of the police is often limited to that of
legitimizing insurance claims and providing a few kind words (and perhaps
some crime prevention advice) to the victim. Individuals are, to an extent that
few wish to acknowledge openly, largely on their own as far as crime prevention is concerned. And so those who can afford it acquire sophisticated
alarm systems and live in gated communities. The necessity of self-reliance
in crime control is no less in cyberspace than in ones physical neighbourhood.
PARADOXES OF THE DIGITAL AGE
In addition to the tension between the shrinking state, and the imperative to
direct traffic on the information superhighway, the digital age has given rise
to other paradoxes. Technologies of anonymity and pseudonymity such as
remailers and cryptography can provide a modicum of cover for someone
wishing to mask his or her identity and the content of his or her communication. But not everyone avails themselves of such technologies, and capacities of surveillance exceed all but the most determined users.
Cryptography, regarded by law enforcement as a threat, is one of the
fundamental pillars of electronic commerce. Without this secure technology,
electronic payments, much less the transmittal of ones credit card details,

Downloaded from sls.sagepub.com at University of Portsmouth on January 3, 2015

06 Grabowsky (bc/d)

246

30/4/01

10:30 am

Page 246

SOCIAL & LEGAL STUDIES 10(2)

would be that much riskier. Cryptography may be a boon to criminals, but

it is arguably an even greater boon to legitimate business.
Arguably, the internet constitutes a greater threat to privacy than was ever
thought possible. The possibility of remaining anonymous in cyberspace,
far from being endless, appears significantly constrained. Moreover, the
threat to privacy may come from private as well as governmental sources.
Much is made of so-called hacker sites and chatrooms devoted to teensex,
many of which are essentially accessible to the public. The fact remains that
these can be wonderful sources of intelligence for law enforcement agencies
or information security specialists. The annals of law enforcement are
expanding with examples of police officers posing as 13-year-old girls who
arrange online assignations with those who were once described as dirty old
men.
THE PRIVATE THREAT TO PRIVACY
Of perhaps even greater significance is the exploitation of personal information by private commercial interests. The amount of personal information available about individuals spending patterns and consumer
preferences is surprising to many. In the past, information privacy was protected by data dispersion (Clarke, 1988). A great deal of personal information may have been stored here and there in various locations (whether
public or private), but aside from major investigations, the cumbersome
logistics of sorting through rooms full of forms in one place and another precluded collation on any significant scale. Technologies of data manipulation
that permit merging of databases and matching of individual identities now
facilitate the aggregation of data from disparate sources (Clarke, 1988). The
term data mining is commonly used to refer to such practices. The linkage
of disparate data is facilitated by the existence of identification numbers that
are common in most industrial societies. The nine-digit Social Security
Number in the United States is a classic example. Through the collation of
disparate personal details, the whole becomes greater than the sum of its
parts.
One suspects that most individuals are not resorting increasingly to anonymity, and that their personal details are accessible in abundance. Moreover,
these details are traded freely by marketing firms.
Many people who use electronic mail do so with unusual candour. In the
words of Bennahum (1999, 102) Email is a truth serum. But unlike a faceto-face conversation, electronic communications are not evanescent. Records
persist, and may return to haunt one or more participants in the communication. Even when a message is erased, it may have been retained by another
party to the communication, or it may have been backed up on one or more
system files. Moreover, many communications are accessible merely by using
readily available search technology. One estranged husband searched the
internet for his ex-wifes account name and collected 30 pages of messages

Downloaded from sls.sagepub.com at University of Portsmouth on January 3, 2015

06 Grabowsky (bc/d)

30/4/01

10:30 am

Page 247

GRABOSKY: VIRTUAL CRIMINALITY

247

that she had posted in chatrooms, not all of which reflected well on her as a
parent. Seeking greater visiting rights with his children, he presented them
unsuccessfully to the mediator in his custody hearing (Glod, 1999).
THE TRANSNATIONAL DIMENSION
One of the greatest challenges posed by the advent of digital criminality is
the enormously enhanced potential for transnational offending. Many, if not
most, cybercrimes can now be committed from the other side of the world
as easily as from the building next door. Not only will this tend to make
identification of the perpetrator somewhat more difficult, it will greatly
impede prosecution of the offender.
Despite the hackneyed contention that the world is shrinking, laws differ.
Some jurisdictions prohibit unauthorized access to a computer system, while
others do not. Some make it a crime to alter or erase data, while others do
not. Nations such as Germany make it a crime to disseminate neo-Nazi propaganda. As distasteful as such material may be, the right to do so is protected
by the Constitution of the United States of America. Some nations criminalize online gambling, while others see it as a wonderful source of export
income.
A degree of common legal ground is required in order to mobilize the law
of a foreign state on ones behalf. Without dual criminality, assistance of the
jurisdiction in which the offender is situated is most unlikely to be forthcoming. But even if there is a degree of consistency, enforcement by officials
in the host nation may by no means follow automatically. All law enforcement agencies have their priorities. If I, comfortably situated in Australia,
were foolish enough to fall victim to an online investment fraud originating
in Albania, the Australian authorities and/or their Albanian counterparts
may have more pressing demands. My case may never receive serious investigative consideration by authorities in either jurisdiction.
IMPLICATING THIRD PARTIES
New opportunities for computer-related crime can create new responsibilities for third parties. Consider, for example, the liability of employers for
misuse of office computers by employees. If I were to send a co-worker sexually offensive email messages, my employer could be liable for failing to
provide a safe working environment. What degree of preventive or reactive
response would be required on my employers part in order to avoid liability?
Companies whose shares are traded on major stock exchanges are generally required by their national laws to ensure that information disclosed
about the company and its activities is full and accurate. With the increasing
use of the World Wide Web as a medium of corporate public relations come

Downloaded from sls.sagepub.com at University of Portsmouth on January 3, 2015

06 Grabowsky (bc/d)

248

30/4/01

10:30 am

Page 248

SOCIAL & LEGAL STUDIES 10(2)

new responsibilities for disclosure. Corporate websites can be hacked or

mimicked with uncanny realism. How often should a companys website be
checked or updated in order to ensure that the information it contains is
correct? What is an unacceptable delay in rectifying misinformation? What
is the appropriate course of action for a company that discovers that its
website is linked to other websites which themselves may contain inaccuracies about the company in question? The future will no doubt present a
number of such scenarios, and it will be interesting to observe how they are
resolved. To safeguard against some of these difficulties, many companies
have begun to engage the services of consultants who scan the internet for
corporate references (Grabosky, Smith and Dempsey, 2001, ch. 6).
CONCLUSION
One of the basic tenets of criminology holds that crime can be explained by
three factors: motivation, opportunity, and the absence of a capable guardian.
This explanation can apply to an individual incident as well as to long-term
trends. Derived initially to explain conventional street crime, it is equally
applicable to crime in cyberspace. As we have seen, motives for computerrelated crime are nothing new. Technologies may change rapidly, but human
nature does not. The Ten Commandments are as relevant today as they were
in Biblical times. The thrill of deception characterized the insertion of the
original Trojan Horse no less than did the creation of its digital descendants.
By contrast, the variety and number of opportunities for cybercrime are
proliferating. The exponential growth in connectivity of computing and communications creates parallel opportunities for prospective offenders, and parallel risks for prospective victims. As the internet becomes increasingly a
medium of commerce, it will become increasingly a medium of fraud.
Capable guardianship has evolved over human history, from feudalism, to
the rise of the state and the proliferation of public institutions of social
control, to the postmodern era in which employees of private security services vastly outnumber sworn police officers in many industrial democracies.
The policing of terrestrial space is now very much a pluralistic endeavour. So
too is the policing of cyberspace. Responsibilities for the control of computer
crime will be similarly shared between agents of the state, information
security specialists in the private sector, and individual users. In cyberspace
today, as on terrestrial space two millennia ago, the first line of defence will
be self-defence.
DISCLAIMER
Opinions expressed in this essay are those of the author, and not necessarily
those of the Australian Institute of Criminology or the Australian Government.

Downloaded from sls.sagepub.com at University of Portsmouth on January 3, 2015

06 Grabowsky (bc/d)

30/4/01

10:30 am

Page 249

GRABOSKY: VIRTUAL CRIMINALITY

249

REFERENCES
Bennahum, D. (1999) Daemon Seed: Old Email Never Dies, Wired 7.05 (May)
10011.
Clarke, R. (1988) Information Technology and Dataveillance. Commun. ACM 31,5
(May 1988) 498512 http://www.anu.edu.au/people/Roger.Clarke/DV/CAC
M88.html (visited 30 December 1999)
Glod, M. (1999) Spouses may delete their marriage, but e-mail lives on as evidence,
Seattle Times 28/4/99. http: //archives.seattletimes.com/cgi-bin/texis.mummy/
web/vortex/display? StoryID = 3733259942 &query = internet+and+privacy
(visited 13 June 1999)
Grabosky, P., R. G. Smith and G. Dempsey (2001) Electronic Theft: Unlawful
Acquisition in Cyberspace. Cambridge: Cambridge University Press.

Downloaded from sls.sagepub.com at University of Portsmouth on January 3, 2015