Tackling Crime in Cyberspace: A Legal Issue?

June 30, 2006

The ‘consensual hallucination’ that William Gibson first termed Cyberspace[1] is a place of information and commerce, opportunity, community and deviance, ‘more ecosystem than machine’.[2] Despite its military origin, the Internet has often been described by reference to its libertarian, democratic philosophy. Defined by the Internet Society as a vehicle for free expression, co-operation and unencumbered, self-regulated content,[3] it is perhaps best defined for non-technical purposes as the space between and beyond the computers themselves.


Cyberspace certainly poses a novel challenge to existing notions of law. Instantaneous, international and lacking in overall ownership, the Internet defies traditional regulation.[4] It is this absence of capable guardianship which has redefined traditional regulatory constructs and contributed to a true legal pluralism. What Foucault aptly describes as a ‘web of constraint’[5] presents a complex structure of governance in which, as Ehrlich long ago stated, law is but the top stratum of quasi legal controls and norms.[6] Furthermore, while traditionally both soft and formal law has developed within physical time and space, cyberspace has no such constraint and is still a relatively novel and changing environment, creating what Giddens terms the ‘discontinuities’ of late modernity. With this in mind, this essay will examine the legal problems created by cyberspace and the three solutions usually offered to this unique legislative problem of cybercrime. Taking legislation as the top tier of control for reference and enforcement, the problem of the broader regulation of cyberspace will then be briefly examined, especially regarding the role of ISPs, the computer industry and the individual.


 


Indeed, confusion and reluctance in defining cybercrime has itself contributed to the difficulty in the development of systems of regulation. Internet crime can be defined broadly or narrowly, and any definition must be considered as closely related to the purpose to which it will be put. At its broadest, Internet crime includes ‘offences which take place in a computer or IT environment’[7] and may extend even to include theft of hardware. A Home Office report of 2004 adopts the more specific term ‘Netcrime’ defining ‘criminal or otherwise malicious activity utilising or directed towards the internet or IT applications’[8]. In this way, the Internet’s contribution to crime can be characterised in three ways. Firstly, it has facilitated existing types of criminal activity, most usually as a tool for communication, for instance in allowing arrangement of drug deals and organised crime. Secondly, the Internet has generated new opportunities for existing crimes, such as obscenity in pseudo-photographs, fraud and ‘paedophile rings’. In these crimes, the Internet often creates a new context, rather than new problems. Many ‘Internet crimes’ are not new, but merely occur in a new location making existing legislation perfectly useful and valid. Delta and Matsuura argue that existing law can be developed to suit the novel circumstance of the Internet without a need for any separate cyberlaw.[9]


There is also a third category comprising entirely new forms of crime, such as intellectual property theft, hacking and viral coding. These activities are largely without precedent and ‘lie outside our existing experience, demanding new forms of understanding and response’.[10] It is this latter category which is of most concern to legislators and which poses the greatest challenge to legal regulation and is often known as hi-tech crime.[11] These distinct and novel crimes are distinguished by David Wall into the categories of cyber-trespass, cyber-theft, cyber-obscenity and cyber-violence.[12] Despite some overlap with existing criminal offences, it is these crimes which most defy regulation and, to use Wall’s colourful phrase, it is a case of ‘new wine, no bottles’.[13]


Such new crimes can be extremely problematic from a legal point of view. Theft is defined as the unlawful taking or conversion of something capable of being physically removed, leading to the unfortunate situation in Low v Blease [1975] Crim LR 513, where electricity was held not to be property under the Theft Act 1968, s 4. Furthermore, the ability to copy an original with no real loss to the owner challenges the concept of property itself and has lead to massive expansion of copyright protection. There can be no theft of data as there is no intention to permanently deprive, and indeed no real deprivation at all. This not only presents a profound challenge to the legal concept of property, but to any attempt at legal regulation thus forcing the massive over-expansion of copyright into new, possibly undesirable, legal territory.[14] Defining property rights in cyberspace has been described as the central issue and priority problem for the development of cyberspace.[15]


New crimes such as hacking also require new legislation and this may create problems. The example of viral criminality indicates two legislative approaches; the broad approach taken in New York State is to prosecute under ‘computer tampering in the first degree’ and the specific approach in Switzerland has criminalised ‘erasing, modifying or destroying data’, or making available means to do so.[16] The broad approach here can be criticised as too vague and difficult to use, while anything too specific may date quickly. This requirement for ‘technology-neutral laws’ has, however, achieved some success in Australia.[17]


Indeed, where existing law is applicable to the Internet, special problems surround its application. Law on obscenity exists, for example, but is complicated by problems in jurisdictional differences.[18] Furthermore, the Internet challenges the traditional criminal requirements of coincidence of intent and action as well as geography, and creates new evidential and procedural difficulties.[19] Even where it is legally possible to prosecute offenders internationally, substantial problems may remain in relation to detecting and proving offences; a problem recognised as long ago as 1986 by the OECD with regard to extradition and search and seizure.[20]


The establishment of a new jurisdiction of cyberspace with a separate and distinct legal system has been widely dismissed. Laws are already created at national and international level, as by the OECD and the EU. The problems with this approach however are manifold. The challenge of imposing suitable law for a group as culturally diverse as Internet users might prove insurmountable, while actually excluding undesirable behaviours raises disturbing questions of cyber-prisons and online persona. Governments themselves would also be unlikely to support the loss of local control and tax collection from e-commerce. Furthermore, as the Internet combines with other technologies, including TV and VoIP, separate regulation may not be possible.[21] However, there is no reason to suppose that the Internet cannot, in principle, be regulated. Indeed ‘rules and rule-making do exist…[but] the identities and the rule makers and the instruments…will not conform to classic patterns’[22]. The horizontal, non-hierarchical structure of the Internet has traditionally lent itself to self-regulation in line with normative, cyber-social standards. In the 1970s the Internet was a playground for technological hobbyists; the elite community of programmers known as hackers (before the term was used by the press to describe e-burglars). These hackers subscribed to what was known as the Hacker Code; a belief in the free sharing of information and the requirement not to harm any data or networks.[23] The modern use of the Net as a place of entertainment and e-commerce has widened the Internet society, and it remains to be seen if such a system could continue to function in such circumstances. Mass participation in society alters the structure of rule making, on the Internet as much as in anthropological studies. 


Arguably, a combination of methods would be necessary to achieve an effective system of law on the Internet. Ideally comprising formal criminal legislation, industry standards of improved security and awareness[24] and existing notions of cybercommunity-based, normative regulation, this co-operation of users, industry, national and international governance is already in evidence in the current regulation of the Internet. Law of any form is useless and arguably philosophically non-existent without enforcement. Indeed, beyond the top stratum of formal legislation lies a complex system of regulation and control. Three broad groups can be identified, first the state sanctioned police whose jurisdiction covers crimes committed online where criminal legislation exists, secondly the Internet industry itself through the actions of the ISPs, and thirdly Netizens themselves. Grabosky describes this as a three-tiered system, a state structured mechanism for self-regulation by companies and industry associations, and surveillance and lobbying by private individuals and interest groups.[25]


This system of tiered control allows for far wider extent of regulation than government alone could undertake. Providing a neat illustration for Foucault’s ‘web of constraint’, this co-operation allows for a greater degree of policing than the state alone could possibly achieve. The police have often been criticised as under-funded and non-expert in the field of computer crime, especially when private computer security offers a better financial reward. Though the Internet itself is a valuable tool for the reporting and investigation of cyber-crime and aids international communication, the role of the police remains, however crucial, confined to the investigation of existing criminal offences and wider issues surrounding offensive or obscene material are more routinely dealt with by the ISPs themselves and in particular by the Internet Watch Foundation.[26]


The Internet Service Providers Association has largely funded the Internet Watch Foundation, which receives and investigates complaints from Netizens regarding largely child pornography, other obscene pornography and, following pressure from the Home Office, racist and terrorist material. The IWF is familiar with obscenity law and adjudicates on complaints, usually erring on the side of caution, probably to avoid prosecution, government regulation and economic loss to ISPs resulting from loss of reputation. The IWF is the main organisation for such reporting in the UK. It remains however, a private organisation with very little transparency or accountability to the public, despite its public function and service.


The public themselves, the Netizens, are the last group regulating the web. As responsible Internet users they inform the IWF of any obscene material they find individually, and, arguably, by not putting it into cyberspace in the first place. Others may form user groups such as CyberAngels who seek to promote ‘netiquette’, a ‘collection of common rules of polite conduct that govern our use of the internet’.[27] In this way, the Internet can still be described as self-regulating. At least insofar as sensible and responsible users, similarly to the elite technologists of the past, seek to preserve the Internet because they enjoy and respect it.


Though the existing system seems an effective compromise (although we have few figures to really assess its impact), it seems likely that the power of ISPs to control what is on the net will increase. Tension remains, however, between the appeal of the Internet as a place for freedom of information and expression and as a forum for mass participation in which some control and censorship may be desirable for the public interest. Free speech is a popular subject of Internet discourse, possibly owing to its conception in US democratic, libertarian philosophy. Indeed, many organisations such as the Electronic Frontier Foundation[28] and Cyber-Rights and Cyber Liberties campaign vigorously to preserve Internet freedom, often using the US legal system to promote free speech. American courts have frequently supported free speech on the Internet, arguing that it is better for the Internet to control itself without governmental or judicial interference.[29] Certainly the US system is far more conducive to such an outcome than the qualified balance of interests provided by, for example, Article 10 of the ECHR.


While, arguably, ISP intervention will preserve social norms through what is and isn’t reported as obscene, it is certainly controversial that corporate business will choose what can be viewed. This allows large corporations fundamental control of the Net, for example the actions of Google in providing the Chinese government with a restrictive search engine has proved highly controversial. Even more strikingly, when Germany called on Compuserve to restrict access to Nazi material which is illegal within the jurisdiction, it was Germany’s access, not the material, which was restricted.[30] In this example, there is not so much co-operation between the state and business as private sector dominance. Lessig raises a similar point when he argues that the technology itself will become the final regulator, particularly regarding IP, emphasising the concept of ‘private fences, not public law’.[31] Sobchack questions the very idea of cyberspace as empowering for the individual, but useless for the community.[32] With big business supplying the code used by the majority of Internet users, is there a danger of the Web being organised by commercial, non-accountable organisations? Should the modern world really be run by the tech-dependent, white, privileged males who program the computer industry?[33]


 


The Internet has tremendous power to benefit humankind, but it also has a potential for corruption. Certainly the regulation of cybercrime raises significant wider questions about policing and social control in the modern world. The formal legislature provides only a framework of law which is then applied by a variety of organisations. In this sense the Internet is truly a site of legal pluralism, where law is partial and interactive – tackling cyberspace crime is certainly a legal issue, but perhaps in ways never before imagined.


 


Helena Beasley is a student on the MA Course at the University of Sheffield’s School of Law.


 



 


 


Bibliography


 


Akdeniz, Y., Walker, C.P. and Wall. D.S. (eds) (2000) The Internet, Law and Society, London: Longman


 


Bainbridge, D. (2004) Introduction to Computer Law, London: Pitman Publishing.


 


Bell, D, and Kennedy, B.M (2000), eds, The Cybercultures Reader (London: Routledge)


Boyle, J. (1996) Shamans, Software and Spleens: Law and the Construction of the Information Society, Cambridge, Mass: Harvard University Press. 


 


Carr, I. and Williams, K. (eds) (1994) Computers and Law, Oxford: Intellect.


 


Edwards, L. and Waelde, C. (2000) Law and the Internet, Oxford: Hart Publishing,


 


Hafner, K. & Markoff, J. Cyberpunk: Outlaws and Hackers on the Computer Frontier, New York: Simon and Schuster, 1995.


 


International Review of Law, Computers and Technology, 1995


 


Walker, C. (1998) Crime, criminal justice and the Internet. UK Sweet & Maxwell


 


Invisible Crimes: Their Victims and their Regulation, edited by Pam Davies, Peter Francis and Victor Jupp, London: MacMillan, 1999


 


Information Society Reader Ed Frank Webster Routledge, London 2004


 






[1] William Gibson Neuromancer, p 68



[2] Esther Dyson, George Gilder, George Keyworth and Alvin Toffler, ‘Cyberspace and the American Dream’ in Frank Webster (ed.) The Information Society Reader (Routledge, London, 2004)



[3] <http://www.isoc.org> consulted 20/2/06



[4] Yaman Akdeniz, Clive Walker and David Wall ‘The Internet, Law and Society’ in Akdeniz, Walker and Wall (eds) The Internet Law and Society (Longman, London, 2001), p. 3



[5] Foucault, M (1991) Discipline and Punish: The Birth of the Prison London Penguin Books



[6] Ernst Ehrlich, Fundamental Principles of the Sociology of Law (1912) cited in Peter Grabosky, Russell Smith and Gillian Dempsey, Electronic Theft: Unlawful Acquistion in Cyberspace (Cambridge, 2001)



[7] Martin Wasik (ed) (1995) 9 International Yearbook of Law Computers and Technology ‘Computer Crime Edition’ p. ix



[8] Home Office Report 62/04 The Future of Netcrime Now Consulted at http://www.homeoffice.gov.uk/rds/pdfs04/rdsolr6204.pdf


 



[9] Delta & Matsuura Law of the Internet (New York, 1996) cited in Akdeniz, Walker and Wall, The Internet Law and Society



[10] David Wall, ‘Policing the Internet: Maintaining Law and Order on the Cyberbeat’ in Akdeniz, Walker and Wall The Internet, Law and Society (Longman, London, 2001), p. 156



[11] United Kingdom Threat Assessment of Serious and Organised Crime, 2002 http://www.ncis.co.uk/ukta/2002/default.asp


 



[12] David Wall ‘Cybercrimes: Old Wine, No Bottles?’ in Pamela Davies, Peter Francis and Victor Jupp (eds) Invisible Crimes: Victims and Regulation (Macmillan, London, 1999) p 113



[13] David Wall ‘Cybercrimes: Old Wine, No Bottles?



[14] Laddie, J (1996) ‘Copyright: Over-strength, Over-Regulated, Over-rated,’ 18(5) European Intellectual Property Review 253



[15] Dyson et al, ‘Cyberspace and the American Dream’ an article surprisingly unaware of the global nature of the Internet



[16] Klaus Brunstein and Simone Fisher-Huebner ‘Regulating Internet Crime’ (1995) 9 International Yearbook of Law and Technology



[17] Grabosky, Smith and Dempsey, Electronic Theft, p 185



[18] Although, in some instances forum shopping can provide successful prosecutions such as the transfer to Tennessee in the American case of USA v Roberts.



[19] See Shevill v Presse alliance SA [1992] 2 WLR 1, though also note ‘jurisdiction shopping’ has positive impact in the US case of Keeton v Hustler 465 US 770 (1984).



[20] Grabosky, Smith and Dempsey, Electronic Theft: Unlawful Acquisition in Cyberspace, citing OECD1986: 68 (Cambridge, 2001), p 10



[21] House of Commons Select Committee on Trade and Industry Telecommunications Regulation (1997 – 8 HC 254, HMSO, London) cited in Akdeniz, Walker and Wall (eds) The Internet, Law and Society, p.17



[22] Joel Reidenberg ‘Governing Networks and Cyberspace Rule Making’ (1996) 45 Emory Law Journal 911



[23] Cyber Punk, p 11



[24] Probably more effective and cheaper than formal law



[25] Electronic Theft, p 5



[26] Internet Watch Foundation  <http://www.iwf.org.uk/> accessed 10/03/06



[27] Cyberangels <http://www.cyberangels.org/about.html> consulted 15/03/06



[28] Electronic Frontier Foundation <http://www.eff.org/about/history.php> accessed 21/03/06



[29] Zickmund, Susan  ‘Approaching the Radical Other: The Discursive Culture of Cyberhate’, David Bell and Barbara M Kennedy (eds) The Cybercultures reader New York: Routledge, p 238



[30] Zickmund, p 238



[31] Lessig, Code and Other Laws of Cyberspace (New York, Basic Books, 1999)



[32]  Sardar, Ziauddin ‘alt.civilisations.faq: Cyberspace as the darker Side of the West’ in Ziauddin Sardar and Jerome Ravetz (eds) Cyberfutures: Culture and Politics on the Information Superhighway (London, Pluto Press, 1996), p 31



[33] Vivian Sobchack, ‘Democratic Franchise and the Electronic Frontier’ in Cyberfutures Culture and politics on the information superhighway ed Ziauddin Sardar and Jerome Ravetz 1996 Pluto Press London, p 84