phyllis young

profilejuniper4252
taylor_holt_digital_crime_terrorism_3rd2015_ch03.pdf

INTRODUCTION

This chapter will focus on the causes of digital crime. There are several theories that have been postulated over the past 100 years to explain crime, and there is an emerging body of research attempting to apply these concepts to digital crimes. A theory is an attempt to answer the question “Why?” In this chapter, theories will be presented that attempt to answer the question “Why do individuals commit digital crime?” This chapter will review crimino- logical theories that can explain digital crime, though it is important to note that these theo- retical frameworks were developed to explain crime in general, not digital crime specifically. As a result, support for some of these theories is mixed and require a great deal of investiga- tion. The discussion presented here will present the existing body of criminological research with a variety of offending and victimization practices, as well as examples to demonstrate how a particular theory can explain digital crime.

CHOICE THEORY

According to choice theory, an individual commits a crime because he or she makes a ratio- nal choice to do so by weighing the risks and benefits of committing the act. If the risks (e.g., apprehension and punishment) outweigh the benefits, then the person will not commit the act. The opposite is also true. Choice theory became popular among criminologists in the late 1970s for three reasons. First, the positive school began to be questioned. The positive school was based on the belief that crime-producing traits and factors could be isolated, and treatment could be administered to eliminate or control the trait/factor. However, it was

3 The Criminology of

Computer Crime

▪ ▪ ▪ ▪ ▪

CHAPTER OBJECTIVES After completing this chapter, you should be able to ■ Discuss the tenets of choice theory, including routine activities theory, and its

applicability to digital crimes. ■ Describe the assumptions of deterrence theory and its utility. ■ Discuss the impact of personality disorders on digital crime. ■ Discuss the major social structure theories that apply to digital crime. ■ Discuss the learning and social control theories that apply to digital crime. ■ Describe the relationship between terrorism and political theory.

43

IS B

N 1

-3 23

-0 06

52 -4

Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.

44 Chapter 3 • The Criminology of Computer Crime

being argued at the time that these factors and traits had failed to be identified and iso- lated after almost 100 years of effort. Individuals became dissatisfied with the positive school and began to offer alternative reasons for why people commit crime.

Second, the reported crime rate in the 1960s and 1970s increased significantly. This was evidence to some that what was currently being done to control crime was not working. Therefore, some began to look for other means to control the crime rate besides treatment and rehabilitation. Third, the practice of rehabilitation came under attack. 1 In 1974, Robert Martinson wrote an article reviewing 231 studies of prison programs aimed at rehabilitating inmates. Martinson concluded that “with few and isolated exceptions, the rehabilitative efforts that have been reported so far have had no appreciable effect on recidivism.” 2 This finding, which was picked up by the mass media, was used by critics of prison programs to argue against rehabilitation as a pri- mary justification for incarceration. The results of the article are commonly referred to as “nothing works.” Since it appeared that the current efforts had failed, many started to call for a change in judicial policy. Many started to emphasize the need for punishment, not rehabilitation, as the primary reason for incarceration.

Based on these reasons, choice theory and its policy implications became popular. Judicial policy started to change focus, on the offense and not the offender. Choice the- ory argues that since the offender has made a rational choice to commit the offense, the focus should be on the offense committed, not the offender. Policies such as mandatory sentencing and “three strikes and you’re out laws” have become popular in recent years and are based on choice theory. The idea is that the way to control crime, including digital crime, is to have offenders fear the punishment and be deterred from committing the act. Since humans are hedonistic, efforts should be placed on making the risks of committing digital crime higher than any benefit derived from committing the offenses. Those who support the use of punishment to control crime assume that the offender is making a choice to commit the act and can be deterred if the risks outweigh the benefits.

Routine Activities

Routine activities theory is based on rational choice. Routine activities theory was developed by Lawrence Cohen and Marcus Felson. Cohen and Felson argue that the motivation to commit crime and the supply of offenders are constant. 3 Many would argue that changes in the crime rates are due to changes in the number of motivated offenders. However, Cohen and Felson argue that there is always a steady supply of offenders who are motivated to commit crime: Changes in crime rates are due to changes in the availability of targets and the absence of capable guardians. 4

According to Cohen and Felson, crime occurs when there is a convergence in time and space of three factors:

1. A motivated offender (e.g., a hacker) 2. A suitable target (e.g., a vulnerable computer system) 3. The absence of a capable guardian (e.g., inadequate software protection) 5

All three factors must be present in order for a crime to occur. In sum, when motivated offenders are present, they make rational choices by selecting suitable targets that lack capable guardianship.

This theory can also account for victimization, as they are the other player in a criminal event. Victimization is most likely when individuals are placed in high-risk

IS B

N 1-323-00652-4

Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.

Chapter 3 • The Criminology of Computer Crime 45

situations, are in close proximity to motivated offenders, appear to be attractive targets to criminals, and lack a capable guardian. 6 In addition, victims report higher levels of deviant behavior than non-victims and share demographic characteristics with offend- ers. 7 Similarly, individuals who engage in criminal and deviant behavior are at an increased risk of victimization. 8

This theory is applicable to digital crime because the rapid expansion of the use of computers and the Internet has increased the number of available targets. The millions of computers online at any point in time are all potential targets for hackers or mali- cious software writers. In addition, the global nature of the Internet means that an offender in Egypt, for example, could hack into hundreds of computer in the United States without ever leaving home.

In addition, without adequate software protection, there is frequently a lack of capable guardians to protect people from digital crime. Physical guardians are readily available on computer systems through antivirus software and similar programs. 9 These programs are expressly designed to reduce the likelihood of attacks from viruses, worms, and data loss by either scanning and preventing infected files from being intro- duced to the system or identifying and removing malicious software if it already has infected the system. Thus, physical guardians in cyberspace work similarly to physical guardians in the real world.

One of the first empirical studies testing this theory conducted by Holt and Bossler found that postulates of routine activities theory can be used to account for online harassment. 10 Specifically, routine computer use, including spending more time in online chat rooms, increased the odds of online harassment. Physical guardianship measures, through antivirus programs and other software, had little influence on the likelihood of being harassed while chatting online. There was also a significant influ- ence that personal and peer involvement in deviance had on the risk of online harass- ment. Engaging in digital crime can expose individuals to offenders, thereby increasing their risk of victimization.

A similar test of malicious software infection found that spending more time online engaging in shopping, e-mailing, and chatting did not affect the likelihood of receiving a virus or worm. 11 Individuals engaging in media piracy and viewing pornog- raphy were at an increased risk of malware infection, largely because these files are attractive packages that many individuals would want to open. Thus, the findings sug- gest that the relationship between crime and victimization in the real world may be replicated in online environments. Additionally, computer software that has been cre- ated specifically to decrease malware victimization had no significant impact in this study. These initial findings suggest that there may be some considerable utility in the routine activities framework, though greater research is needed to better understand and assess its applicability to digital crime.

DETERRENCE THEORY

Deterrence theory flows directly from choice theory. The idea is that offenders, includ- ing digital criminals, commit crime because they make a choice to do so. This choice is based on the perceived risks and benefits of committing the criminal act. If the risks (e.g., apprehension and punishment) outweigh the benefits, then the person will not commit the act. The offender will be deterred from committing the criminal act because of the threat of punishment. There are two types of deterrence: general and specific.

IS B

N 1

-3 23

-0 06

52 -4

Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.

46 Chapter 3 • The Criminology of Computer Crime

General deterrence seeks to discourage would-be offenders from committing criminal acts because of the threat of punishment. Therefore, general deterrence occurs when would-be offenders choose not to commit a certain act because they fear the sanction that may be imposed. Sometimes offenders are made an example of in order to keep others from committing the same act. For example, an eighteenth-century judge report- edly told a defendant, “You are to be hanged not because you have stolen a sheep but in order that others may not steal sheep.” 12 This is an example of general deterrence. Sp ecific deterrence is designed to impose a sanction on a convicted offender in order to prevent him or her from continuing to commit criminal acts in the future. In other words, the sanction should be distasteful to the offender so that he or she does not want to commit any more offenses.

There are several assumptions of deterrence theory. First and perhaps the most important assumption is that individuals are rational actors. 13 In other words, offend- ers weigh the potential risks and benefits of committing a criminal act and then make a conscious decision about whether to commit the offense. As it applies to digital crime, it can be argued that many digital criminals are rational actors, making rational choices to commit a computer crime. Second, offenders must be aware of the penalty for par- ticular crimes. 14 As it applies to computer crime, it is argued that many computer crim- inals do not know the potential penalties they face for particular crimes. Third, they must view the risks as unpleasant. 15 If a computer criminal does not think apprehen- sion and incarceration is unpleasant, then the criminal will not be deterred. Fourth, in order for deterrence to be effective, it is assumed that the sanction is swift, certain, and severe. The sanction must be imposed quickly to have the greatest deterrent effect, and there must be a high probability that a sanction will be imposed.

It is important to keep in mind that it is not the actual certainty, severity, and swiftness of the sanction that serve as a deterrent but the criminal’s perception of the certainty, severity, and swiftness of the sanction. If potential computer criminals believe that the certainty of arrest is high for computer crime, then they will be deterred from committing the offense even if there is little chance of arrest in reality. Likewise, if potential computer criminals perceive prison as a terrible place that they do not want to go to, then they may be deterred from committing offenses. On the other hand, if a computer criminal does not believe that being incarcerated is anything to fear, then the individual is less likely to be deterred. Therefore, if offenders do not believe that the sanctions in court are severe, then they are unlikely to be deterred from committing criminal acts. Likewise, if they do not believe they will be caught, then they perceive a lack of certainty of punishment and thus are likely to commit the crime. The lack of certainty of arrest and punishment is particularly pronounced when it comes to com- puter crime. There is generally a low risk of apprehension and punishment.

There is minimal evidence to support the argument that the threat of arrest and pun- ishment deters criminals. 16 In fact, evidence supports the contention that informal sanc- tions from parents and friends serve as more of a deterrent than legal sanctions. 17 In other words, fearing disapproval from your parents and peers for your actions is more likely to keep individuals from committing those acts than the fear of arrest and punishment.

A limited body of research has considered the applicability of deterrence for soft- ware and music piracy. Research using samples of college students suggests that the certainty of being caught by an IT administrator or fellow student did not reduce the  likelihood of hacking systems without authorization. 18 Severity of punishment, however, helped to reduce the likelihood of hacking activity. 19 The relationship between

IS B

N 1-323-00652-4

Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.

Chapter 3 • The Criminology of Computer Crime 47

detection and software piracy is also mixed. For example, one study found that when the certainty of being caught was high, software piracy declined. 20 Though there is not much research in this area, deterrence may have some success in accounting for digital crimes. Further research is needed to better understand this relationship.

PSYCHOLOGICAL THEORIES

There are several psychological theories that have been applied to criminal activity. This section will explore the impact of moral development and personality disorders on crime. Moral development theories support the contention that there are differences between the moral beliefs of criminals and noncriminals, while personality disorders argue that there are certain personality characteristics that are predictive of crime.

Moral Development and Crime

The relationship between moral development and crime focuses on cognitive develop- ment. Cognitive development theory assumes that individuals develop in a sequential

BOX 3.1

Hijacking the Al Jazeera Web Site

John William Racine II, a Web site designer from Norco, California, pleaded guilty to felony charges after admit- ting to federal authorities that he was responsible for the hijacking of Arabic-language news station Al Jazeera’s Web site during the war in Iraq. He was charged with wire fraud and unlawful interception of an electronic commu- nication. Al Jazeera Space Channel, based in Doha, Qatar, is an Arabic-language media organization that had regis- tered the domain name www.Aljazeera.net through Net- work Solutions, Inc., in Dulles, Virginia. In addition to its satellite television news service, Al Jazeera provides English- and Arabic-language news through its www. Aljazeera.net Web site. Racine diverted the Web site and e-mail traffic for www.Aljazeera.net after learning in March 2003 that the Web site contained images of cap- tured American prisoners of war and soldiers killed in action during Operation Iraqi Freedom.

Racine gained control of the www.Aljazeera.net domain name by defrauding Network Solutions, where Al Jazeera maintained an account for its domain name and e-mail services. Racine then diverted the Web site traffic to another Web site he had designed featuring an American flag in the shape of the continental United States and the words “Let Freedom Ring.” Racine also intercepted approximately 300 e-mail messages destined for the www.Aljazeera.net domain and diverted the mes- sages to an e-mail account under his control.

Racine admitted to FBI agents that he had con- tacted Network Solutions by telephone and e-mail in an

attempt to gain control of the www.Aljazeera.net domain name. He ultimately created a false photo identification card to impersonate an Al Jazeera systems administrator and forged the systems administrator’s signature on a Network Solutions “Statement of Authorization” form. Racine then sent the fraudulent documents to Network Solutions by facsimile and induced Network Solutions to give him control of the Al Jazeera account.

Racine subsequently changed the www.Aljazeera. net account settings and redirected all Web traffic through a dynamic domain name service and ultimately to his Web site containing the American flag. In addition, he rerouted all e-mail traffic to an account he had created on MSN Hotmail using the name of the Al Jazeera systems administrator. While Racine maintained control of Al Jazeera’s domain name, Internet users were unable to access the Al Jazeera news Web sites and Al Jazeera was unable to receive e-mails sent to the domain. Soon there- after, Racine contacted agents of the FBI and admitted that he was responsible for hijacking the Web site and intercepting the e-mails sent to www.Aljazeera.net .

The plea agreement includes a sentence of three years’ probation along with 1,000 hours of community service. Additionally, Racine agreed to pay a fine of $1,500 and full restitution to the victims of the offenses.

Which theory do you think applies best to this case?

Source: www.justice.gov/criminal/cybercrime/

IS B

N 1

-3 23

-0 06

52 -4

Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.

48 Chapter 3 • The Criminology of Computer Crime

manner. The individual passes through one step in development, then another step, then another, and so on. Kohlberg argues that there are sequential stages in moral rea- soning that individuals pass through as they develop. At each stage, the decision of what is right and what is wrong is made for different reasons. Crime, including com- puter crime, can be explained by arrested development of moral reasoning at certain stages. People stop at a certain stage and do not progress any further.

Kohlberg stated that there are six stages of moral development. They are as follows:

Stage 1: Punishment and obedience orientation stage—what is right is obedience to power and rules and avoiding punishment Stage 2: Hedonistic orientation stage—right corresponds to seeing one’s own needs met, taking responsibility for oneself, and allowing others to do the same Stage 3: Interpersonal concordance stage—right is having good intentions and motives and being concerned for others Stage 4: Law and order orientation stage—right is doing one’s duty to society and others and maintaining the rules of society Stage 5: Social contract, legalistic orientation stage—right is based on upholding the rules and values agreed upon by society; a social contract Stage 6: Orientation to universal ethical principles stage—right is an assumed obli- gation to principles such as justice and equality, which apply to all individuals; the individual recognizes the moral rightness of behavior 21

The first two stages are usually completed by age 7. Stages 3 and 4 are passed through and completed from preadolescence through adolescence, while the last two stages begin in early adulthood. Where do criminals stop in moral development in com- parison to noncriminals? Research has found that criminals frequently fall into stage 1 or 2 of moral development, while noncriminals frequently fall into stage 3 or 4. 22 In stage 1, children comply with authority out of fear. Something is viewed as morally right if punishment is avoided. Individuals who did not progress through this stage will think that their criminal behavior is permissible as long as they are not punished for it. Obvi- ously, this stage of moral development does not take into account other people or an obligation to society. In stage 2, children define what is right as that which satisfies their needs. That is why it is referred to as the hedonistic orientation stage. At this stage, chil- dren define something as right if they are not punished for it (i.e., stage 1) and it satisfies their needs. It is easy to see why it is argued that many criminals have stopped their moral development at stage 1 or 2. Their only concern with whether something is right or wrong is whether they get punished and satisfy their needs. It is not until stage 3 that children begin to take into account the feelings of others. Development to stage 3 insu- lates people from crime because they have become concerned about others, not just their own needs. Therefore, it is clear to see that individuals who proceed to stage 3 and perhaps beyond are far less likely to commit criminal acts.

Personality Disorders

Psychologists argue that certain personality characteristics of an individual may influ- ence crime. Personality refers to the emotional and behavioral attributes of an individ- ual. Attempts have been made to provide support for the belief that individuals with

IS B

N 1-323-00652-4

Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.

Chapter 3 • The Criminology of Computer Crime 49

certain personality types are much more likely to commit criminal acts. These attempts have focused on identifying differences in the personalities of criminals and noncrimi- nals. One attempt at identifying these personality characteristics was completed by Sheldon and Eleanor Glueck after they compared 500 delinquent and nondelinquent boys. Personality characteristics that were conducive to crime included extroversion, impulsivity, lack of self-control, hostility, resentment, suspicion of others, destructive- ness, less fearful of failure, ambivalence toward authority, assertiveness, and feeling unappreciated. 23

Frequently the term “psychopath” or “sociopath” is used in describing some offenders. These terms technically refer to a condition known as antisocial personality disorder. According to the Diagnostic and Statistical Manual of the American Psychiatric Association, “the essential feature of antisocial personality disorder is a pervasive pat- tern of disregard for, and violation of, the rights of others that begins in childhood or early adolescence and continues into adulthood.” 24 Some of the characteristics of anti- social personality disorder are (1) repeatedly performing acts that are grounds for arrest, (2) deceitfulness, (3) impulsivity, (4) irritability and aggressiveness, (5) reckless disregard for safety of self or others, (6) consistent irresponsibility, and (7) lack of remorse. 25 Although no research to date has been conducted that analyzes the person- ality characteristics of computer criminals, it can be argued that certain computer criminals may satisfy the criteria of antisocial personality disorder. However, it is argued that the prevalence of antisocial personality disorder is lower among computer criminals than among other criminals.

Pedophiles and Psychological Theory

Many people wonder why pedophiles commit the crimes that they do; what combina- tion of factors leads a person to want to commit sexual offenses against a child? Unfor- tunately, there are no easy answers. As discussed in Chapter 8 , pedophiles commit their crimes for a variety of reasons and go on committing their crimes, with little hope of rehabilitation. Most experts agree that pedophiles develop a sexual interest over a long period of time. Furthermore, there is a variety of reasons and factors that relate to developing pedophilia, none of which fully cause or explain the crime. Most commonly, pedophiles are exposed to some type of sexual abuse or trauma during their childhood. Another common factor is that they have had some type of abuse or other related prob- lem during their sexual development and, as a result, develop an interest in children as sexual objects. Interestingly, the advent of the Internet has led to numerous problems in dealing with and detecting pedophiles.

The Internet serves many purposes for the pedophile of today, the least of which is the dissemination of child pornography. This poses a conundrum for theorists: Which comes first—an interest in computers due to existing pedophiliac interests or an interest in pedophilia as a result of viewing these types of images on the Internet? Some of the pedophiles arrested state that they developed an interest in children as sexual objects as the result of seeing such images on the Internet. Others clearly were pedophiles prior to the advent of the Internet and simply learned another technique for obtaining child por- nography. In short, the specific reasons why a person becomes a pedophile are not immediately or clearly understood. Nonetheless, psychological theories posit that a per- son’s sexual interests and sexual paraphilias develop in much the same way as other interests and our personalities—through a process of learning, cognitive reinforcement,

IS B

N 1

-3 23

-0 06

52 -4

Digital Crime and Digital Terrorism, Third Edition, by Robert W. Taylor, Eric J. Fritsch, and John Liederbach. Published by Prentice Hall. Copyright © 2015 by Pearson Education, Inc.

50 Chapter 3 • The Criminology of Computer Crime

and psychological development. Thus, the specific reasons why a person becomes a pedophile are different from case to case, but the process is relatively common. The best explanation for this interest is psychological and cognitive in nature.

SOCIAL STRUCTURE THEORIES

The first set of social theories that will be discussed in this chapter can be classified as social structure theories. When originally developed, social structure theories focused on why lower-class individuals are more likely to commit crime than middle- and upper-class individuals. However, modifications and expansions of the original theo- ries have moved away from this distinction and have attempted to explain criminal behavior by all social classes (e.g., general strain theory). This is important in the study of digital crime because many offenders come from the middle and upper classes. Tra- ditionally, these theories focus on socioeconomic conditions and cultural values as two prominent factors that impact crime. In this section, two major subtypes of social structure theory will be discussed: strain theory and subculture theory.

Strain Theory

One major type of social structure theory is strain theory. Originally, strain theorists saw crime as a result of a lack of opportunity, in particular economic opportunity. Today, modern-day strain theories are much broader than the original theories. At the time of the development of strain theory, it was argued that U.S. society instills in citi- zens a desire for financial success but does not provide all individuals equal opportu- nity to achieve that success. Those who do not have an equal opportunity are strained and thus more likely to be criminal. The most prominent strain theory is the one pre- sented by Robert Merton.

MERTON: STRAIN THEORY There is a unique combination of cultural goals and the means to obtain them in every society. According to Merton, the cultural goal of American society is economic success. 26 It is argued that the primary goal of citizens in the United States is material wealth. This goal is promulgated through a variety of

BOX 3.2

Massive Data Theft and Fraud

In 2003, Scott Levine was the controlling owner of a com- pany called Snipermail, Inc., which distributed …