Criminogenic Attributes in Digital Domains
Abstract – Within the abstract and systemic criminological field of digital domains, science is striving to identify ‘capable guardians’ to protect the information systems comprising cyberspace. Currently criminology is attempting to obtain this objective through the employment of a theoretical framework, which originates in studies of crime in ‘meatspace’ (Pease, 2001). The application of successful criminological theory in real life does not necessarily translate into the vocabulary of crime and deviance in digital environments, but requires the addition of a different grammar.
Criminology; cybercrime; critical infrastructure protection; digital deviance; national security; cyber-threat; corporate risk; governance; resilience.
The endless opportunities for crime perpetration and deviant behaviour in digital information exchanges remain uncontested. The presence of a multitude of victims congregating in easily penetrable virtual locations, a cast of anonymous offenders ranging from juvenile delinquents to terrorists and state-sponsored cyber-aggressors, operating in the blatant absence of capable guardians, challenge purported criminological theories on crime causation and perpetration.
Seen in a situational crime prevention perspective Newman and Clarke (2003) identify and categorise criminogenic attributes, which are conducive to perpetration of crime in cyberspace with the acronym SCAREM: Stealth, Challenge, Anonymity, Reconnaissance, Escape, and Multiplicity. This assumption is further compounded by complex challenges of novel socio-interactional features that are found in digital environments, such as the dissolve of spatial-temporal barriers (Yar, 2005), trust-risk relations (Capeller, 2001), and the perceived anonymity of individual users, carrying the psychological effect of deindividuation, causing anti-normative behaviour (Demetriou and Silke, 2003).
It appears possible to posit that the criminological epistemology does not supplant, but rather complete inescapable multidisciplinary suppositions, which have become compulsory in confronting the ubiquitous complexities that comprise the socio-technological fabric of the digital domain. This argument is furthered by the steady expansion in digital opportunity, making Information and Communications Technologies available to an increasing number of users worldwide, minimising the ‘global digital divide’ (ITU/UNCTAD, 2007). As the number of users rises worldwide, and an increasing proportion of ‘everyday social life’ is staged in a digital reality, the risk increases falling victim of various forms of virtual crime and deviance.
II. THE THREAT IMAGERY
In comparison to the cataclysmic threat imagery of the ‘Electronic Pearl Harbour’ in national security discourse, the threat imagery in technical and criminological discourse appears more subtle, yet still equally spoken in terms of disastrous predictions. Particularly in popular discourse, including media discussions on crime and deviance in cyberspace, shrill warnings of apocalyptic meltdowns of society are predominant. Most commentators concur that the ontological and epistemological constructs of digital domains empower deviance and crime – both in instrumental, environmental, and incidental terms (see Yar, 2006; Brenner, 2010). Subsequently the threat imagery in criminology is constructed around the notion that ubiquitous digital opportunities in cyberspace is a decisive force multiplier of crime and deviance – affecting victims in both virtual reality and in real time.
III. DILEMMAS IN HYPHENATING CYBER AND CRIME
‘Cybercrime’ is the linguistic construct of ‘cyberspace + crime’ in contemporary criminology (Yar, 2006; Brenner, 2010). This relatively simplistic, but nonetheless central equation in the criminological vocabulary conceals a noisy theoretical debacle on criminogenic attributes in digital domains. Current criminological theory is not settled about crime and deviance in cyberspace. The increase in new forms of ‘virtual sociopathic behaviour’ (Williams, 2000), and the prospective of wider societal impact of digital crime perpetration give rise to several main theoretical discourses and a wealth of interconnected debates in criminological exploration of subjects related to crime and deviance in digitised societies (Wall, 2007).
One discourse brings attention to political and social assumptions informing the criminal justice approach, which suggest the requirement of a shift in contemporary legal and societal paradigms (Moitra, 2004; Garland, 2001; Braithwaite, 1992; Shearing, 2004). As a result of the transnational nature of digital crime, essential criminal justice responses may involve multiple jurisdictions (Choo, Smith and McCusker, 2007; Broadhurst and Choo, 2009), which challenge legislative norms and policing practices traditionally found in national sovereign governance principles (Goodman and Brenner, 2002).
Taking an offset in sociological perspectives of crime, another discourse argues that the digital domain provides opportunities for the motivated offender beyond the traditional forms of crime. The subjective, cultural and experiential aspects of digital crime give rise to the proliferation of new types of virtual criminal activities, which victimize individual users, organizations, and states (Capeller, 2001). Due to continuous socio-technological developments, digital crime is evolving within a context of disruptive transformation, giving birth to new generations of hitherto unseen criminal acts. Contemporary criminological discourse appears diffused across a range of binary opposites, which present central conceptual dilemmas rooted in perpetually turbulent disruptions that emerge from the social and technological construct of the digital domain.
Several scholars attempt to define and categorise cybercrime according to distinct conceptualisations of the relationship between offenders, victims and the digital environment (Yar, 2006; Newman and Clarke, 2003; Thomas and Loader, 2000; Parker, 1998; Wall, 2007; Brenner, 2010).
Socio-technical theory argues that cybercrime does not exist in cyberspace, but information does. The infusion of information in digital exchanges can be propagated in various directions for human expression and interrelation (Huang and Wang, 2009:197). The socio-technical model argues that a gap emerges in the mismatch between what the social system is supposed to do and what the technology can support (Whitworth and de Moor, 2009). Crime perpetration occurs in the virtual distance between social and technical systems, the so-called ‘cybergap’ (Ackerman, 2000). Digital deviance is explained as emerging variants of human-computer interaction. The taxonomy displays a dichotomy of instrumental and expressive forms of deviance similar to the classification logic adopted by Chambliss (1967). It is the contention of this model that criminal justice, social and legal systems are passive and reactive in responding to the proactive high speed innovations in technical systems (Nissenbaum, 2004).
Transformations in cyberspace challenge theoretical conceptualization of digital crime, demanding the creation of an adaptive capacious theoretical framework, which produce overarching reflexive pragmatic solutions to the evolving discourse permeating causation and perpetration theories on crime in digital domains.
From this observation one can derive that crime, as an expression of human exchanges of information in cyberspace, is ‘digital’ and is wrongly hyphenated by ‘Cyber’. The main question in contemporary criminology appears to be whether criminalisation of human exchanges of information are adequately described by existing theory, or are in need of new theory (Grabosky and Smith, 2003).
IV. VIRTUAL RISKS
Variants of digital deviance typically comprise conceptualisations of expressive and instrumental crimes with which we are familiar in meat space. Despite such constructs of offences in national law there is no consensus about how to deal with digital offences collectively, neither domestically nor internationally (Goodman and Brenner, 2002: 89). Variants of digital deviance appear to emerge at a pace beyond the normal capabilities of social control. Contemporary research converges on the agreement that responsibility for controlling crime and deviance mediated by computers and networked technology is shared between individual users, the private sector and agents of the state. Faced with the dynamics of the ‘risk society’, contemporary societies still base decision-making and response on the model of the industrial society, thus political systems and legal systems are unable to cope with new realities (Beck, 1999). If individuals were abandoned in ‘the turbulence of the risk society’ (Beck, 1999), they are equally exposed to virtual risk (Capeller, 2001).
In sum, deviance in the abstract and systemic criminal field of the digital domain cannot be contained within the three traditional factors of explanations of crime: motivation, opportunity, and the absence of capable guardians. Human-computer information exchange in a virtual social reality – a community of risk without the notion of trust – will be exposed to variants of predatory social engineering, which in technical sophistication and scope of sociological perpetration are developing at a pace that defy legal interpretation and instrumentation beyond the original scope of crime. The scope and scale of opportunities for unrestricted human-computer information exchanges, the wide range of instrumental or expressive motivations to offend, and the controversies in establishing control functions that do not inhibit virtual communications, all outmode traditional criminological paradigms both in theoretical terms and in pragmatic terms of enforcement. The possibilities of digital deviance within the ‘socialisation’ of cyberspace defy the vocabulary of criminology, demanding interconnected multidisciplinary discussions of governance across national security concerns, corporate risk management, and criminogenic attributes in digital domains.
V. THE SECURITY – CRIME – RISK CONTINUUM
In principle any form of interruption or manipulation of information exchange could cascade into areas, which were not originally intended by the perpetrator. Deploying the modus operandi of digital deviance, normatively labelled as crimes with the purpose of personal enrichment for the perpetrator, could unintentionally spill into salient societal functions that are subject to securitisation. The familiar real-world threat dichotomy of internal versus external, and crime versus war is contested in cyberspace. Acts defined as cyber-terrorism are subjected to both securitisation and criminalisation in several jurisdictions (Brenner, 2007).
Linking to discussions regarding protection of critical infrastructures in national security discourse, the diversity of digital deviance impedes a clear demarcation of boundaries between cyber-threats originating in the sphere of national security discourse, digital crime perpetration in law enforcement discourse, and resilient corporate risk governance.
Two main concerns challenge the identification of boundaries between warfare and crime in the digital domain: Securitisation and criminalisation of belligerent forms of disruption to information exchanges are grounded in the external-internal dichotomy contended above. Secondly, in this context an emerging taxonomy of digital deviance includes the intended political or religiously inspired manipulation of human-computer information exchanges that randomly target victims with an aim to disturb, disrupt or destroy core functions of a nation state, a network, a corporation, an individual or cyberspace itself.
This presents the conceptual thesis that digital deviance is resolved by bonding a host of autonomously discrete frameworks together in a multidisciplinary continuum where national security, law enforcement and corporate risk governance converge.
Responding to cyber-threats, whether they are characterised as digital deviance, crime or warfare, require responsibilities to be shared across public and private actors populating the security-crime-risk continuum.
Bridging the cybergap between social and technological systems in response to digital deviance is not solely resolved in criminology. In recent scholarly debates several themes are represented in binary opposites, such as national versus international (Yould, 2003), sovereignty versus the borderless society (Everard, 2000), computer security versus national security (Nissenbaum, 2005), state security versus corporate risk (Petersen, 2008), crime versus deviance (Yar, 2006), state versus private (Krahmann, 2008), sociological versus technological (Whitworth, 2010), old versus new (Grabosky, 2001), and finally anonymity versus accountability (Capeller, 2001). In this multitude of opposing conceptual themes one common factor suggests that developing events manifest themselves as conditional spaces between these extreme poles in a continuum across a set of common traits that bind these seemingly discrete factors together (Krahmann, 2010; Yould 2003; Everard, 2000).
VI. SHARED ACCOUNTABILITY
Cyber-threats are not solely mitigated by an agent of the state, one single corporation or a capable guardian. Responsibilities to establish functional societal resilience are shared across the entire cast of actors in the security-crime-risk continuum with the ultimate objective being a restoration of trust and accountability. The absence of accountability encourages manipulation of human exchanges of information (Capeller, 2001:233).
Public and private actors share responsibilities for establishing social controls, which ensure transparency and proportionality are maintained in the development of new socio-technological mitigation instrumentation. The concept of shared responsibilities remains the pivotal starting point for response mechanisms rooted in national security concerns, crime control, and corporate risk governance. Shared responsibilities become a prerequisite in policy-making and pragmatic implementation of resilience strategies. Responsibilities cannot be shared without the notion of shared accountability. In digital domains accountability is shared equally horizontally across individual users over organizations to government, and vertically from the local community to the international landscape.
In Grabosky’s words it appears that ‘In cyberspace today, as on terrestrial space two millennia ago, the first line of defence will be self-defence’ (Grabosky, 2001:248). Despite the reference to our analogue past his statement contains a stark reminder of our contemporary digitised societal dilemma. The absence of capable guardians in the digital domain demands both horizontal and vertical functional expansion of the conceptual connotation of self-defence. Bridging the cybergap in the virtual distance between social and technological spheres requires a new systemic paradigm that traverses the convergence of battle space, humanitarian space and cyberspace that occurs across the ‘Security-Crime-Risk Continuum’.
Ackerman, M. (2000) ‘The Intellectual Challenge of CSCW: The Gap between Social Requirement and Technical Feasibility, Human-Computer Interaction, Vol. 15, pp. 179-203.
Beck, U. (1999) World Risk Society, Cambridge: Polity.
Braithwaite, J. (1992) Crime, Shame and Reintegration, Cambridge: Cambridge University Press.
Brenner, S. (2007) ‘At light speed: Attribution and Response to Cybercrime/terrorism/warfare. The Journal of Criminal law and Criminology, 97(2), 379-475.
Brenner, S. (2010) Cybercrime: Criminal Threats from Cyberspace, Santa Barbara, CA: Jaeger.
Broadhurst, R. and Choo, K.K.R. (2009) Cybercrime and On-Line Safety in Cyberspace, Working paper, Canberra: ANU. http://ceps.anu.edu.au
Capeller, W. (2001) ‘Not Such a Neat Net: Some Comments on Virtual Criminality,’ Social &Legal Studies, Vol. 10, no. 2, pp 229-242.
Chambliss, W. (1967) ’Types of Deviance and Effectiveness of Legal Sanctions’, Wisconsin Law Review, 1967, pp. 703-719.
Choo, K.R.R., Smith, R.G. and McCusker, R. (2007) Future directions in technology-enabled crime: 2007-09, Research and public policy series no. 78, Canberra: Australian Institute of Criminology.
Demetriou, C. and Silke, A. (2003) ‘A Criminological Internet “Sting”: Experimental Evidence of Illegal and Deviant Visits to a Website Trap,’ British Journal of Criminology, 43, 213-222.
Everard, J. (2000) Virtual States: The Internet and the Boundaries of the Nation-State, London: Routledge.
Garland, D. (2001) The Culture of Control, Oxford: Oxford University Press.
Goodman, M.D. and Brenner, S.W. (2002) ‘The Emerging Consensus on Criminal Conduct in Cyberspace’, International Journal of Law and Technology, Vol. 10, no. 2, pp. 139-223.
Grabosky, P. N. (2001) ‘Virtual Criminality: Old Wine in New Bottles?’ Social Legal Studies, 10; 243-249.
Grabosky, P. and Smith, R. (2003) ’Review of Crime in the Digital Age’, International Journal of Law and Information Technology, 11:98.
Huang, W. and Wang, S.J. K. (2009) ‘Emerging Cyber-crime Variants in the Socio-Technical Space,’ in Whitworth, B. and de Moor, A. (eds.) Handbook in Research on Socio-Technical Design and Social Networking Systems, London: IGI Global.
International Telecommunications Union (ITU) and United Nations Conference for Trade and Development (UNCTAD) (2007) World Information Society Report 2007: Beyond WSI, Geneva: ITU.
Krahmann, E. (2008), ‘The Rise of Non-State Actors in Security Governance’, in Kenneth, P. (ed.) Governance, Globalization and Public Policy, Cheltenham: Edward Elgar Publishing Ltd.
Krahmann, E. (2010) States, Citizens and the Privatization of Security, Cambridge: Cambridge University Press.
Newman, G.R. and Clarke, R.V. (2003) Superhighway Robbery: Preventing E-commerce Crime, Cullompton: Willan.
Nissenbaum, H. (2004) ‘Hackers and the Contested Ontology of Cyberspace,’ New Media Society, Vol. 6, 195.
Nissenbaum, H. (2005) ‘Where Computer Security Meets National Security’ Ethics and Information Technology, Vol. 7, 61-73.
Moitra, S. (2004) ‘Cybercrime: Towards an Assessment of its Nature and Impact,’ International Journal of Comparative and Applied Criminal Justice, Vol. 28(2), pp. 105-123.
Parker, D.B. (1998) Fighting Computer Crime: A New Framework for Protecting Information, NY: Wiley.
Pease, K. (2001) ‘Crime Futures and Foresight: Challenging Criminal Behaviour in the Information Age,’ in Wall, D. (ed.) Crime and the Internet, London: Routledge.
Petersen, K.L. (2008) ’Risk, Responsibility and Roles Redefined: Is Counterterrorism a Corporate Responsibility?’ Cambridge Review of International Affairs, Vol. 21:3, pp. 403-420.
Shearing, C. (2004) ‘Thoughts on Sovereignty’, Policing and Society, Vol. 14 (1), pp. 5-12.
Thomas, D. and Loader, B. (eds.) (2000) Cybercrime: Law Enforcement, Security and Surveillance in the Information Age, London: Routledge.
Wall, D. (2007) ‘Policing Cybercrimes: Situating the Public Police in Networks of Security within Cyberspace’, Police Practice and Research: An International Journal, 8(2): 183-205.
Whitworth, B., and de Moor, A. (eds.) (2009) Handbook of Research on Socio-Technical Design and Social Networking Systems, NL: IGI Global.
Whitworth, B. (2010) A Social Environment Model of Socio-technical Performance, Auckland: Institute of Information and Mathematical Sciences.
Williams, M. (2000) ‘Virtually Criminal: Discourse, Deviance and Anxiety within Virtual Communities,’ International
Yar, M. (2005) ‘The Novelty of ‘Cybercrime’: An Assessment in Light of Routine Activity Theory,’ European Journal of Criminology, 2(4), 407–427:408.
Yar, M. (2006) Cybercrime and Society, London: Sage.
Yould, R. E. (2003) ‘Beyond the American Fortress: Understanding Homeland Security in the Information Age,’ in Latham, R. (ed.) Bombs and Bandwidth: The Emerging Relationship between Information Technology and Security, New York: The New Press.