Defining the Boundaries of Computer Crime

advertisement
Defining the Boundaries of
Computer Crime: Piracy,
Trespass, and Vandalism in
Cyberspace
Herman T. Tavani
Introduction
• The media has widely reported criminal and
questionable activities
• May 2000, I Love You Virus (Love Bug)
• Feb 2000 cyber-attacks on commercial web sites
Amazon, eBay, CNN, Yahoo, etc resulting in
Denial of Service to customers
• Dec 1999, start of RIAA and Napster litigation
• These certainly seem like issues of cyber crime
Intro (2)
• Other types of computer behaviors
– Pedophiles using Internet to lure unsuspecting
young children
– Cyberstalking, at least one resulting in death of
cyberstalking victim
– Some individuals use Internet to distribute child
pornography
– Are these criminal activities examples of
computer crime
– What constitutes computer crime? A key point
of the paper
Do we Need a Category of
Computer Crime?
• Quick History of Computer Crimes
– 70’s and 80’s Crimes characterized by disgruntled
employees who altered files in computer databases or
sabotaged computer systems in the act of seeking
revenge on employers, and hackers breaking into
systems
– The Hackers would break into supposedly secure
systems as a prank or malicious attempt to subvert data
or its flow
– Some hackers used computers to transfer monetary
funds from wealthy individuals and corporations to
poorer individuals and corps
Computer Crime as a Category(2)
• Some media reports portrayed young hackers as
countercultural heroes
• Today, the attitude of many in the media and the
public has shifted considerably
• Far fewer individuals and organizations are
sympathetic to the causes of computer hackers
– Why? Possibly the growing dependence of citizens on
the Internet
– A growing concern that cyberspace must become more
secure and that hacking should not be tolerated
Computer Crime as a Category(3)
• Many reports about misuses of computers but not
a clear criteria for what constitutes a computer
crime -- he will now work on this
• Should crimes involving the presence of one or
more computers be classified as computer crimes?
• Or, is there nothing special about crimes that
involve computers? (Gotterbarn ‘91)
• There have been times that it was thought any
crime involving a computer was a computer crime
but that may not necessarily be true
Computer Crime as a Category (4)
• Is a murder involving the use of a scalpel
automatically an issue in medical ethics just
because a medical instrument was used?
• Johnson ‘84 initially wrote that crimes involving
computers are not qualitatively different from
crimes in which no computer is present but has
modified her position (‘94)
Do we need a Separate Category of
Computer Crime?
• Gotterbarn and Johnson raise important points
other critics do too.
• Also of note is that crimes of diverse types are
also committed in many sectors but we don’t have
separate categories for crimes committed in each
of those areas.
• So, do we need computer crime as a separate
category?
His Answer
• Three scenarios involving criminal activity and a
computer but is it necessarily computer crime?
• 1) An individual steals a computer device (like a
printer)
• 2) An individual breaks into a computer lab and
then snoops around
• 3) An individual enters a lab they are authorized to
enter and places an explosive device on a
computer mainframe or server
• Each of these is criminal in nature but are they
necessarily computer crime?
How to look at these
• Are they unique because of the presence of computers?
• Could they be prosecuted as ordinary crimes involving theft,
breaking and entering, and vandalism even though
computers are present?
• Maybe then, we don’t need a category of computer crime?
• Consider though, would having a category of computer
crime help us to understand better certain nuances of illegal
or immoral activities involving computer technology?
• Or, be helpful in prosecuting certain criminal activities
involving the use of the technology that could be difficult to
prosecute under conventional legal statues?
Legal, Moral, and
Informational/Descriptive Categories
of Computer Crime
• There are arguments for having computer crime as a
separate category from legal, moral, and
informational/descriptive perspectives
• Legally, computer crime might be viewed as a useful
category for prosecuting certain kinds of crimes
• Much as some states have handgun laws that allow a
crime involving handguns to be prosecuted as a handgun
crime
• Would allow a crime involving a computer to be treated as
a computer crime
Would that be good?
• What if someone hits someone over the head with a
handgun, should it be prosecuted as a handgun crime?
Was that the intent of the law in that type of situation?
What if the gun used was a toy? How is this different as a
crime from hitting them on the head with a rock?
• This can be confusing to write appropriate legislation and
points to potential problems in writing laws for computer
crime or to prosecute all crimes involving the use or
presence of computer technology under the specific legal
category of computer crime
Computer Crime as a Moral
Category
• Is it useful as a moral category?
• There are a number of ethical questions that both precede
and follow from declaring certain computer related
activities illegal
• Which forms of online behavior should we criminalize?
• Are certain forms of online behavior inherently immoral or
are they considered immoral only because they are
declared illegal?
• Many of the ethical issues dealing with computer crime
also border on issues involving intellectual property,
personal privacy, and free speech in cyberspace
Computer Crime as a Descriptive or
Informational Nature
• Recall James Moor’s article introducing idea of policy
vacuums and conceptual muddles
• Computers make possible certain kinds of criminal
activities that otherwise would not have been possible in
the pre-computer era
• Our existing laws and policies are not always able to be
extended to cover adequately at least certain kinds of
crimes involving computers
• Having a descriptive category of computer crime can help
resolve some of the conceptual confusions and muddles
underlying crimes involving computers
• That could then help us to frame some legal and ethical
policies regarding computer crime
Establishing Clear and Coherent
Criteria
• Forester and Morrison define a computer crime as a
“criminal act in which a computer is used as the “principal
tool.”
• With this, the theft of a computer hardware device
(printer), theft of an automobile full of microprocessors
would not be a computer crime b/c the computer is not the
principal tool for carrying out the crime
• Similarly, when we discussed breaking into the computer
lab, vandalizing a computer system in the lab, these three
examples are not computer crimes using this definition
Does it work?
• What about the person who files their federal
income tax forms online using the computer and
fills in some forms with incorrect information?
• Clearly, they are using the computer as the
principal tool
• Should it be a computer crime?
– Could have filled in the same wrong information with
pencil and paper
– That he used the computer is coincident but not
essential to this particular computer act
• Maybe this definition is not quite adequate
Another Definition
• Combines Moor’s ideas as well as Morrison’s and
Fosters
• For a criminal act to be a computer crime, the act
must be one that can be carried out only through
the use of computer technology
• This capture Moor’s view that new opportunities
(new possibilities for crime) are made possible
because of the existence of the computer
technology and,
• does incorporate Morrison and Fosters views
while restricting the range of the crimes
So, lets test this definition
• The income tax case-- rules it out
• Using a computer device in the act of assaulting
someone?
– Rules it out too
Applying our Definition to some
Specific Cases
• Consider the earlier examples of this paper
• ILOVE YOU VIRUS as a criminal act and also a
computer crime
• Denial of Service attacks as a criminal act and also
a computer crime
• Distributing MP3 files via Napster also satisfies
this proposed definition of computer crime
What about the Questionable
Examples?
•
•
•
•
Pedophiles?
Stalking someone
Distributing child pornography
He indicates that these are still all crimes but not strictly
computer crimes using the last definition because all of
these have been done in the past
• That is not to say that certain communities, states, or
governments may not enact or have enacted laws that do
make these computer crimes but from the philosophical
definition given by Tavani they are not strictly computer
crimes.
Three types of Computer Crime: Piracy,
Trespass, and Vandalism in Cyberspace p
521
• you read this section - may have a question
Download