Rethinking Cybercrime: Critical Debates 3030558401, 9783030558406

Table of contents :
Acknowledgments
Introduction
Contents
List of Figures
List of Tables
Theoretical Explorations
CyberTerrorism: Some Insights from Owen’s Genetic-Social Framework
1 Introduction
2 Genetic-Social Framework
3 Forms of Cyberterrorism and Some Possible Explanations
4 Building a Possibly Predictive Model of Cyberterrorism
5 Concluding Observations
References
Vygotsky and Internet Grooming: The Darker Side of ZPD and Scaffolding
1 Vygotsky and Internet Grooming: The Darker Side of Scaffolding
1.1 Encourage the Child’s Interest in the Task
1.2 Simplify the Task by Reducing the Number of Possible Actions that the Child Could Carry Out
1.3 Keeping the Child in Pursuit of a Particular Objective
1.4 Marking the Critical Features of the Task
1.5 Controlling the Child’s Frustration During Problem Solving
1.6 Demonstrating Solutions to the Child or Explaining the Solutions that the Child Has Partially Completed
2 Discussion
3 Conclusion
References
The Criminalisation of Tools Under the Computer Misuse Act 1990. The Need to Rethink Cybercrime Offences to Effectively Protect Legitimate Activities and Deter Cybercriminals
1 Introduction
2 The Foreseen Criminalisation of Dual-Use Hacking Tools Under s3A CMA
2.1 The Dual Nature of Hacking Tools
2.2 To Criminalise or not to Criminalise? The Contrasting Position of s3A CMA with that of Article 6 of the Convention on Cybercrime n.185
2.3 A Confirmed Choice Contrasting with that of the Directive 2013/40/EU
3 The Unwitting Criminalisation of Obfuscating Tools Under s3A CMA
3.1 The Dual Use of Obfuscating Tools
3.2 The Non-criminalisation of Obfuscating Tools in International Law
3.3 The Criminalisation of Obfuscating Tools Under UK Law and Its Impact on Newsgathering Practices
4 Remedying the Weaknesses of s3A CMA and Beyond
4.1 The Need to Reform the Computer Misuse Act 1990
4.2 Beyond s3A CMA: A Call for a More Balanced Approach to the Criminalisation of Cybercrime Activities
5 Conclusion
References
A Short History of Hacktivism: Its Past and Present and What Can We Learn from It
1 Introduction
2 The 1st Era of Hacktivism
2.1 The Birth of Hacktivism and Relevant Groups
2.2 Initial Conclusions from the 1st Era
3 The Second Era of Hacktivism
3.1 The Domination of Anonymous
3.2 Tactics and Operations
3.3 Conclusions from the Second Era
4 Overall Conclusions and the Future of Hacktivism
References
Assuming Identities Online: How Linguistics Is Helping the Policing of Online Grooming and the Distribution of Abusive Images
1 Introduction
2 Forensic Linguistics
3 Language and Identity Online
4 Training Identity Synthesis
5 Experiments
6 Conclusion
References
The Need to Think Beyond Objective Territoriality to Better Protect the Rights of the Suspect of a Cybercrime
1 Introduction
2 The Spillover Effect of Cybercrimes
3 The Limits of Objective Territoriality in the Cybercrime Context
3.1 The Inherent Lack of Legal Foreseeability
3.2 A Real Risk of Multiple Prosecutions
3.2.1 The Lack of International Rule to Solve Positive Conflicts of Territorial Jurisdiction
3.2.2 The Limits of Ne Bis in Idem in a Transnational Context
4 Exploring Active Personality as an Alternative to Objective Territoriality
References
Images of Violence and Atrocity in Modern Media
1 Pre-Internet Era
1.1 Snuff Films
1.2 Mondo Documentaries
2 Dramas
3 Websites
4 Red Rooms—Urban Myth?
5 Facebook Live Streams and Social Media
5.1 Cartel Executions
5.2 The Facebook Killer
5.3 The Black Lives Matter Tortures
5.4 Swedish Rape Gang
5.5 Wuttisan Wongtalay Murder and Suicide
5.6 Abu Marwan Facebook Live Stream
5.7 Terrorism and Terrorist Attacks
5.8 Narcissism
5.9 Social Media Responsibilities?
6 Conclusion
Bibliography
Policy Implications
Can Risk Society and the Ideology of Motherhood Explain the Continued Hostility Towards the McCanns on Social Media?
1 Small-scale Research: Analysis of an On-line Discussion Thread
2 Reflections on the Thread
3 Concluding Remarks
Appendices 1
References
‘In and Out, On and Off: LGBT+ Online Experiences’
1 Introduction
2 Off Limits? LGBT+ Lives Offline
2.1 Living on the Edge? Young LGBT+ Lives Offline
2.2 Invisible Attraction: Older LGBT+ Lives Offline
2.3 The Cyberqueer: LGBT+ Lives Online
2.4 Online and in Trouble? LGBT+ Youth Online
2.5 Sharks and Silver Surfers: LGBT+ Older People Online
2.6 Thinking Through the Matrix
3 Conclusion
References
The Internet-of-Things: A Surveillance Wonderland
1 Introduction
2 Defining the Internet-of-Things (IoT)
2.1 IoT Vulnerabilities
2.2 The Legislative Framework
2.3 European Initiatives: Privacy by Design and Default
2.3.1 Privacy-by-Design
2.3.2 Security-by-Design
3 A Hacking Wonderland
4 The Increasing Surveillance Culture
4.1 Governmental Actors and Surveillance
4.1.1 A Governmental IoT Surveillance
4.1.2 Smart TV Surveillance
4.2 Private Data Surveillance
4.2.1 Businesses’ IoT Surveillance
4.2.2 Smart TV Surveillance
5 Conclusion
References
Routine Activity Theory and Cybercrime Investigation in Nigeria: How Capable Are Law Enforcement Agencies?
1 Introduction
2 Problem Statement
3 Research Objective
4 Research Question
5 Literature Review
5.1 Cybercrime in Nigeria
5.2 Cybercrime Advisory Council (CAC)
5.2.1 Functions and Powers of the Council
5.3 Limitations to Tackling Cybercrime
5.3.1 Technology and Training
5.3.2 Laws and Jurisdiction
5.3.3 Education and Awareness
6 Theoretical Framework
6.1 Routine Activity Theory
6.2 Absence of a Capable Guardian
7 Methodology
7.1 Research Participants
8 Findings
8.1 Awareness Campaign
8.2 Best Practices
8.3 Enforcement
8.4 Funding and Logistics
8.5 Partnership
8.6 Training and Manpower
8.7 Benefits of Measures
9 Discussions
9.1 Absence of a Capable Guardian
9.2 Bureaucracy
9.3 Laws and Jurisdiction
9.4 Technology
9.5 Inadequate Funding and Tools
9.6 Inadequate Training and Education
10 Conclusion
References
Online Grooming: An Exploration into the Genetic-Social Variables Which Enable Victimisation
1 Introduction
1.1 Perceptions of Paedophilia
2 The Variables that Enable Child Victimisation
2.1 Access and Supervision
3 Shifting Patterns of Perception
4 Policing and Criminalisation
4.1 Explanation and Examples of the Genetic-Social Framework (Owen 2012)
4.2 Limitations of Existing Research and Drawing upon the Genetic-Social Framework (Owen 2012)
Bibliography
Index

Citation preview

Rethinking Cybercrime Critical Debates Edited by Tim Owen Jessica Marshall

Rethinking Cybercrime

Tim Owen · Jessica Marshall Editors

Rethinking Cybercrime Critical Debates

Editors Tim Owen Reader in Criminology, School of Law and Social Science University of Central Lancashire Preston, UK

Jessica Marshall School of Law and Social Science University of Central Lancashire Preston, UK

ISBN 978-3-030-55840-6 ISBN 978-3-030-55841-3 https://doi.org/10.1007/978-3-030-55841-3

(eBook)

© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2021 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. Cover credit: Yuichiro Chino This Palgrave Macmillan imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Acknowledgments

Dr. Tim Owen would like to thank the following people; my wife, Mrs. Julie Ann Owen, Jessica Marshall, Dr. Megan Todd, my sister-in-law, Louise Ridley, my niece, Grace Ridley and nephew, Joseph Ridley, my cousin, Louise Morrissey, John Healy, Ian Conolly, Elizabeth ‘Lilibet’ Buxton [nee Connard], Dr. Mahmood Chandia, Dr. Munira Patel, Laura Hughes, Vivienne Ivins, Dr. Kathy M. Bullough and all at Palgrave Macmillan. Jessica Marshall would like to thank; my partner Paul Wiggins, my mum Chris and stepdad Brian Haydock, Dr. Tim Owen and all at Palgrave Macmillan.

v

Introduction

It is three years since the publication of Owen et al.’s (2017) New Perspectives on Cybercrime, which showcased work by some of the members of the Uclan Cybercrime Research Unit [UCRU] at the University of Central Lancashire in Preston, UK. The book sold well, went into paperback and Chinese translation, and was recommended by a reviewer in Global Legal Post, as, ‘Essential reading for all lawyers’. This later companion volume showcases the ‘cream’ of material from two recent international conferences on cybercrime hosted by myself as Director of UCRU. These very successful conferences, ‘Rethinking Cybercrime’ in 2016 and ‘The Second Annual Conference on Cybercrime’ in 2017 brought some exceptionally talented, international academics to the University of Central Lancashire as well as some very distinguished keynote speakers in the form of Professor Michael Clarke of RUSI, Professor Majid Yar and Geraint Jones of Cheshire Police [Operation Orr]. The composition and work of UCRU as the following chapters by the UCRU members, Jessica Marshall, Dr. Megan Todd, Faye Speed, Wayne Noble and I hopefully demonstrate, is genuinely interdisciplinary.

vii

viii

Introduction

Under my directorship, the UCRU was ‘born’ in December 2014 and has rapidly evolved to become a well-known and well-regarded, dynamic research unit in the field of cybercrime. This very active research unit is fully engaged in the production of publications, the development of continuing professional development courses, knowledge transfer, income generation and consultancy. UCRU serves to investigate the emerging evidence of cybercrime, and we are engaged in attempts to discover new understandings of crime and criminal behaviour across Internet platforms. One of our major intentions is to hopefully inform social and educational policy-making, in tandem with producing cuttingedge research and theoretical development pertaining to crime and deviance in cyberspace. As I emphasised in the earlier volume, New Perspectives on Cybercrime, whilst there is no dogmatic collective philosophy in UCRU, members such as myself, Faye Speed and Wayne Noble in particular, draw to some extent upon my post-postmodern, Genetic-Social, metatheoretical analysis (Owen 2017, 2018; Owen et al. 2017), which attempts to ‘build bridges’ between criminological theory, and insights from behavioural genetics, evolutionary psychology, the neuroscience of free-will and Heideggerian philosophy.Since my very early work dating from 2006 (Owen 2006, 2007, 2009), I have been actively engaged in developing an ever-expanding, anti-reductionist, large-scale Genetic-Social sensitizing framework, and applying its many meta-constructs to selected areas of criminological investigation, alongside suggesting a hopefully enlightened view of how the biological and the social might interact, together with possible ‘ways forward’ for the incorporation of biosocial variables drawn from genetics and neuroscience into criminological theorising. In the process of criminological theorising, I adopt a Realist social ontology and together with my fellow UCRU colleagues, I am primarily concerned with offering new perspectives on cybercrime in tandem with suggesting ways in which research into cybercrime might possibly move beyond the main theoretical obstacles facing criminological theory. As I previously made clear in New Perspectives on Cybercrime, these obstacles include aspects of our intellectual life that are complicit in the stagnation of Marxist critical criminology, in addition to the nihilistic relativism of the postmodern and post-structuralist cultural turn; the

Introduction

ix

oversocialised gaze and harshly environmentalist conceptions of the person; genetic fatalism or the equation of genetic predisposition with inevitability and bio-phobia that appear to still dominate mainstream criminology; and the sociological weaknesses of many so-called biosocial explanations of crime and criminal behaviour (see for instance, Walsh and Beaver 2009), which although dealing very well with biological variables appear to neglect or make insufficient use of meta-concepts such as agency-structure, micro-macro and time-space in their accounts of the person. In my case, the inspiration for metatheoretical thinking, for drawing upon multi-factorial analysis in sociological and later criminological theorising came from my initial ‘apprenticeship’ under the supervision of Dr. Roger Sibeon at the University of Liverpool. It could be argued that whilst I studied for a Masters Degree and Doctorate at the University of Liverpool and never studied at the University of Leicester as did Roger, I am arguably the partial descendant of ‘the Leicester School’ of sociological theorising which stretches back from Roger Sibeon and Derek Layder to Barry Hindess and ultimately to Norbert Elias. I am certainly influenced by Derek Layder [the external examiner for my Ph.D. in 2006], and my modification of his original notion of Psychobiography to include biological variables met with Derek’s kind approval expressed in his Introduction to my Social Theory and Human Biotechnology in 2009. In addition to inspiration from academic peers, the driving force for my willingness to experiment with flexible ontologies, to suggest new possibilities for sociological and criminological theorising and to create new, hybrid criminological forms such as the Genetic-Social framework comes even more strongly via inspiration from the thought and music of both Brian Eno and David Sylvian. This is perhaps very unusual for a Criminologist but I am also an experimental musician. Both Brian Eno and David Sylvian have consistently produced innovative, beautiful work and inspired me to take a, ‘step back’ and to think about the process of creation and to image new futures and new possibilities. As I said in my Introduction to New Perspectives on Cybercrime in 2017, Brian Eno made a good point when he once argued that innovation is an over-rated virtue. I have sympathy with Eno’s view, and one reflects that there is little point in being original if what one is creating is uniquely ‘bad’! It

x

Introduction

is the hope of both my co-editor and dear friend, Jessica Marshall and I that the following chapters, like those of the previous volume, are not merely original but also very timely and insightful.

Structure of the Book Jessica and I would like to emphasise that this collection of the ‘cream’ from both recent UCRU conferences can only possibly hope to scratch the surface of the enormous task of conceptualising the subject of crime and deviance in cyberspace, and we have therefore focused upon showcasing examples of outstanding work which offers new perspectives on selected areas of research interest. To some extent, alongside presenting chapters which to some extent serve to ‘rethink’ the subject of cybercrime and point the way cautiously towards new ways forward beyond the impasses facing contemporary criminological theorising previously outlined, the intention here is also to provide a cutting-edge, wideangled view of the ‘state of play’ in the academic discourse on cybercrime. Each chapter hopefully offers something new and worthwhile for the reader, and the interdisciplinary approach to cybercrime will hopefully ensure interest from students, academics and practitioners from a wide range of fields including criminology, sociology, law, philosophy, policing, forensic science, computing and so on. The book is divided into two parts, and in the first part, seven chapters are drawn together under the title, ‘Theoretical Explanations’. In the opening chapter, ‘Cyber Terrorism: Some Insights from Owen’s (2017) Genetic-Social Framework’, I consider how we might define ‘Cyber Terrorism’ in relation to notions of ‘Old’ and ‘New’ forms of terrorism. Drawing upon my postpostmodern, meta-theoretical, Genetic-Social framework, I apply insights and meta-concepts from the latest research in behavioural genetics, the neuroscience of free-will and evolutionary psychology in tandem with some Heideggerian concepts to the task of conceptualising and potentially predicting cyber terrorist violence. Concepts such as my modified notion of Psychobiography, Embodied Cognition, and Cyber Violence are defined, explained and applied to the area of study via my notion of Flexible Causal Prediction which views the cyber terrorist offender

Introduction

xi

in terms of the possible causal influences through a four-fold lens of socio-political/environmental, genetic, neurological and psychological variables. The chapter is dedicated to my beautiful niece, Grace Ridley who is about to embark upon her own academic journey. In Chapter “Vygotsky and Internet Grooming: The Darker Side of ZPD and Scaffolding”, ‘Vygotsky and Internet Grooming: The Dark Side of ZPD and Scaffolding’, Kerry Hannigan examines the development of typologies for internet grooming, specifically drawing upon the work of Vygotsky (1978) pertaining to the theory of the Zone of Proximal Development [ZPD] and Wood et al.’s (1976) development of the concept of scaffolding. Hannigan cogently argues that these same theoretical devices can be employed to work within a child’s zone of proximal development, keeping them safe online. As Hannigan suggests, the processes of ZPD and scaffolding can also provide useful insights into how we might better educate children in terms of safety online in tandem with rendering ineffective and unsuccessful many approaches favoured by sex offenders in cyberspace. Audrey Guinchard’s compelling chapter deals with the criminalisation of tools under the Computer Misuse Act 1990 and the need to rethink online offences in order to protect legitimate activity whilst deterring cybercriminals. The author argues that the offence of the misuse of tools has the paradoxical effect of endangering legitimate security research in addition to constituting a threat to established news-gathering practices. Guinchard argues powerfully that it is time to reform the CMA and for the legislator both in the UK and at the international level to properly engage with the security industry and civil society. In a fascinating chapter, Vasileios Karagiannopoulos provides a history of Hacktivism as a means to expressing political messages. His historical overview spans three decades and serves to not only familiarise the reader with the various characteristics, tactics and transformations associated with the phenomena of Hacktivism from the early beginnings to the present day, but also to enable us to understand the challenges faced by the criminal justice system in dealing with such a multi-faceted phenomenon. Nicci MacLeod and Tim Grant’s chapter deals with the subject of the assumption of identity online and examines how linguistics is helping the

xii

Introduction

policing of online grooming and the distribution of abusive images. The authors usefully report on a two year ESRC-funded project, Assuming Identities Online [A1O], which began in August 2014. The project aims to examine relationships between language and identity performance in cyberspace, dealing with questions of what linguistic analysis is required to describe an online linguistic persona to the extent that it could be in theory adopted by other individuals. MacLeod and Grant skilfully demonstrate one of the most important outcomes of this worthy project—a software tool which enables semi-automation of the analysis of online identities which they have been trialing for undercover investigations. Jean-Baptiste Maillart’s timely chapter very effectively challenges the territoriality principle in the context of cybercrime. The author considers the principle of territoriality as a keystone of the international legal order which does not allow States to effectively combat cybercrime. Maillart makes the interesting point that cybercrime actively challenges the idea of territoriality at both the prescriptive/adjudicative and enforcement levels. However, as such activities are rapidly becoming more organised and systemic, it is contended that States must have the correct legal tools to counter them, and Maillart points cautiously towards a possible way forward. There is continuity in the chapter by Wayne Noble, my fellow UCRU member’s chapter which develops further some of the ideas pertaining to incidents in which acts of violence and murder have been ‘livestreamed’ on social media such as Facebook and YouTube which he initially explored in his earlier chapter for our jointly edited, New Perspectives on Cybercrime in 2017. Wayne’s chapter here cogently analyses the interactions behind such actions and the evolution of criminals recording their deviance. The second part of the book addresses, ‘Policy Implications’, drawing together five very different papers from the conferences, all of which contain some very insightful observations and suggestions which have implications for social and educational policy-making. My co-editor and fellow UCRU member, Jessica Marshall’s powerful and thoughtprovoking chapter poses the question of whether notions of Risk Society and the ideology of motherhood can explain the continued hostility

Introduction

xiii

towards the parents of the missing Madeleine McCann on social media. Jessica does not attempt to speculate or pass judgement with regard to what may have happened to Madeleine or indeed who may be responsible for her disappearance. Rather, Jessica’s focus here is firmly upon elucidating the rationale for this continued hostility. In, ‘In and Out, On and Off; LGBT Online Experiences’, my fellow UCRU member, Megan Todd casts an expert eye upon how LGBT youth continue to face enduring and extraordinary obstacles in daily life, at school or within the realm of cyberspace. Whilst Megan provides convincing evidence that LGBT young people are at considerably greater risk of being bullied or harassed online than non-LGBT users of the internet, she also makes the important point that an awareness of risk is tempered by the anonymity afforded by online communications and the valuable benefits of online communities where LGBT sexualities can be explored and discussed in relative safety and comfort. Tine Munk’s chapter critically discusses and analyses the security problems pertaining to The Internet of Things, the paucity of regulations and awareness of the security threats in tandem with a very useful and timely discussion of the use of The Internet of Things for the purposes of surveillance, which as Munk convincingly suggests, might be the underlying reason for the lack of regulations. Bello and Griffiths very originally apply notions of Risk Activity Theory [RAT] to the subject of cybercrime investigations in Nigeria. Their fascinating research aims at comparing the response of policy strategies of specific law enforcement agencies in both the United Kingdom and Nigeria in tackling advance fee fraud or ‘confidence scams’. The study also aims to conceptualise cybercrime through the lens of Rational Activity Theory [RAT], which suggests that in order for crime to take place, the three requirements of a motivated offender, a suitable target and an absence of a capable guardian must be present. The authors very usefully contribute to the theory of RAT by arguing that for cybercrime to take place, a motivated offender, in this case a cybercriminal, must have a suitable target such as a victim or a computer, in the absence of a capable guardian, in this case the police. A former student of mine, fellow UCRU member and co-editor with myself of the recent volume, New Perspectives on Cybercrime (2017),

xiv

Introduction

Faye Christabel Speed draws very insightfully and originally upon my own, Genetic-Social, meta-theoretical framework (Owen 2017, 2018) to explain the Genetic-Social variables which may enable online victimisation. Faye’s research critically analyses three distinct zones which enable and facilitate online grooming paedophilic pathways, self-endorsed victimisation and societal failures. By focusing upon these three distinct zones, Faye is able to very cogently identify the specific facilitators of online grooming, whilst linking her analysis very usefully to selected examples of the insights from my post-postmodern sensitizing framework which seeks to ‘build bridges’ between the biological and the social in an anti-reductionist fashion.

Criminological Theorising in a Post-COVID-19 World? At the time of writing, May 2020 we are currently in lockdown due to COVID-19. The global pandemic has already brought in its wake seismic transformations in terms of its profound impact upon health, nose-diving economies, working patterns, lifestyle priorities and culture. I favour a definition of culture as the sum total of values and norms in any given society. Brian Eno’s definition of culture as, ‘Everything we don’t need to do’ is also useful. A recurring theme in media discussions at the moment is, ‘When will we be returning to normality?’. In an effort to extrapolate and predict future trends as a social theorist and criminologist, I would suggest that the possible answer to that question is, ‘Never’. Societies are in constant flux, as is culture, and the landscape will not remain the same, nor can it remain the same. We may, if a vaccine is discovered, be able to return to a new kind of ‘normal’, but there is no doubt whatsoever that COVID-19 has served to accelerate processes such as the transformation of intimacy with government-enforced social distancing and the colonisation of time with the adoption of shielded, home-based lifestyles and Zoom and Teams meetings for those fortunate enough not to be furloughed or made redundant. Michel Foucault’s famous predictions about a Surveillance State ring true in our new, postCOVID-19 landscape of facial recognition and Tracing Apps. For those

Introduction

xv

of us concerned with cybercrime, predictably malicious and fraudulent websites have sprung up purporting to offer information and advice about the pandemic, scammers are exploiting the desire for a cure for the virus, there have been hacking and Ransomeware attacks upon hospitals and medical research centres, and Europol are currently dealing with the trafficking of counterfeit Coronavirus medicines. It is probably the case that there might be future pandemics on this scale, and our increasing reliance upon new technology ensures that cyberspace is and will remain the fastest-growing site for crime and deviance. Arguably, in this post-COVID-19 world in which we find ourselves, there is a need for criminologists, or those from other disciplines who deal with criminological issues, to focus more upon cybercrime and to develop a biological literacy. This means in practical terms drawing from behavioural genetics, evolutionary psychology and neuroscience alongside the social sciences. My (2014) Criminological Theory: A GeneticSocial Approach and my (2017) Crime, Genes, Neuroscience and Cyberspace are to some extent the manifestos that underlie my own, Genetic-Social approach to criminological theorising. It is arguably not enough in this post-COVID-19 landscape to rely upon the ‘old’ grand narratives to be found in mainstream criminology and social science in order to conceptualise and understand cybercrime and cyber offenders. My model of the cyber offender, as described in my chapter, ‘Cyber Terrorism: Insights from Owen’s Genetic-Social Framework’ in this volume, is one in which the criminal is subject to a ‘cocktail’ of causal influences: genetic, psychological, neurological and socio-environmental and is arguably more realistic than the, ‘State as crimogenic’ mantras of Marxist critical criminologies. We require a more ontologically flexible approach, one which is truly interdisciplinary, as are the twelve chapters which follow in this new collection, in order to conceptualise a new, post -pandemic world in which most organisations are working from home via information technology, and our fears of contagion become business opportunities for cybercriminals. Spring 2020 in lockdown

Dr. Tim Owen

xvi

Introduction

References Hoschild, A. R. (1979). Emotion work, feeling rules and social structure. American Journal of Sociology, 85, 551–575. Owen, T. (2006). Genetic-social science and the study of human biotechnology. Current Sociology, 54 (6), 897–917. Owen, T. (2007). Culture of crime control: Through a post-Foucauldian lens. The Internet Journal of Criminology, 1–13. Owen, T. (2009). Social theory and human biotechnology. New York: Nova Science Publishers. With a Foreword by Professor Derek Layder [University of Leicester]. Owen, T. (2014). Criminological theory: A genetic-social approach. Basingstoke: Palgrave Macmillan. Owen, T. (2017). Crime, genes, neuroscience and cyberspace. Basingstoke: Palgrave Macmillan. Owen, T. (2018, August 24). How businesses can use psychology to safeguard against cyber criminals, Raconteur. Owen, T., Noble, W., & Speed, F. C. (2017). New perspectives on cybercrime. Basingstoke: Palgrave Macmillan. Vygotsky, L. S. (1978). Mind in society: The development of higher psychological processes. London: Harvard University Press. Wood, D., Bruner, J., & Ross, G. (1976). The role of tutors in problem solving. Journal of Child Psychology and Psychiatry, 17, 89–100.

Contents

Theoretical Explorations CyberTerrorism: Some Insights from Owen’s Genetic-Social Framework Tim Owen Vygotsky and Internet Grooming: The Darker Side of ZPD and Scaffolding Kerry Hannigan The Criminalisation of Tools Under the Computer Misuse Act 1990. The Need to Rethink Cybercrime Offences to Effectively Protect Legitimate Activities and Deter Cybercriminals Audrey Guinchard

3

23

41

xvii

xviii

Contents

A Short History of Hacktivism: Its Past and Present and What Can We Learn from It Vasileios Karagiannopoulos Assuming Identities Online: How Linguistics Is Helping the Policing of Online Grooming and the Distribution of Abusive Images Nicci MacLeod and Tim Grant The Need to Think Beyond Objective Territoriality to Better Protect the Rights of the Suspect of a Cybercrime Jean-Baptiste Maillart Images of Violence and Atrocity in Modern Media Wayne Noble

63

87

105 121

Policy Implications Can Risk Society and the Ideology of Motherhood Explain the Continued Hostility Towards the McCanns on Social Media? Jessica Louise Marshall

145

‘In and Out, On and Off: LGBT+ Online Experiences’ Megan Todd

169

The Internet-of-Things: A Surveillance Wonderland Tine Munk

191

Routine Activity Theory and Cybercrime Investigation in Nigeria: How Capable Are Law Enforcement Agencies? Muktar Bello and Marie Griffiths

213

Contents

xix

Online Grooming: An Exploration into the Genetic-Social Variables Which Enable Victimisation Faye Christabel Speed

237

Index

259

List of Figures

Assuming Identities Online: How Linguistics Is Helping the Policing of Online Grooming and the Distribution of Abusive Images Fig. 1 Fig. 2 Fig. 3

Variants of ‘no’ in Pilgrim (Source Author’s creation) Variants of ‘what’ in Pilgrim (Source Author’s creation) Turn initial capitalisation, participants 10 and 11 (Source Author’s creation)

93 94 100

Routine Activity Theory and Cybercrime Investigation in Nigeria: How Capable Are Law Enforcement Agencies? Fig. 1 Fig. 2

Theme: Measures, benefits of measures by LEAs, CAC & Sub-themes (Source Created by Author) Challenges of Tackling cybercrime (capable guardianship) (Source Created by Author)

224 228

xxi

List of Tables

Assuming Identities Online: How Linguistics Is Helping the Policing of Online Grooming and the Distribution of Abusive Images Table 1 Table 2

Domains of CMDA adapted from (Herring 2004: 18) Topic management in Pilgrim

92 97

Can Risk Society and the Ideology of Motherhood Explain the Continued Hostility Towards the McCanns on Social Media? Table 1

The trolling magnitude scale with examples

161

Routine Activity Theory and Cybercrime Investigation in Nigeria: How Capable Are Law Enforcement Agencies? Table 1

Research participants

221

xxiii

Theoretical Explorations

CyberTerrorism: Some Insights from Owen’s Genetic-Social Framework Tim Owen

1

Introduction For my niece, Grace Ridley.

In what follows, an updated version of Owen’s (2017) Genetic-Social , meta-theoretical framework which has been employed in many recent publications is briefly outlined and certain meta-constructs are ‘applied’ to the study of cyberterrorism. Cyberterrorism can be regarded as broadly defined in the literature, with definitions which range from the arguably narrow to those broader in scope. Eugene Kaspersky, quoted in The Times of Israel (2012) for example, offered an apocalyptic picture of the development of viruses which could signal the end of the world as we know it. Broader definitions such as those offered by Kaspersky extend to T. Owen (B) Reader in Criminology and Director of Uclan Cybercrime Research Unit [UCRU], University of Central Lancashire, Preston, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_1

3

4

T. Owen

types of internet usage by ‘terrorists’ as well as conventional assaults upon information technology infrastructures. Kaspersky appears to favour the term, ‘cyber terrorism’ to describe the use of large-scale cyber weapons such as Net Traveler Virus and Flame Virus, and equates these cyber weapons to biological weapons, viewing them as being equally, potentially destructive in the interconnected, global landscape. Hardy and Williams (2017) argue that the idea that ‘terrorists’ could cause huge losses of life, environmental damage and catastrophic economic damage by hacking into critical infrastructure systems is key to any definition of the term, cyberterrorism. Such conduct may possibly be motivated by political or religious ideology, or be possibly intended to intimidate a state government or a section of the general public. Gable (2010) suggests that an assault upon internet businesses can be regarded as cyberterrorism, but if the motivation involves attempts to inflict economic damage rather than ideological motivations, the action is more likely to be labelled as cybercrime. Baranetsky (2009) suggests that cyberterrorism overlaps somewhat with other phenomena such cybercrime and conventional ‘terrorism’. NATO defines cyberterrorism as a, ‘cyber attack using or exploiting methods to cause sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal’ (Centre of Excellence Defence Against Terrorism, 2008: 119). It is the contention here that cyberterrorism could be incorporated within a broader umbrella definition of ‘cyber violence’ (Owen 2017). The term, ‘cyber violence’ was originally offered by the International Telecommunications Union of the United Nations and originally referred to gendered violence online aimed at women and girls. Whilst it is acknowledged here that women and girls appear to be disproportionate victims of online hate-trolling, cyber-grooming and so on, it is also contended that we require a much broader definition of the term which would include hostile, aggressive behaviour aimed at people of all ages, socio-economic groups, genders, ethnicities and so on. For the purposes of this chapter and in terms of the further development of the Genetic-Social framework, cyberterrorism is considered to be a form of wider ‘cyber violence’. Of course, it is also contended here that the definition of ‘terrorist’ is highly subjective and depends largely upon one’s

CyberTerrorism: Some Insights from Owen’s …

5

status, social history, political affiliations, nationality and position within complex, geo-political situations and debates. The intention here is to illustrate the explanatory potential of the framework, in particular meta-constructs such as the Biological Variable and Psychobiography, in conceptualising cyberterrorism, and to construct an ontologically-flexible model of cyberterrorism which may be of help in predicting such behaviour. The term, the Biological Variable refers to the evidence from behavioural genetics and neuroscience for an, at least in part, biological basis for some human behaviour. Psychobiography refers to the unique, asocial aspects of the person such as inherited disposition. Another particular meta-construct from the framework plays a key role here and that is the notion of Neuro-Agency. This term is employed in preference to the standard term ‘agency’ in order to acknowledge the role of neurons in human free-will. In the course of examining cyberterrorism through the Genetic-Social lens of the Biological Variable and inherited Psychobiography, we consider evidence from Tiihonen et al. (2014) for the role of CD H13 and MAO-A genes in violent behaviour; evidence for the role of disinhibition in violence from Suler (2004) and Spiegel et al. (2009); evidence for the role of antisocial personality disorder and de-individuation in violence from Bishop (2013) and Buckels et al. (2014); evidence for the role of cortisol in aggression from Martin (1997) and evidence for links between an underdeveloped prefrontal cortex in teenagers with impulsivity which may be linked to violence in the work of Eagleman (2011). The approach employed here is interdisciplinary in the sense that the conceptual toolkit draws upon criminological theory, sociological theory, the philosophy of Heidegger, behavioural genetics, the neuroscience of free-will and evolutionary psychology. This post-Postmodern, ontologically-flexible framework represents an attempt to ‘build bridges’ between the biological and social sciences and suggests a way in which criminological theory might move beyond its four main theoretical obstacles. It is contended here that interdisciplinary research and collaboration which seeks to ‘build bridges’ between the biological and social sciences are of great benefit to the development of Realist, post-Postmodern criminologies and ‘aspects of our intellectual life that are complicit in the stagnation of critical criminology’ (Owen 2014: 4).

6

T. Owen

As Owen (2014: 1) suggests, ‘these obstacles are the nihilistic relativism of the postmodern and poststructuralist cultural turn; the oversocialised gaze and harshly environmentalist conceptions of the person; genetic fatalism or the equation of genetic predisposition with inevitability’ (Owen 2009, 2012) and bio-phobia (Freese et al. 2003), that appear to dominate mainstream criminology; and the sociological weaknesses of many so-called biosocial explanations of crime and criminal behaviour (see, for example, Walsh and Beaver 2009; Walsh and Ellis 2003), which, although dealing adequately with biological variables, appear to neglect or make insufficient use of meta-concepts such as agency-structure, micro-macro and time-space in their accounts of the person. The term, Genetic-Social is adopted in order to further distance the framework from hardline Sociobiology, and to reflect a hopefully more up to date and balanced account of the mutuality and plasticity between the biological and the social. The beginnings of the Genetic-Social framework lie in Owen’s (2006, 2007a, b) earlier attempts to expand Sibeon’s (2004) anti-reductionist framework from a focus upon agency-structure, micro-macro and timespace to include a ‘new’ focus upon biological variables, reflecting his interest in behavioural genetics. This has led to the current incarnation of the framework and the addition over time of ten ‘new’ meta-constructs, applied to the study of human biotechnology (Owen 2009), crime and criminal behaviour (Owen 2007b, 2012, 2014). In what follows, we briefly examine the sensitising device.

2

Genetic-Social Framework

The Genetic-Social framework arises out of a critique of the following ‘cardinal sins’ of illegitimate theoretical reasoning: 1. Reductionism. Reductionist theories are ones which attempt to reduce the complexities of social life to a single, unifying principle of explanation or analytical prime mover such as ‘the interests of capitalism’, ‘patriarchy’, ‘rational choice’, ‘the risk society’, ‘globalization’ and so on.

CyberTerrorism: Some Insights from Owen’s …

7

2. Essentialism. Essentialism is a form of theorising that in aprioristic fashion presupposes a unity or homogeneity of social phenomena. This can include social institutions, or taxonomic collectivities such as ‘white men’, ‘the middle class’, etc. 3. Reification. Reification is the illicit attribution of agency to entities that are not actors or agents. An actor is entity possessing cognition that, in principle, has the means of formulating, taking and acting upon decisions. Therefore, ‘the state’, ‘society’, ‘white people’, etc. are not regarded as actors. 4. Functional Teleology. Functional teleology is an invalid form of analysis involving attempts to explain the causes of social phenomena in terms of their effects, where ‘effects’ refers to outcomes or consequences viewed as performances of functions. If there is no evidence of intentional planning by actors ‘somewhere, sometime’, then it is a teleological fallacy to engage in explication of the causes of phenomena in terms of their effects, for example the concept of ‘institutional racism’ drawn upon in the MacPherson Report into the death of Stephen Lawrence (Owen 2014). 5. Relativism. Relativism is a philosophical stance associated with Poststructuralism (Foucault 1980a, b) and Post-modernism (Lyotard 1984). Arguably, relativists reject foundationalism from which theories can be generated, and fail to provide acceptable epistemologies and viable theories. The most basic criticism of Foucault’s relativistic position is that he never applies it to himself, to his own theories and conceptual frameworks. Foucault is open, that is to say, to the self referential objection which posits that, if all theories are the product of a particular situation, then so too is that theory, and it therefore has no universal validity. To put it another way, if truth and falsity do not exist in an absolute sense, then Foucault’s thesis about the relativity of all knowledge cannot be ‘true’ in this sense. In arguing the way he does, Foucault is surely employing the very criteria of truth and validity which he claims are culturally relative. He is, in a sense, employing reason to try to prove the inadequacy of reason; claiming to provide a universally valid and ‘true’ explanation of why there is no such thing as a universally valid and ‘true’ explanation. Put simply,

8

T. Owen

6.

7.

8.

9.

the Poststructuralist and Postmodern statement that there can be no general theory, is itself a general theory (Owen 2009, 2012, 2014). The Oversocialised Gaze. The meta-concept of the oversocialised gaze refers to harshly ‘environmentalist’ accounts which are characterised by a strong antipathy towards genetic, or partially genetic explication. Examples include Foucauldian arguments to the ends that sexuality is a ‘learned script’ (Owen 2014). Genetic Fatalism. Genetic Fatalism refers to a widespread tendency within social science to equate genetic determinism with inevitability. Arguably, it is a mistake to view the genes involved in human behaviour as immutable. Genes can be ‘switched on’, and external events—or free-willed behaviour—can ‘switch on’ genes (Owen 2009). Emotive Aversion. Emotive aversion refers to a tendency, especially prevalent within the left/liberal consensus that dominates UK-based Criminology, towards emotionally-charged, knee-jerk ‘yuk reactions’ to ‘controversial’ subjects ranging from the bio-phobia of reactions against attempts to marry genes and environment to cloning (Owen 2009). Incantatory Language. The metatheoretical framework can be said to be anti-incantatory in the spirit of Alain Robbe-Grillet (1963) and to some extent Heidegger (2010) in the sense of a ‘theory of pure surface’ and repugnance felt towards visceral, analogical and incantatory language of the sort which often characterises theories of hegemony, the idea of ‘the state as crimogenic’ and so on (Owen and Owen 2015).

In addition to these ‘cardinal sins’, the ‘sensitizing device’ focuses upon the following meta-theoretical formulations or meta-concepts: 1. Agency-Structure. The framework utilises a non-reified conception of agency, in which actors or agents are defined as entities that are, in principle, capable of formulating and acting upon decisions. Structure refers to the ‘social conditions’, or the circumstances in which actors operate, including the resources that actors may draw upon.

CyberTerrorism: Some Insights from Owen’s …

9

Structure, then, may refer to discourses, institutions, social practices and individual/social actors. However, the new term Neuro-Agency (Owen and Owen 2015) is now favoured over the earlier Agency. This is to acknowledge the work of those such as Dennett (1981) and Dennett et al. (2007) whose Compatibilist/Soft Determinist work strongly supports the notion of the neuroscience of free-will. The framework adopts an adaptionist, Neural Darwinist approach to human agency which posits that morality evolved. A recent, new meta-construct employed in the framework is the concept of Simulated, Non-Human Agency. This refers to programmed ‘machine agency’. As Owen and Owen (2015) made clear, no machine can be what Martin Heidegger refers to as Dasein, in other words conscious in the self-reflective way that human beings are, and no machine is capable of contemplating its own finitude. Nevertheless, programmed, so-called thinking technology in some contemporary instances may be said to employ a form of nonhuman, non-self-reflective, programmed agency. However, that is not to say that machines can be held culpable for how ‘they’ were programmed to operate by human actors. 2. Micro-Macro. This meta-construct refers to the units of and scale of analyses concerned with the investigation of varying extensions of time-space. Micro and Macro should be viewed a distinct and autonomous levels of social process. 3. Time-Space. Time-space refers to significant but neglected dimensions of the social, and reflects concerns with temporality and spatiality. Classical social theorists such as Durkheim have tended to regard time as ‘social time’, distinct from a ‘natural essence’. However, the question of how differing time frames including those associated with the macro-social order and those with the micro-social-interweave is a complex matter that relates to debates pertaining to dualism versus duality. 4. Power. The framework acknowledges the multiple nature of power. Power exists in more than one form, in particular, there are objective structural [including systemic] forms of power, and agentic power. The latter term refers to the partly systemic and partly relational and

10

5.

6. 7.

8.

T. Owen

potentially variable capacity of agents to shape events in a preferred direction. This is a modified notion of Foucauldian power, which recognises the dialectical relationship between agentic and systemic forms of power; the relational, contingent and emergent dimensions of power, and the concept that, contra Foucault, aspects of power can be ‘stored’ in positions/roles [i.e. that of a judge or police officer] and as social systems/networks (Owen 2014). Dualism. The framework favours dualism rather than notions of duality of structure. Foucault’s work, for example has a tendency to compact agency and structure together instead of treating them as dualisms. This Foucauldian tendency collapses distinctions between the two resulting in central conflation. Here it is recommended that agency and structure and biology and the social should be employed as dualisms that refer to distinct, relatively autonomous phenomena. That is not to deny the mutuality and plasticity between the biological and social realms but rather to acknowledge that there may be times when we wish to study each sphere of influence separately (Owen 2014). Intermittent Gewissen. This Heideggerian term refers to the idea that ‘the call of conscience’ is intermittent. The Biological Variable. The meta-construct refers to the evidence from evolutionary psychology, neuroscience and behavioural genetics for an, at least in part, biological basis for some human behaviour. For example, sexuality, language acquisition, reactions to stress and so on. Here, we should keep the notion of ‘nature via nurture’ firmly in mind. This refers to the ‘feedback loop’ which embraces both genes and environment, acknowledging plasticity and mutuality. Genes predetermine the broad structure of the brain of Homo Sapiens, but they also absorb formative experiences and react to social cues (Owen 2006, 2009, 2012, 2014). Recent cogent work by Tiihonen et al. (2014) pertaining to links between severe violent, criminal behaviour and MAO-A and CD H13 genotypes in a chort of Finnish prisoners is a possible ‘biological variable’ within multifactorial analysis. Psychobiography. The meta-construct was originally coined by Derek Layder to refer to the largely unique, asocial components of

CyberTerrorism: Some Insights from Owen’s …

9.

10. 11.

12.

11

an individual’s dispositions, behaviour and self-identity, these being aspects of the individual that are relatively independent of faceto-face interaction and the macro-social sphere. In his foreword to Owen’s (2009) Social Theory and Human Biotechnology, Layder states that, ‘I fully concur with Owen’s ‘extension’ of the implications of the notions of psychobiography to embrace the mutuality and plasticity of the relations between genetic and environmental influences’. Dasein. From Heidegger, meaning being-there, human being, being human. Heidegger uses ‘Dasein’ to refer both to the concrete human being and to its [abstract] being human. The term is employed in the framework usually to refer to an entity, the human being. Neuroplasticity. The term is from neuroscience and refers to the concept that life experiences reorganise the human brain. Embodied Cognition. This is another concept from neuroscience which conceives of the human mind as the product of the brain, the body and interactions in the outside world. Product. The concept that behaviour requires an actor ‘acting’ in an environment, and that the actor is the product of the genes, which are influenced by external events and Neuro-Agency absorbing formative experiences, and which ‘build’ the nervous system integrated within the actor productive of behaviour.

In what follows, we examine some selected examples of theoretical explanations for forms of cyberterrorism in addition to some selected explanations for aggression (Martin 1997; Tiihonen et al. 2014) and impulsivity (Eagleman 2011), which are here deemed relevant, even arguably essential, to the task of conceptualising forms of cyberterrorism, and we consider the possibility of synthesising some of the insights from these diverse explanations with meta-concepts from the GeneticSocial framework in a cautious attempt to point a possible ‘way forward’ towards a predictive model of cyberterrorism. The task here is to prepare the ground for further meta-theoretical and empirical investigation based upon large-scale synthesis involving models of flexible causality and flexible ontology.

12

3

T. Owen

Forms of Cyberterrorism and Some Possible Explanations

The psychologist, John Suler (2004) studied the behaviour of participants in online chatrooms noting that participants tended to display greater anger and aggression in cyberspace than they did offline. He argued that this was because, ‘when protected by a screen, people feel that real-world social restrictions, responsibilities and norms don’t apply’ (Bartlett 2014: 8). Whether real or imagined, anonymity may allow people to explore their identities but it also may ‘allow’ them to act without fear of being held to account for their behaviour in a realm where responsibilities, norms and social restrictions may not apply. Suler called this, ‘The Online Disinhibition Effect’. He examined six factors ‘that interact with each other in creating this online disinhibition effect’, which are dissociative anonymity, invisibility, asynchronicity, solipsistic introjection, dissociative imagination and minimisation of authority (ibid.: Abstract). Suler chose not to conceptualise disinhibition as the revealing of, ‘an underlying ‘true self ’, but rather as, ‘a shift to a constellation within self-structure involving clusters of affect and cognition that differ from the in-person constellation’ (ibid.). This disinhibition effect may manifest itself as ‘toxic disinhibition’ in situations where people, ‘visit the dark underworld of the Internet- places of pornography, crime, and violence- territory they would never explore in the real world’ (ibid.: Abstract). Interestingly, there is some evidence for a link between disinhibition and a disruption of the orbitofrontal circuit, which according to Spiegel et al. (2009) has been treated successfully with carbamazepine. Buckels et al. (2014: Abstract) recently examined trolling and found that there were, ‘overall strong positive associations emerged among online commenting frequency, trolling engagement, and troll identity, pointing to a common construct underlying the measures’, and that both of their studies, ‘revealed similar patterns of relations between trolling and the Dark Tetrad of Personality: trolling correlated positively with sadism, psychopathy and Machiavellianism’. Trolling has, according to Bartlett (2014: 20), become, ‘shorthand for any nasty or threatening behaviour online’. With this is mind, it is interesting to read Bishop’s (2013) recent work on the de-individuation of the internet troller, and

CyberTerrorism: Some Insights from Owen’s …

13

his ‘interview with a Hater’. Bishop (ibid.: Abstract) suggests that the interview, ‘makes it apparent that there are a number of similarities between the proposed anti-social personality disorder in DSM-V and flame-trolling activity’. Bishop (2013: 29) identifies deindividuation, ‘a psychological state where inner restraints are lost when individuals are not seen or paid attention to as individuals’, as part of the depersonalisation and decreased sense of self-identity, self-awareness and self-control in ‘Hater’ trolls. Bishop (ibid.: 46) usefully constructs a ‘Trolling Magnitude Scale’, suggesting that if such instruments are adopted, ‘it will make it easier for the police and other law enforcement authorities to prioritise who is prosecuted in an objective way’. He makes a cogent point when arguing that the law enforcement agencies, ‘need to get a grip, and take action against flame-trollers only when set thresholds are met and not in response to media-led public opinion’ (ibid.). As Bishop also correctly suggests, an important step following the identification of which examples of trolling are ‘offensive’ is ‘trying to understand why some of the most prolific trollers act the way they do’ (ibid.: 45). Clearly, in relation to the particular ‘Hate’ troller interviewed by Bishop, there is evidence provided on nearly every criteria of DSM-V ‘to support the claim that the psychopathy of Internet trollers resembles those with personality disorders’ (Bishop 2013: 45). The author goes on to ponder whether ‘Haters’ have average abilities, and whether their resentment of ‘those who excel from being Hi-Functioning Empathics or Hi-Functioning Autistics’ results from their ‘wanting to be the best at everything and instead being the best at nothing’ (ibid.: 46). In other words, these neurotic and psychotic symptoms could be, ‘an outcome of a failure to choose between excelling in life as an empathic, or indeed as an autistic’ (ibid.). This, in Bishop’s view, is not the ‘fault’ of the ‘Hater’ but rather the result of the historically unique, high demands placed upon people in twenty-first century society. A long-term solution, Bishop (ibid.) ponders, is perhaps for neuroscientists to, ‘force the evolution of the brain’. There may be times when it is an advantage to be empathic, such as when socialising, and times when it is an advantage to be autistic, such as when engaged in studying. These examples of explanations for aspects of cyber violence, which may be linked to cyberterrorism, rooted in psychology, can arguably be

14

T. Owen

synthesised with examples of the biological variable favoured as a metaconcept in the Genetic-Social , metatheoretical framework. For example, Bishop’s (2013) work which, as we have seen above, usefully links ‘Hate’ trolling with DSM-V, includes impulsivity as a notable characteristic of such offline offenders. There is convincing evidence from Eagleman (2011) for a link between impulsivity in teenagers and underdevelopment of the prefrontal cortex of the brain. Not all ‘Hate’ trollers are teenagers, and indeed Bartlett (2014) provides examples of prolific offenders who are much older, but a sizeable proportion of trollers are teenagers. It may be possible to include the biological variable of an, at least in part, neurological explanation for the impulsive behaviour displayed by some teenage trolls. As Eagleman (2011: 122) puts it, ‘the human prefrontal cortex does not fully develop until the early 20s, and this fact underlies the impulsive behaviour of teenagers’. Additionally, it may be possible to link the psychologically-based observations of those such as Suler (2004), Buckels et al. (2014), and Bishop (2013) in relation to cyber violence with further examples of the biological variable; that of the recent work on MAO-A and CD H13 genes linked to aggression in the work of Tiihonen et al. (2014). Links between the first gene, MAO-A and aggression first came to attention in 1993 via the study of a family in the Netherlands in which the men were, ‘inclined to violently deviant behaviour, such as impulsive aggression, arson, attempted rape and exhibitionism’ (Wade 2014: 55). The eight men concerned carried an unusual form of the MAO-A gene in which a single mutation causes the cell’s assembly of the MAO-A enzyme to be stopped halfway through, making it ineffective. As a result of this absence of functioning MAO-A enzymes, neurotransmitters grow in excess, which is linked to over aggression in social contexts (Anholt and Mackay 2012). Tiihonen et al.’s (2014: Abstract) more recent work covers both MAOA and CD H13 genotypes in a group of Finnish prisoners and cogently suggests that in the developed countries, ‘the majority of all violent crime is committed by a small group of antisocial recidivistic offenders’, but until recently ‘no genes have been shown to contribute to recidivistic violent offending or severe violent behaviour such as homicide’. However, the results of Tiihonen et al.’s study of two independent

CyberTerrorism: Some Insights from Owen’s …

15

cohorts of Finnish prisoners, ‘revealed that a monoamine oxidase A [MAO-A] low-activity genotype [contributing to low dopamine turnover rate] as well as the CD H13 gene [coding for neural membrane adhesion proteins] are associated with extremely violent behaviour [at least 10 committed homicides, attempted homicides or battery]’ (ibid.). Tiihonen and colleagues found that, ‘no substantial signal was observed for either MAO-A or CD H13 among non-violent offenders, indicating that findings were specific for violent offending, and not attributable to substance abuse or antisocial personality disorder’ (ibid.). For the researchers, these results indicate ‘both low monoamine metabolism and neuronal membrane dysfunction as plausible factors in the etiology of extreme criminal violent behaviour’ (ibid.). It is argued here that it may be possible to include MAO-A and CD H13 genotypes as biological variables in metatheoretical analysis of cyber violence drawing upon flexible ontology and multifactorial explanations. Tiihonen’s study does not venture into cyberspace as an arena for criminality but it is possible that some offenders engaging in extreme examples of cyber violence such as cyberterrorism (such as attempts by ISIS’s hackers to attack key targets in increasingly interconnected western cities and thus potentially bringing them to a standstill) may indeed carry such genotypes. The Genetic-Social framework employed here posits that ‘nurture’ depends upon genes, and genes require ‘nurture’. To reiterate, genes predetermine the broad structure of the brain of Homo sapiens, absorb formative experiences, react to social cues and can be ‘switched-on’ by agentic behaviour and environmental stimuli. For example, stress can be caused by the outside world, by impending events, by bereavements and so on. Short-term stressors, ‘cause an immediate reaction in the production of norepinephrine and epinephrine hormones responsible for increasing the heartbeat and preparing the human body for ‘fight or flight’ in emergency situations’ (Owen 2014: 2–3). Stressors that have a longer duration may activate a pathway that results in a slower but more persistent increase in cortisol. Cortisol can suppress the working of the immune system. Thus, those who have shown symptoms of stress are more likely to catch infections because an effect of cortisol is to reduce the activity and number of white blood cells or lymphocytes (Becker et al. 1992). As Martin (1997) shows, cortisol does this by

16

T. Owen

switching on genes, and it only switches on genes in cells that possess cortisol receptors, which have in turn been switched on by environmental stimuli, such as stress caused by bereavement. Cortisol is secreted in the first place because a series of genes such as CYP17 get switched on in the adrenal cortex to produce the enzymes necessary for making cortisol. There are some very important implications here which inform the attempts to construct Genetic-Social conceptualisations and explanations of cyber violence. For example, Filley et al. (2001) have linked elevated levels of norepinephrine with aggressive criminal behaviour. Hostile behaviour can be induced in humans by increasing plasma levels of norepinephrine, whereas agents that block norepinephrine receptor cells can reduce violent behaviour (ibid.). Again, the biological variable, in this case, the role of cortisol levels in violent criminal behaviour may be drawn upon in multifactorial, metatheoretical theorising in relation to cyberterrorism. It is certainly possible that the behaviour of some offenders is, at least in part, related to cortisol levels. The Genetic-Social approach to cyberterrorism acknowledges that crime may be socially-constructed in the sense that, ‘human actors ascribe meaning to the world, but that there is still a reality ‘out there’, in the sense that environmental conditions are potential triggers of genetic or physiological predispositions towards behaviour that may be labelled criminal’ (Owen 2014: 3). However, that does not mean that behaviour should be viewed as reflecting an inherited, prewritten script that is beyond individual control. The hardline neural determinism of Eagleman (2011) in which there appears to be a rejection of the notion of free-will is challenged here. The Genetic-Social framework utilises the term Neuro-Agency to acknowledge the influence of neurons upon human agency but further research will have to be conducted before there can be any abandonment of the idea that human beings are reflexive agents who, ‘possess the agency to choose not to engage in criminal activities where they believe that their actions will harm others and offend ethico-social codes, or where the rewards are outweighed by negative consequences’ (Owen 2014: 3). Agency, in turn, is influenced not only by morality or reason but also by inherited, constitutional variables. An inherited, impulsive disposition whether the result of an under-developed prefrontal cortex (Eagleman 2011), anti-social

CyberTerrorism: Some Insights from Owen’s …

17

personality disorder (Bishop 2013) or a reflection of unique, asocial psychiobiography which may not ‘fit’ any existing typology (Owen 2014), may predispose an actor to formulate and act upon potentially criminal decisions. In Genetic-Social theorising, notions of the biological variable and unique psychobiography must be considered as one element within multifactorial explanations of crime and criminal behaviour alongside a critique of neuro-agency and structure, time-space, modified notions of Foucauldian power and other meta-concepts codified earlier. To recap, behaviour such as cyberterrorism requires an actor ‘acting’ in an environment, in this case cyberspace. The actor can be conceptualised as the product of the genes, which are impacted upon by external events, neuro-agency, and absorb formative experiences, required to ‘build’ the nervous system integrated within. An actor may be also conceptualised as a conscious, sentient being capable of formulating and acting upon decisions. As Owen and Owen (2015) recently made clear, this definition is at odds with the reified accounts of agency favoured in Posthuman Agency theories and Actor –Network theories. The Genetic-Social framework draws upon the concept of Dasein from Heidegger (2010), which views the human being not as an isolated subject removed from the world of objects that it desires knowledge of. For Heidegger, humans are beings who are, ‘always already in the world , and in the main we do not distinguish ourselves from this world’ (Owen and Owen 2015: 23). In Heideggerian terms, being is time, to be a human being is to exist temporally between birth and death. This idea of the human actor as a being capable of contemplating its own finitude is greatly at odds with the reified concept of the ‘merged’ hybrid between human actor and technology favoured in Brown’s (2013) concept of Virtual Criminology. The actor, in this case, an offender engaged in cyberterrorism, has embodied cognition, that is to say the mind is the product of the dynamic interaction between the brain, the body and external influences in the world. Again, there is a link here to the ideas of Heidegger in the sense that the criminal offender experiences the world by interacting with it, and in this criminal context that may involve engaging in threatening, offensive or terrifying behaviour, and that thinking involves putting things to ‘use’.

18

4

T. Owen

Building a Possibly Predictive Model of Cyberterrorism

To recap, the Genetic-Social metatheoretical framework draws upon notions of multifactorial analysis, a flexible Realist ontology, and notions of flexible causality, rejecting reductionist, unitary explanations. It is contended here that it may be possible to utilise the framework in an attempt to build a possibly predictive model of cyberterrorism. Cyberterrorism, as has hopefully been made clear, is regarded here as a form of ‘cyber violence’; online behaviour on the part of an actor which is situated either on conventional social media sites or the dark net and which is hostile and aggressive, and may also be offensive, obscene, indecent or of a menacing character. This may include phenomena such as ‘Hate’ trolling, online ‘grooming’ and sexual predation, cyberterrorism and so on. It is argued here that we need to expand the rather narrow definition of cyberterrorism to include it within the umbrella term, ‘cyber violence’. As we have seen previously, the metatheoretical framework arises out of a critique of the following illicit forms of theoretical reasoning; reductionism, reification, essentialism, functional teleology, emotive aversion, incantatory language, the oversocialised gaze, relativism and genetic fatalism. As we have also seen earlier, the framework draws upon notions of the biological variable and psychobiography in metatheoretical analysis. In this context, we may regard the biological variable as including the evidence for a role for cortisol in aggression (Martin 1997), the role of an underdeveloped prefrontal cortex in teenagers in impulsivity (Eagleman 2011), and the role of CD H13 and MAO-A genotypes in aggression (Tiihonen et al. 2014). Psychobiography refers to unique, asocial aspects of the person such as disposition, and in some cases, this behaviour may not ‘fit’ neatly into existing typologies of behaviour. In other cases, the unique criminal behaviour may be combined with patterns of behaviour that are typical of the subgroup to which the offender belongs. Included under the dispositional umbrella of psychobiography, are the Machiavellianism, sadism and psychopathy identified by Buckels et al. (2014), the antisocial personality disorders identified by Bishop (2013). These elements are possible causal variables that we might combine with Suler’s (2004)

CyberTerrorism: Some Insights from Owen’s …

19

online disinhibition effect, and notions of time-space, micro-macro and neuro-agency-structure in multifactorial analysis. Owen and Noble (2015) recently employed Noble’s notion of Causal Probability in an attempt to ‘apply’ Owen’s notion of flexible ontology and multifactorial analysis to issues around conflict. Here it is contended that Owen’s meta-concept of Flexible Causal Prediction (FCP) is employed in conceptualising cyberterrorism as it might more accurately describe the anti-reductionist approach of Genetic-Social theorising. If we were to employ a GeneticSocial approach to cyberterrorism we would need to keep firmly in mind that the meta-theoretical framework which informs it relies upon an anti-reductionist approach which rejects simplistic, unitary explanations for complex phenomena. We are employing meta-theory here, which is primarily concerned with ontological questions and reliant upon methodological generalisations. The intention is to inform and possibly improve the construction of substantive theory and the design of empirical field research. In using Flexible Causal Prediction or FCP, the researcher using the framework would be able to gain a picture of the most likely combination of variables in an explanation of the cyberterrorism of an individual offender. Here, the intention is to cautiously point a possible way forward which might inform the approaches of those who seek to conceptualise and possibly combat cyberterrorism, taking into account that concepts of ‘terrorism’ are arguably subjective, and often depend, at least in part, from where individual actors see themselves positioned within often complex national, and geo-political debates around ethnic identity and/or religious belief.

5

Concluding Observations

It is the contention here that we need to widen the definition of cyberterrorism to include a much broader spectrum of hostile and aggressive behaviour in cyber space. As has been hopefully demonstrated here, it may be possible to arrive at a predictive model of what has come to be regarded as cyberterrorism if we draw upon the multifactorial analysis favoured in the Genetic-Social meta-theoretical framework, avoiding the ‘cardinal sins’ of illicit theoretical reasoning, drawing upon the array of

20

T. Owen

meta-concepts outlined above in the manner of a ‘toolkit’ and applying the meta-concepts via a Realist approach which relies upon FCP or Flexible Causal Prediction. This synthesis may be of use to criminological theorists, makers of social policy and practitioners in the field of criminal justice. To reiterate, Genetic-Social meta-theorising serves to prepare the ground for further theoretical and empirical investigation and this entails large-scale synthesis.

References Anholt, R. R. H., & Mackay, T. F. C. (2012). Genetics of Aggression. Annual Review of Genetics, 46 (2012), 145–164. Bartlett, J. (2014). The Dark Net. London: Windmill. Baranetsky, V. (2009, November 5). What Is Cyberterrorism? Even Experts Can’t Agree. Harvard Law Record . Becker, J. B., et al. (1992). Behavioural Endocrinology. Cambridge, MA: MIT Press. Bishop, J. (2013). The Effect of De-individuation of the Internet Troller on Criminal Procedure Implementation: An Interview with a Hater. International Journal of Cyber Criminology, 7 (1), 28–48. Brown, S. (2013). Virtual criminology. In E. McLaughlin & E. Muncie (Eds.), The Sage Dictionary of Criminology. London: Sage. Buckels, E., Trapnell, P. D., & Paulhus, D. L. (2014). Trolls Just Want to Have Fun. Personality and Individual Differences, 67 (9), 97–102. Centre of Excellence Defence Against Terrorism. (2008). Responses to Cyber Terrorism (p. 34). Amsterdam: IOS Press. Dennett, D. (1981). Brainstorms: Philosophical Essays on Mind and Psychology. Cambridge, MA: MIT Press. Dennett, D., et al. (2007). Neuroscience and Philosophy: Brain, Mind and Language. Columbia: Columbia University Press. Eagleman, D. (2011, July/August). The Brain on Trial. The Atlantic, p. 113. Filley, C. M., et al. (2001). Towards an Understanding of Violence: Neurobehavioural Aspects of Unwarranted Physical Aggression: Aspen Neurobehavioural Conference Consensus Statement. Neuropsychology and Behavioural Neurology, 14, 1–14. Foucault, M. (1980a). Power/Knowledge. New York: Pantheon Books.

CyberTerrorism: Some Insights from Owen’s …

21

Foucault, M. (1980b). The History of Sexuality. New York: Vintage Books. Freese, J., et al. (2003). The Potential Relevances of Biology to Social Inquiry. Annual Review of Sociology, 29, 233–256. Gable, K. A. (2010). Cyber-apocolypse Now: Securing the Internet Against Cyber Terrorism and Using Universal Jurisdiction as a Deterrent. Vanderbilt Journal of Transnational Law, 43(57), 76–88. Harvey, K., & Williams, G. (2017). Cyberterrorism. New York: Springer. Heidegger, M. (2010). Being and Time (J. Stambaugh, Trans. and revised by D. J. Schmidt). Albany: State University of New York Press. International Telecommunications Union. (2015). Cyber Violence Against Women and Girls: A World-Wide Wake-Up Call. A Report by the UN Broadband Commission for the Digital Development Working Group on Broadband and Gender [Withdrawn, November]. Lyotard, J. F. (1984). The Postmodern Condition: A Report on Knowledge. Manchester: Manchester University Press. Martin, P. (1997). The Sickening Mind: Brain, Behaviour, Immunity and Disease. London: HarperCollins. Owen, T. (2006). Genetic-Social Science and the Study of Human Biotechnology. Current Sociology, 54 (6), 897–917. Owen, T. (2007a). After Postmodernism: Towards an Evolutionary Sociology. In J. L. Powell and T. Owen (Eds.), Reconstructing Postmodernism: Critical Debates. New York: Nova Science Publishers. Owen, T. (2007b). Culture of Crime Control: Through a Post-Foucauldian Lens. The Internet Journal of Criminology. https://www.theinternetjournal ofcriminology.com. Owen, T. (2009). Social Theory and Human Biotechnology. New York: Nova Science Publishers. With a Foreword by Professor Derek Layder (University of Leicester). Owen, T. (2012). The Biological and the Social in Criminological Theory. In S. Hall & S. Winlow (Eds.), New Directions in Criminological Theory. London: Routledge. Owen, T. (2014). Criminological Theory: A Genetic-Social Approach. Basingstoke: Palgrave Macmillan. Owen, T. (2017). Crime, Genes, Neuroscience and Cyberspace. Basingstoke: Palgrave Macmillan. Owen, T. (2018, May 24). How Businesses Can Use Psychology to Safeguard Against Cyber Criminals. Raconteur.

22

T. Owen

Owen, T., & Noble, W. (2015, September 10). Towards a Genetic-Social Approach to Conflict. In Learning from Conflict National Conference. Bolton, UK: Macron Stadium. Owen, T., Noble, W., & Speed, F. C. (2017). New Perspectives on Cybercrime. Basingstoke: Palgrave Macmillan/Springer. Owen, T., & Owen, J. A. (2015). Virtual Criminology: Insights from GeneticSocial Science and Heidegger. Journal of Theoretical and Philosophical Criminology, 7 (1), 17–31. Owen, T., & Speed, F. C. (2017). Biology and Cybercrime: Towards a Genetic-Social, Predictive Model of Cyber Violence. In T. Owen, W. Noble, & F. C. Speed (Eds.), New Perspectives on Cybercrime. Basingstoke: Palgrave Macmillan/Springer. Robbe-Grillet, A. (1963). For a New Novel: Essays on Fiction. Paris: Les Editions de Minuit. Sibeon, R. (2004). Rethinking Social Theory. London: Sage. Spiegel, D. R., et al. (2009). Disinhibition Due to Disruption of the Orbitofrontal Circuit Treated Successfully with Carbamazepine: A Case Series. The Journal of Neuropsychiatry and Clinical Neurosciences, 21(3), 323–327. Suler, J. (2004). The Online Disinhibition Effect. CyberPsychology and Behavior, 7 (3). The Times of Israel. (2012, June 6). Latest Viruses Could Mean ‘End of World as We Know It’, Says Man Who Discovered Flame. Tiihonen, J., et al. (2014). Genetic Background of Extreme Violent Behavior. Molecular Psychiatry, 20, 786–792. Wade, N. (2014). A Troublesome Inheritance: Genes, Race and History. London: The Penguin Press. Walsh, A., & Beaver, K. M. (Eds.). (2009). Biosocial Criminology: New Directions in Theory and Research. New York: Routledge. Walsh, A., & Ellis, L. (Eds.). (2003). Biosocial Criminology: Challenging Environmentalism’s Supremacy. New York: Nova Science Publishers.

Vygotsky and Internet Grooming: The Darker Side of ZPD and Scaffolding Kerry Hannigan

The creation of the internet and the advancement in technology of mobile and portable devices has led to a new set of tools being made available for children to use and a new set of interactions for children to participate in (Vygotsky 1978; Rogoff and Morelli 1998; Berryman et al. 2002; Li and Atkins’ 2004). The internet and the devices that can be used to access the internet have, however, led to an increase in the risks and excitements children and young people can face. This, in turn, leads to an increase in the coping strategies they need to develop. Young people are typically driven by curiosity and a desire to do something exciting but acknowledge that there are dangers associated with this; learning to ride a bike, for example. This would suggest that young people are developing their coping strategies through a balancing act of trial and error. Some of the issues which can enhance the risks faced and the coping strategies required by children and young people on the internet include K. Hannigan (B) University of the Highlands and Islands, Perth College, Perth, Scotland, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_2

23

24

K. Hannigan

the naïve and trusting nature of children, the curiosity, rebellion and independence of children, and, their fascination; in terms of engaging with exciting and deviant behaviour such as ‘naughty’ conversations or pornographic images (Calder 2004). All children will engage in a certain level of activity behind their parent’s back (well-adjusted and troubled or troublesome children). In the offline, face-to-face setting, however, this type of behaviour is seen as natural and an essential feature of development (growing-up). The same cannot be said for the online environment as, unfortunately, a situation which initially appears innocent can easily be moved to a situation which not only makes the child feel uncomfortable but also guilty, responsible and unable to tell anyone (Calder 2004). The internet can provide individuals with a sexual interest in children access to information which not only enhances their interest but also justifies it. Some of the access or information the internet can provide for these individuals include anonymity and masked identity; twenty-fourhour access to other child sex abusers worldwide; mutual support groups for discussing child-sex philosophies and supporting each other; instant and worldwide access to a large pool of potential child victims; access to chat rooms designed for children and young people, increasing the pool of potential victims (and who and where to target); means to trace and locate and contact potential child victims (through publicly shared information); and the ability to engage in long-term online relationships with potential victims, grooming them in preparation for engaging in faceto-face physical contact (Quayle and Taylor 2003; Calder 2004; Quayle 2004; O’Connell 2004, 2010; Powell 2007; Beech et al. 2008). In addition, the internet allows for flexibility in the approach used by online child sex offenders. Some online child sex offenders target vulnerable parents as their first point of contact, gaining access to the children through communications with the parent. Some disguise their identity by portraying themselves as children, whilst others do not hide that they are an adult and use their ‘honesty’ as a way of gaining the trust of potential child victims (Sullivan and Beech 2004; Powell 2007). On top of this, the internet allows for online ‘communities’ to be created which can then be used to develop a network of online child sex abusers. These communities not only allow for communications to take

Vygotsky and Internet Grooming …

25

place, they are also used as a forum for knowledge exchange. This can include sharing successful grooming practices, identifying chat rooms to exploit, and advice on how to avoid detection. It can also be used by child sex abusers who are currently engaged in the grooming process of a child but are having difficulties or believe the child may be becoming suspicious; they ‘offer’ the child’s details to an ‘associate’ (other users) so that they may approach the child using an alternative method (O’Connell 2004, 2010). Developing a typology for internet grooming offenders is therefore complex and difficult to achieve. Online offenders can cross categories or work through different stages of the process using different methods, therefore any typology associated with online child sex abusers should be seen as fluid. Survey research involving 859 Scottish school pupils aged 10–17 years led to the identification of Vygotsky’s (1978) theory of the Zone of Proximal Development (ZPD) and Wood et al.’s (1976) development of the concept of scaffolding. These theories not only offer an explanation of the behaviour of online sex offenders but also the behaviour of potential child victims (Hannigan 2014, unpub). They also offer an explanation of how the internet and the devices used by the internet (tools) can be utilised by child sex offenders to groom potential child victims (taking into account the fluid nature of the offenders themselves). In addition, ZPD and scaffolding can provide us with an understanding of how dangerous individuals, such as child sex offenders, can exploit and manipulate the normal developmental process of children and young people. These same theories and tools (internet and devices), however, can also be used to work in support of a child’s development, providing them with the knowledge and means to keep them safe from online child sex offenders (Hannigan 2014, unpub).

1

Vygotsky and Internet Grooming: The Darker Side of Scaffolding

Vygotsky believed that children were born with a set of innate abilities (basic mental functions) including perception, attention and some features of memory. Through interacting with others, children go on to

26

K. Hannigan

develop more complex abilities (higher mental functions). His interest lay in the development of higher mental functions. Vygotsky noted that the development of aspects such as classification, reasoning, and voluntary memory, involved using inventions of society as well as increasingly sophisticated psychological tools (language, memory devices, mathematical devices) (Vygotsky 1978; Rogoff and Morelli 1998; Berryman et al. 2002). The continued advancement (invention) of communicative technologies such as the internet, computers, laptops, tablets and mobile telephones has led to a new set of ‘tools’ which are becoming embedded in everyday life. These tools can not only enhance and accelerate a child’s cognitive development, they can also eliminate some of the language barriers faced across cultures. Vygotsky introduced the concept of the ‘Zone of Proximal Development’ (ZPD) to explain and understand how a child’s cognitive development occurs as a result of social interactions and the use of cultural tools (Vygotsky 1978; Berryman et al. 2002). ZPD can be defined as the difference between a child’s actual developmental level, which is determined by independent problem-solving skills, and their potential developmental level, which is determined by problem solving with an adult or able person. According to Vygotsky, ZPD defines the functions in a child that have still to develop and are in the process of developing. He classified these functions as being in the ‘embryonic state’ which will develop ‘tomorrow’ (Vygotsky 1978; Berryman et al. 2002). Through social interactions with more able members of their culture and society, children achieve things (are able to do things) they would normally be unable to do on their own (Vygotsky 1978; Berryman et al. 2002). The amount of assistance provided by an adult or able person is critical. Help and support should always be maintained at a level which is just outside of the child’s existing developmental level, challenging for the child but without being overly difficult. The level of help should also be tailored to match the changes in a child’s developmental level, providing less and less help as the child progresses. Should the child start to regress at any point, further help should be provided. Cognitive development is believed to occur as a result of working within a child’s ZPD. According to Vygotsky, through imitating adults and being instructed

Vygotsky and Internet Grooming …

27

how to act, children can go on to develop an extra accumulation of skills. ZPD is therefore a powerful concept which has the potential to increase the effectiveness of and value of improving mental development in educational settings through the application of diagnostic material and problem-solving solutions (Vygotsky 1978; Berryman et al. 2002). The concept of ‘teaching or educating’ a child can be applied to the internet mediated (and the face-to-face settings) grooming methods used by online child sex offenders. O’Connell’s (2004, 2010) mediated grooming cycle demonstrates how interactions take place between an online sex offender and child victim, progressing through each stage only when they feel the child is in a position to do so. They will also move back a stage if they feel this would be more productive, depending on the offender’s objectives (to meet with the child, or, to communicate with the child). Child sex offenders are prepared to work with potential child victims and will spend as much time as the child needs at each stage of the grooming process. They are also prepared to prompt and encourage the child when necessary and step back to allow the child to progress on their own. This can be conceptualised as an offender working within a child’s ZPD by ‘helping’ the potential child victim to become accustomed to the mediated communications settings and environment and, potentially, from there to face-to-face settings (Hannigan 2014, unpub). Vygotsky’s definition of the Zone of Proximal Development does not, however, provide an explanation of the form of support and collaboration which needs to take place (Wood and Wood 1998). Wood et al. (1976), however, developed the concept of ‘scaffolding’ to explain how support and collaboration could be provided to a child, within their ZPD. According to Wood et al. (1976), instructors who are successful at providing scaffolding for a child follow two rules. These are ‘rules’ set out for working within a child’s ZPD: if a child is failing at a task, the instructor should increase the level of help and guidance they provide, and, if a child is successful, the instructor should decrease the level of help and guidance they provide. There are six features (stages) to Scaffolding: • Encourage the child’s interest in the task

28

K. Hannigan

• Simplify the task by reducing the number of possible actions that the child could carry out • Keeping the child in pursuit of a particular objective • Marking the critical features of the task • Controlling the child’s frustration during problem solving • Demonstrating solutions to the child or explaining the solutions that the child has partially completed (Wood et al. 1976). This process is evident in the cyclical nature of mediated grooming, however, once an online sex offender has reached their goal with their child victim, they do not continue the process, they start again with a new potential child victim. Child sex abusers are prepared to spend as much time as necessary with a child during each stage of the grooming process. They are also prepared to regress back to previous grooming stages where necessary, providing the child with as little or as much assistance as required. Below is a demonstration of how ZPD and Scaffolding can help understand the behaviour of both online child sex offenders and children and young people, and, how they can be used to empower children and young people, reducing the number of online child sex offences and reducing the number of potential victims.

1.1

Encourage the Child’s Interest in the Task

This feature is evident in Martellozzo’s (2012) account of the HyperConfident and Hyper-Cautious online sex offenders. Hyper-Confident offenders will create social network profiles with naked images of their body, using a child’s own natural curiosity to encourage their interest in the task. Hyper-Cautious offenders will create social network profiles pretending they are a child themselves and will use this to encourage a child’s interest in the task. Children and young people can access the internet regularly and the number of devices they can use (games consoles, mobile telephones, laptops, tablets), the activities they can participate in, and the popularity of the internet, means that they are already interested in the task.

Vygotsky and Internet Grooming …

29

Previous research indicates that children are increasingly using alternative devices to access the internet (Ofcom 2011; Green et al. 2011; Olafsson et al. 2013; Bryce and Fraser 2013; Macheroni and Olafsson 2014; Hannigan 2014 unpub). When on the internet, Children participate in risky behaviour, such as, providing personal information and arranging to meet with strangers (Livingstone and Haddon 2009; Livingstone et al. 2011a, b, 2012; Notten and Nikken 2016). Findings from previous research (Hannigan 2014, unpub) highlighted that children and young people would like to be protected from dangerous adults when using the internet and believed that they should be protected; they were already interested in the task. Current internet safety lessons, however, were classed as being dull and boring and containing content they believed to be of no benefit to them. Targeting children at a younger age and making lessons age appropriate by ensuring the content is not only relevant, important and understandable, but also engaging, interesting and enjoyable to the target age group will help maintain their interest. Listening to and inviting children and young people to participate in the development of internet safety lessons will also encourage their interest in the task. Implementing more informative (for example, details of the behaviour used by potential child sex abusers) and relevant lessons to children (explain the methods that can be used to engage with children and how to avoid or report them) will allow children to feel more confident accessing the internet, as they will be aware of the risks and the consequences associated with these risks and how to avoid and report any incidents. This can reduce the curiosity of children and young people (as they now know about the risks) which, in turn, can reduce the likelihood of them accepting potential child sex abusers as friends on their social networking sites and engaging in communications with them; reducing the effectiveness and success rate of online child sex offender, such as, hyper-confident and, to a lesser extent, hyper-cautious groomers.

30

1.2

K. Hannigan

Simplify the Task by Reducing the Number of Possible Actions that the Child Could Carry Out

This feature is evident with offenders who do most of the ‘communication work’ when grooming a potential child victim (setting up, maintaining and securing the chat/communications), leaving the child with very little to do. Child sex abusers can set up and create password protected private domains. This is where they will store all their pornographic images, security instruction, communication information plus any other relevant material. This simplifies the task for the potential child victim as all they are required to do is enter a password. Offenders can also provide children with additional ‘tools’ which can be used to facilitate the grooming process, for example providing them with a mobile telephone to help keep the communications secret (secure/safe). As children grow older their social world expands and they can become influenced by the activities and beliefs of their peers. This causes conflict between parent’s and teacher’s value systems and those of their peers (Sasson and Mesch 2014). Should they encounter a difficult situation online, they may become conflicted on who to turn to for support. Whilst there are a number of websites available for children to report incidents, they can be complicated and the report button is not always visible on the main page (some websites are easier than others), making it difficult for children to navigate. By making the report button more pronounced and easier to access, the task would be less challenging, and children will be more likely to use the function. Developing internet safety material containing scenarios for children to work through in the presence of an adult or able person will help simplify the options available to children and allow them to work through the scenario with the help should they need it. This will allow children to come to their own understanding and realisation of the safest option (potentially dangerous options can be explained to them as they progress). Taking this approach can help children feel more empowered and confident when using the internet. It will also allow them to develop a clearer understanding of what they need do to report an incident. As the child progresses, reporting incidents could become standard practice,

Vygotsky and Internet Grooming …

31

rather than underreporting as a result of confusion and uncertainty about what they should do. Highlighting the dangers of the internet without explaining them, only adds to a child’s curiosity. Ensuring children are aware of and have the skills to set up protective measures on their devices (including mobile telephones, games consoles and tablets) as well as the websites they visit (including privacy settings on social media sites), can decrease the likelihood of children communicating with strangers, accepting gifts such as mobile telephones and accessing inappropriate websites. For this to be successful, however, any protective measure must be financially accessible (such as anti-virus software) and easy to use and understand (keeping the task simple and straightforward). This can decrease the success rate of online child sex offenders by limiting the number of potential child victims who will accept help, support or gifts from offenders who are attempting to simplify the grooming process for the child.

1.3

Keeping the Child in Pursuit of a Particular Objective

To keep a child in pursuit of a task, online child sex offenders can attempt to normalise the situation, make promises or threaten the child. When grooming a child, offenders can show them pornographic images of a variety of other children, normalising the situation and maintaining their interest in the communications (task); by reducing or eliminating any concerns a child may have. They may promise potential child victims gifts, such as, modelling contracts or the latest video game (or console). Alternatively, they can maintain a child’s interest in the task using threats, such as, threatening to tell the parents about the child’s online communications (making them believe that it is all their fault), making a child believe they will be taken away from their family (if they find out about the communications), requesting a photograph from the child (which they can then use against the child at a later time), or, threatening harm to the child’s close family members (parents, siblings). In terms of protecting and educating children, ensuring that internet safety lessons and information sources are fun and rewarding, will give

32

K. Hannigan

them something to aim for, keeping them in pursuit of the task: developing age appropriate rewards for each stage of internet safety lessons, such as certificates, extra time online and participation in the development of future lessons. In addition, if children are positively rewarded for completing internet safety lessons, they are more likely to keep in pursuit of the task than they would be if no reward was offered (eliminating boring lessons can also be seen as rewarding). If children are provided with a more detailed understanding of the risks of dangerous adults and the behaviour used by online sex offenders, as suggested in the first stage of the scaffolding process, and, if internet safety lessons are developed to be more engaging and rewarding, many of the tactics used by offenders can become less effective. As highlighted previously, making report buttons and procedures clearer may increase the likelihood of a child reporting (instantly) any threats or images of child pornography they receive or are exposed to. If it is explained to children why they should never receive gifts or accept promises of gifts from online strangers (the same way they would not accept a sweet from a stranger in the street), could decrease the effectiveness of some of the methods used by online child sex offenders. Internet safety advice (whether through education, social media sites or through online sites such as CEOP or Childnet International) needs to clearly highlight to children that it is essential that they report any threats they receive during their online communications. This can be achieved by telling a responsible adult, using online reporting website or with the support of more knowledgeable peers. In addition, it should also be made clear to children that there will be no repercussions for their actions: they will not be held responsible for what happened (minimising the effectiveness of threats offenders use when grooming children).

1.4

Marking the Critical Features of the Task

Online chid sex offenders offer continued praise towards potential child victims by showering them with loving and affectionate comments and letting them know how well they are doing and how much they appreciate receiving communications from the child. Critical features, or

Vygotsky and Internet Grooming …

33

progressing through a stage, can be achieved by offenders who may tell a child a ‘secret’ about themselves (emphasising that it is a special secret that no-one else knows). By sharing a secret, the abuser can further deepen the trust between themselves and the child victim, making the child feel as though they are ‘special’ and important. An offender can also mark critical features or progress by sending the child a gift, such as a mobile telephone; increasing the privacy and security of communications whilst, at the same time, rewarding the child and drawing them in deeper (by providing further tools for them to progress with). This stage of the scaffolding process can be linked to the previous stage, in terms of providing rewards for children as they develop their internet safety skills and complete key stages. Children can also be rewarded by demonstrating at the end of lessons that they are now responsible users of the internet. This could be achieved by allowing older children to become ‘internet advisors’ for supporting younger children who are just beginning their internet safety lessons, or, allowing older children to run the internet safety lessons for younger children. If age appropriate lessons contained certificates at the end of each stage (completion award), this not only rewards critical features of a task, it also encourages pursuit of the task. Outside of education, in the home environment, critical features can still be rewarded. Children could be allowed to play a game they were previously prevented from playing, or, they may (depending on the age) be allowed to set up their first social network account. If children are rewarded for being safe when using the internet, they are more likely to continue this behaviour and less likely to look for praise and reward elsewhere (online strangers). This, in turn, will decrease the success rate of offenders who use praise and gifts to groom children.

1.5

Controlling the Child’s Frustration During Problem Solving

To alleviate a child’s frustration when navigating a difficult or uncomfortable situation, online child sex offenders can take a number of steps.

34

K. Hannigan

They can take full control of the communications using remote access (accessing a device from a remote location); they may also provide potential child victims with information or ‘stories’ of other children who have went through the same process the child victim is currently going through or, they may regress back to an earlier stage in the communications (reducing the child’s frustration). Alternatively, offenders may bring in a previous child victim to help aide the situation and communications, helping the child victim successfully ‘complete/achieve’ each stage of grooming process. Ensuring that any internet safety lessons are age appropriate and take place at a time relevant to children (ICT classes at school, or, when they are using the computer at home) and take place regularly, will minimise any difficulties a child may experience. Having an adult or peer readily available to work through any difficulties a child may be having will not only help the child deal with the current situation, it will also provide them with the knowledge and confidence they need to deal with the situation (should it arise again when they are on their own). Regular internet safety lessons also allow children to re-assess their knowledge and provide them with the opportunity for further guidance and demonstrations for any aspect they did not fully grasp during the previous lesson or did not feel confident about. Helping children work through any difficulties they have in relation to the online environment can, potentially, increase their confidence in their own abilities to stay safe online, therefore further empowering them. This could reduce or eliminate a potential child victim’s dependency on the offender to take control of the communications and its direction, and, increase the likelihood of the child reporting the incidence. This could, potentially, make it very difficult for an offender to engage with and maintain communications with children.

Vygotsky and Internet Grooming …

1.6

35

Demonstrating Solutions to the Child or Explaining the Solutions that the Child Has Partially Completed

This is the final stage of the scaffolding process which an online child sex offender can achieve in numerous ways. In order to ensure any communications between an offender and child victim remain secure, offenders can explain to a child how to keep their communications hidden, safe and secure by providing solutions and demonstrations. This can be achieved by supplying the child with information on appropriate security measures and demonstrating how to implement them. Offenders can also gain remote access to a child’s device in order to install encryption packages and additional security features. This is, however, risky behaviour for the offender as it increases their likelihood of getting caught and will therefore be determined by the motivation of the offender. Once the offender is confident that security measures are in place (their security), they may continue to ‘help’ the child victim by providing them with a mobile telephone and instructions on how to keep the device safe and hidden. This, in turn, can advance the progress of the communications to a secret face-to-face meeting, where the offender will further praise the child for ‘successfully’ reaching this stage. This last stage of the scaffolding process, like previous stages, can be linked to the education and empowerment of children. The children and young people involved in previous research (Hannigan 2014, unpub), highlighted that informing them of places they cannot go to, or telling them a certain website is banned at school, was not enough. They would like an explanation of why they are banned or why they should not use them. Telling children how to behave, without telling why leads to frustration and curiosity; which can lead to children accessing the website outside of school, to see why they were not permitted to use it. Children need a more detailed discussion around the risks they face if they access these sites and how they successfully negotiate any difficulties they may unintentionally find themselves in. If children are made aware of the risks associated with the internet and how to resolve any difficulties they may encounter, they will be less likely to seek advice or information elsewhere. They are also less

36

K. Hannigan

likely to be curious and access the sites to ‘see what the fuss was about’. Knowing what the dangers are, how to avoid them, and, how to successfully navigate any potential difficulties they may find themselves in, will make them less likely to agree to install any security implementations suggested to them by online strangers. Being aware of the risks also highlights the importance of recording communications and keeping a record of or regularly reviewing their online contacts. Again, it comes back to empowerment, if children are confident at keeping themselves safe online, it can make it very difficult for online child sex abusers to ensure that their communications are kept secret and their chances of being disclosed and detected are minimal. In addition, empowering children with the knowledge they need to remain safe on the internet may reduce the number of children who go on to arrange face-to-face meetings with individuals they have never met before or do not know of in the offline environment.

2

Discussion

The nature of the internet, and the rapid speed at which technology has and continues to advance, leaves criminal justice systems and researcher in this area playing a permanent game of catch-up. Davidson and Gottschalk (2011), highlighted that adults do not know enough about children’s behaviour on the internet (the norms that they work with). As a result, it is difficult to develop any effective and meaningful educational material that will help empower children and keep them safe online. This may be because, previously, the majority of research data which was used to inform policies and procedures in relation to child sex abuse, came from studies of convicted offenders who were undergoing treatment programmes. In order to tackle internet grooming by child sex offenders, much more focus needs to be placed on children and young people’s online behaviour (Davidson and Gottschalk 2011). Children do not perceive risks in the same way as adults, and express a diverse range of potential risks, such as, viruses, gambling and spam. The conditions of their distress can therefore vary depending on the situation they are exposed to (Livingstone et al. 2014; Hannigan 2014 unpub).

Vygotsky and Internet Grooming …

37

The changing nature of the internet does not allow for ‘internet crimes’ to be the sole responsibility of a single entity. It requires a collaboration between criminal justice systems, governments, service providers and the users themselves. According to Wolak, Finkelhor, and Mitchell (2013), there needs to be in place a research agenda which allows evidence based education and preventative programmes to be developed. These should be focused on internet safety for children and should be flexible in order to evolve as technology evolves (Wolak et al. 2008; Wolak and Finkelhor 2013). Something that can be achieved if ZPD and Scaffolding was used as the basis for developing internet safety policies, educational materials and websites. According to Ost (2009), the construction of childhood is based on ‘unrealistic, dangerous ideal of purity and innocence and sexualized by the taboo we have placed upon their naked bodies’ (p. 246). She argued that society must abandon innocence as the dominant construct of childhood; the focus needs to move from the vulnerability and innocence of children to the empowerment of children. Children, according to Ost, need to be listened to so that they may inform adults on how childhood should be perceived and understood in the context of a technological environment. Involving older, more knowledgeable, children and young people in the development and teaching of internet safety lessons at school can help increase their empowerment.

3

Conclusion

The process of ZPD and scaffolding helps understand online child sex offenders behaviour and children’s behaviour online. This, in turn, provides an insight into how we can better educate children and, potentially, render a number of the approaches taken by offenders ineffective and unsuccessful. If we hope to empower children so that they may keep themselves safe when using the internet and safely navigate any risks or uncomfortable situations they face, we must communicate with children and young people when developing policy, legislation, research and educational materials.

38

K. Hannigan

Addressing all stages of ZPD and scaffolding, from the offenders and children’s perspective, could dramatically reduce the number of children who turn to strangers (potential child sex abusers) for help and advice when using internet communication devices. Taking a holistic approach could, potentially, lead to a significant decrease in occurrences of child sex abuse by rendering several approaches taken by child sex abusers ineffective and unsuccessful and reducing the number of potential child victims (the more they become empowered, the less vulnerable they become).

References Beech, A., Elliott, I., Birgden, A., & Findlater, D. (2008). The Internet and Child Sexual Offending: A Criminological Review. Aggression and Violent Behaviour, 13, 216–228. Berryman, J., Smythe, P., Taylor, A., Lamont, A., & Joiner, R. (2002). Developmental Psychology and You (2nd ed.). Oxford: The British Psychological Society and Blackwell Publishers Limited. Bryce, J., & Fraser, J. (2013). The Role of Disclosure of Personal Information in the Evaluation of Risk and Trust in Young People’s Online Interactions. Computers in Human Behaviour, 30, 299–306. Calder, M. (2004). Child Sexual Abuse and the Internet: Tackling the New Frontier. Dorset: Russell House Publishing Limited. Child Exploitation and Online Protection Centre. Available https://www.ceop. police.uk/safety-centre/. Accessed 18 May 2013. Childnet International. Available http://www.childnet.com/. Accessed 18 May 2013. Davidson, J., & Gottschalk, P. (2011). Internet Child Abuse: Current Research and Policy. Oxon: Routledge. Green, L., Brady, D., Olafsson, K., Hartley, J., & Lumby, C. (2011). Risks and Safety for Australian Children on the Internet. CCI Arc Centre of Excellence for Creative Industries and Innovation. Available https://www.ecu.edu.au/__ data/assets/pdf_file/0009/294813/U-Kids-Online-Survey.pdf. Accessed 30 June 2014.

Vygotsky and Internet Grooming …

39

Hannigan, K. (2014, unpub). Protection and Security in a Technologically Advanced Society: Children and Young People’s Perspectives [Online]. Available from https://dspace.stir.ac.uk/handle/1893/21562#.WL1KwnqSLkk [6 March 2017]. Li, X., & Atkins, M. (2004). Early Childhood Computer Experience and Cognitive and Motor Development. Pediatrics, 113(6), 1715–1722. Livingstone, S., & Haddon, L. (2009). EU Kids Online: Final Report. LSE, London: EU Kids Online. (EC Safer Internet Plus Programme Deliverable D6.5). Livingstone, S., Haddon, L., & Gorzig, A. (2012). Children, Risk and Safety on the Internet: Research and Policy Challenges in Comparative Perspective. Bristol: The Polity Press. Livingstone, S., Haddon, L., Görzig, A., & Ólafsson, K. (2011a). Risks and Safety on the Internet: The Perspective of European Children. Full Findings. LSE, London: EU Kids Online. Livingstone, S., Haddon, L., Görzig, A., & Ólafsson, K. (2011b). Risks and Safety on the Internet: The UK Report. LSE, London: EU Kids Online. Livingstone, S., Kirwil, L., Ponte, C., & Staksrud, E. (2014). In Their Own Words: What Bothers Children Online? European Journal of Communication, 29 (3), 271–288. Martellozzo, E. (2012). Online Child Sexual Abuse: Grooming, Policing and Child Protection in a Multi-Media World . Oxon: Routledge. Mascheroni, G., & Ólafsson, K. (2014). Net Children Go Mobile: Risks and Opportunities (2nd ed.). Milano: Educatt. Notten, N., & Nikken, P. (2016). Boys and Girls Taking Risks Online: A Gendered Perspective on Social Context and Adolescents’ Risky Online Behaviour. New Media & Society, 18(6), 966–988. O’Connell, R. (2004). From Fixed to Mobile Internet: The Morphing of Criminal Activity Online. In M. Calder (Ed.), Child Sexual Abuse and the Internet: Tackling the New Frontier. Dorset: Russell House Publishing Limited. O’Connell, R. (2010). A Typology of Child Cybersexploitation and Online Grooming Practices. Cyberspace Research Unit. Available http://www.netsafe. org.nz/Doc_Library/racheloconnell1.pdf. Accessed 11 November 2010. Ofcom. (2011). UK Children’s Media Literacy. Available http://stakeholders. ofcom.org.uk/binaries/research/media-literacy/media-lit11/childrens.pdf. Accessed 14 March 2012. Ólafsson, K., Livingstone, S., & Haddon, L. (2013). Children’s Use of Online Technologies in Europe. A Review of the European Evidence Base. LSE, London: EU Kids Online.

40

K. Hannigan

Ost, S. (2009). Child Pornography and Sexual Grooming: Legal and Societal Responses. Cambridge: Cambridge University Press. Powell, A. (2007). Paedophiles, Child Abuse and the Internet: A Practical Guide to Identification, Action and Prevention. Oxon: Radcliffe Publishing Limited. Quayle, E. (2004). The Impact of Viewing on Offender Behaviour. In M. Calder (Ed.), Child Sexual Abuse and the Internet: Tackling the New Frontier. Dorset: Russell House Publishing Limited. Quayle, E., & Taylor, M. (2003). Model of Problematic Internet Use in People with a Sexual Interest in Children. CyberPsychology, 6 (1), 93–106. Rogoff, B., & Morelli, G. (1998). Perspectives on Children’s Development from Cultural Psychology. In D. Messer & J. Dockrell (Eds.), Developmental Psychology – A Reader. London: Arnold. Sasson, H., & Mesch, G. (2014). Parental Mediation, Peer Norms and Risky Online Behaviour Among Adolescents. Computers in Human Behaviour, 33, 32–38. Sullivan, R., & Beech, A. (2004). Assessing Internet Sex Offenders. In M. Calder (Ed.), Child Sexual Abuse and the Internet: Tackling the New Frontier. Dorset: Russell House Publishing Limited. Vygotsky, L. S. (1978). Mind in Society: The Development of Higher Psychological Processes. London: Harvard University Press. Wolak, J., & Finkelhor, D. (2013). Are Crimes by Online Predators Different From Crimes by Sex Offenders Who Know Youth In-Person? Journal of Adolescent Health, 53(6), 736–741. Wolak, J., Finkelhor, D., Mitchell, K., & Ybarra, M. (2008). Online “Predators” and Their Victims: Myths, Realities and Implications for Prevention and Treatment. American Psychologist, 63, 111–128. Wood, D., Bruner, J., & Ross, G. (1976). The Role of Tutoring in Problem Solving. Journal of Child Psychology and Psychiatry, 17, 89–100. Wood, D., & Wood, D. (1998). Vygotsky, Tutoring and Learning. In D. Messer & J. Dockrell (Eds.), Developmental Psychology – A Reader. London: Arnold.

The Criminalisation of Tools Under the Computer Misuse Act 1990. The Need to Rethink Cybercrime Offences to Effectively Protect Legitimate Activities and Deter Cybercriminals Audrey Guinchard

1

Introduction

In its Police and Justice Bill of January 2006, the Government proposed to add to the Computer Misuse Act 1990 (CMA) a section 3A to criminalise the creation, distribution and obtention of ‘articles’ used to commit or assist the commission of CMA offences such as hacking. The chosen structure of the offence, notably its wide mens rea, attracted a number of criticisms (Sommer 2006),1 to no avail: the proposed offence became law in November 2006.2 Fourteen years on, s3A CMA is, this chapter argues, more problematic than anticipated. Established to support the fight against cybercrime, 1 For

the details of the Parliamentary debates with reference, see Fafinski (2008: 61–65). Britain. Police and Justice Act 2006, c.48, s35. London: The Stationery Office for the legislation/statute.

2 Great

A. Guinchard (B) School of Law, University of Essex, Colchester, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_3

41

42

A. Guinchard

the offence has not only the paradoxical effect of endangering legitimate security research, as foreseen in 2006, but has also become a threat to established newsgathering practices. Its broad structure, combined with the vagueness of the other CMA offences, and the absence of public interest defences, criminalises the very tools which facilitate the work of, respectively, security researchers, and whistle-blowers and journalists-, leaving these actors exposed to criminal liability. To reinstate a balance between the necessity to curb criminal activities and the need to protect legitimate actors for their contribution to narrowing the security gap and exposing problematic behaviours, this chapter proposes some immediate reforms: to restrict the scope of the s3A CMA both in its actus reus and mens rea; and to create public interest defences to s1 CMA. As importantly, this chapter also calls for a more informed approach to criminalisation when new technologies are implicated. The creation of s3A CMA is part of a more general pattern of systematically extending the scope of the original CMA in the name of the fight against cybercrime, with the legislator forsaking the principles of criminalisation without a clear understanding of the resulting negative impacts on its stated objective and on its international engagements. To take the full measure of the problems, this chapter will start presenting how s3A CMA criminalises dual-use hacking tools and affects security research, before explaining how the unwitting criminalisation of obfuscating tools impacts on newsgathering practices. It will then discuss ways forward, outlining possible avenues of reform for the CMA, but also calling for a better approach to criminal policy regarding cybercrimes.

2

The Foreseen Criminalisation of Dual-Use Hacking Tools Under s3A CMA

Distinguishing dual-use hacking tools according to their criminal and legitimate uses is an impossible task. It is because of their very specific

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

43

nature that the Convention on Cybercrime n.185 (Convention) established safeguards in Article 6 to avoid their criminalisation, but the UK, when it created s3A CMA a few years later, did not implement any of them. The conscious choice to criminalise dual-use hacking tools was not questioned when the Directive 2013/40/EU was implemented in 2015.

2.1

The Dual Nature of Hacking Tools

Some tools, such as viruses, worms, Trojan horses or botnets, are ‘offenceonly’ (Denning 2000: 47), created or adapted with the primary, if not the exclusive, objective to commit computer misuse offences and/or other offences such as fraud (Katos and Furnell 2008: 11–13). Identifying these harmful tools is not an issue. Other hacking tools are however dualuse, prized by system administrators and security researchers, as well as by criminals. ‘Distinguishing the good [dual-use hacking tools] from the bad can […] be controversial’ (Denning 2000: 48). They are in practice ‘indistinguishable from utilities that are essential for the maintenance and security of computers and networks’ (Sommer 2006: 70). Their origin does not necessarily vouch for their legitimacy. Some hacking tools have been developed ‘out of activities by “black hat” software developers’, then either used without modifications by the security industry, or integrated into a programme security researchers develop to improve defence strategies (Furnell and Papadaki 2008: 9; Broucek and Turner 2013: 30). Conversely, a tool apparently as innocuous as the Google search engine can be turned into a powerful means to find vulnerabilities and personal data which should have remained undisclosed (Billig et al. 2008). Regulating distribution and use through for example licencing may seem a sensible avenue, but beside the sheer difficulties in implementing a world-wide licencing scheme (Denning 2000; Pyetranker 2015), the general consensus within the security industry tends to be that the tools need to be openly and freely available (Hafiz and Fang 2016; Silic 2013: 393). A good security researcher cannot defend an information system without understanding and thus accessing the latest technology available to the black hats. Criminalising these dual-use hacking tools thus runs the risk of impairing their creation, development and use by legitimate

44

A. Guinchard

security researchers and administrators. How to draw the line is critical to support security research and close the doors to criminal activities (Clough 2015: 135).

2.2

To Criminalise or not to Criminalise? The Contrasting Position of s3A CMA with that of Article 6 of the Convention on Cybercrime n.185

When the Computer Misuse Act was enacted in 1990, the specific criminalisation of the creation and distribution of hacking tools, including malwares, was not on the agenda in the UK and to a large extent, internationally. The offences of unauthorised access (s1 CMA) and unauthorised act with intent to impair or damage a computer system (s3 CMA) were perceived as sufficient to tackle the nascent black markets in passwords, malwares and tools (OECD 1986: 63). By the time the Council of Europe started its discussion in 1997 on the draft Convention on cybercrime, the cybercrime scene has dramatically evolved. Black markets in malwares, passwords and hacking as a service, have developed, so much so that their specific criminalisation was considered as a necessity to curb the rise of cybercrimes, before damage to information systems could be inflicted. Article 6 Convention was drafted to this effect, but the feedback from the security industry was not overly positive. A particular concern in Europe and in the US was the potential criminalisation of the dual-use hacking tools essential to the work of the security industry in securing information systems. A series of amendments over several drafts led to the final version of Article 6 which incorporated four safeguards to protect the security industry from the criminal law. Firstly, the definition of the tools as devices ‘designed or adapted primarily for the purpose of committing’ a computer-related offence would ‘alone […] usually exclude dual-use devices’ from the scope of the Article 6 offence (Explanatory Report). However, the definition may not be enough to protect their legitimate users, especially when the tools originate from the black hat community. Hence, the second requirement of a ‘specific (i.e. direct) intent that the device is used for

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

45

the purpose of committing an offence’. It should ‘avoid the danger of over-criminalisation where devices are produced and put on the market for legitimate purposes, e.g. to counter-attack against computer systems’ (Explanatory Report, para 76). Thirdly, the Council of Europe added the expression ‘without right’, so excluding ‘those tools created for the authorised testing or protection of a computer system’. Finally, to dispel the doubts of the security industry, Article 6(2) Convention established that the courts’ general interpretation should be in favour of security researchers who should be presumed to have been authorised and to have acted legitimately. This drafting of the offence must be understood within the context of security research and how security practices relate to the offence of unauthorised access under Article 2 Convention. It could be argued that, to remain legitimate, security research should exclude illegal activities, such as intentionally accessing information systems without authorisation; but security research does not lend itself to an easy distinction between authorised and unauthorised activities, especially access (Guinchard 2018). The problems lie in the difficulties in pinpointing who gives to security researchers an authorisation, what an authorisation is, and what access means. The lack of clarity in the law creates a grey area full of uncertainties for security researchers (ENISA, 2015, 2018; Maurushat 2013; Guinchard 2018). In the process of finding vulnerabilities, they may access without explicit or implicit authorisation of the system owners. Their motives are honourable: finding security gaps to fix them; but motives in the criminal law do not form part of the mens rea. As long as their aim and purpose is to access in the knowledge that authorisation may not exist, they would have the required intention to commit unauthorised access. The drafters of the Convention were mainly aware of these issues and the Explanatory Report’s wording on ‘authorisation’ reflects ‘the insight that the conduct described is not always punishable per se, but may be legal or justified not only in cases where classical legal defences are applicable, like consent, self defence or necessity, but where other principles or interests lead to the exclusion of criminal liability. […]’. Viewed in light of this definition of ‘authorisation’, Article 6(2) Convention can be interpreted as a strong injunction for the courts to presume that security researchers have

46

A. Guinchard

not committed unauthorised access (Article 2 Convention) and have not used dual-use hacking tools for that purpose (Article 6 Convention). Although the Convention would not be binding until its ratification five years later in 2011, the UK Government presented section 3A CMA to be necessary for the UK to comply with Article 6 Convention (Explanatory Notes 2006, para 303). Yet, from the outset, the UK offence substantially departs from the text of Article 6, bringing questions as to whether the much broader scope of s3A CMA complies with the spirit of Article 6 Convention. The differences centre on four elements. Firstly, s3A CMA refers to an ‘article’, which section 3A(4) CMA defines as ‘any program or data held in electronic form’ without any restriction to programmes ‘designed or adapted primarily for the purpose of committing’ a CMA offence. Dual-use hacking tools are thus within the scope of the offence instead of being excluded as in Article 6 Convention. Secondly, the UK does not always adopt the high standard of a specific and direct intent that the tool will be used for committing computer misuse offences. For supplying and offering a tool, the specific intention of s3A(1) CMA can give way to the alternative lower standard of ‘belief that [the article] is likely’ under s3A(2) CMA. The problem, as pointed out during the House of Lords’ debate, ‘is not a case of whether system administrators believe that such tools are “likely” to be used in the commission of an offence; they know full well that they will be—and, indeed, already are’. (Hansard) Therefore, security researchers and system administrators who distribute dual-use hacking tools, for example by maintaining a legitimate website to use the tools, have the required mens rea to commit the offence of s3A(2) CMA. Finally, s3A makes no mention of the concept of authorisation and of an interpretative rule as in Article 6(2) Convention. The absence of these four elements intended as safeguards by the drafters of the Convention significantly increases the possibilities for security researchers to be liable for s3A CMA. To compound the problem, security researchers in the UK face a higher threat of prosecution for unauthorised access under s1 CMA. The conduct includes any preparatory act towards securing access, whereas under Article 2 Convention preparatory conducts would have been excluded from criminal liability. In addition, while s17(5) CMA defines ‘authorisation’, it

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

47

remains in practice ambiguous and certainly makes no references to a defence as in the Explanatory Report of the Convention. Since the definition of intention excludes motives, many in the UK security industry fear they would commit unauthorised access in the course of their legitimate activities (Guinchard 2018; CRLNN Report 2020). The few prosecutions under s1 and s3A CMA that exist reinforce the fear that the overly extended scope of s1 CMA criminalises legitimate activities, with the corollary that the development, obtaining, and distribution of dualuse hacking tools is not a safe activity either (Guinchard 2018). While the spirit of the Convention was to restrict the scope of criminal liability so as to exclude the security industry’s legitimate practices, the legislative choices for s1 CMA and in 2006 for s3A CMA contravene this intended objective, leaving security researchers with a threat of prosecution under both s1 CMA and s3A CMA. To qualm the concerns expressed during the 2006 Parliamentary debates, the CPS guidelines on the Computer Misuse Act set a test for the mens rea under s3A(2) CMA and brought attention to the fact that legitimate security research often involves using the same tools as hackers. They were however criticised for their failure to take into account the reality of security research: the use of free and open-source tools; the fulfilment of the mens rea of ‘belief ’ among security researchers (Clayton 2007). Whether the guidelines, barely modified over the years, have been effective in shielding security researchers from prosecution is difficult to establish. The UK has not changed its approach when implementing the Directive 2013/40/EU.

2.3

A Confirmed Choice Contrasting with that of the Directive 2013/40/EU

When drafting its Directive 2013/40/EU, the EU was concerned with protecting security researchers from criminal liability. To that effect, it adopted for its Article 7 offence the same definitions for the object of crime and the mens rea as in Article 6(1) Convention, with Recital 16 echoing Article 6(2) Convention. It also excluded possession of tools in order to protect security researchers. Law enforcement agencies seemed

48

A. Guinchard

to be satisfied that the language of the Directive provided sufficient safeguards for lawful activities, but security researchers were less confident in their ability to escape prosecution and conviction (ENISA 2013). Consequently, ENISA called for ‘implementing legislation’ to ‘include clear carve-outs of the applicability of the provision’ to security researchers (ENISA 2013, 2015). To align with the Directive, the Serious Crime Act 2015 added to s3A CMA obtaining an article with the intention to use it for criminal purposes, effectively extending the scope of criminal law; but it did not implement the features which the Directive, as the Convention, intended to restrict the scope of criminal liability with. To conclude, the UK Government has presented the introduction of section 3A as a means to comply with the Convention, and its 2015 amendment to comply with the Directive. Yet, the breadth of the current offence seems to contradict these international documents, bringing into their scope defendants who were meant to be specifically excluded. While Member States can go beyond what international texts require, the assumption is for the spirit of the texts to be respected (CRLNN 2020 para 3.59: 58). It is questionable whether the UK has done so. The overly broad scope of s3A CMA has also opened the door for the criminal liability of those resorting to obfuscating tools.

3

The Unwitting Criminalisation of Obfuscating Tools Under s3A CMA

The Internet has not been designed to be secure and private, so any individual leaves a massive digital footprint unless she/he resorts to obfuscating tools to mask the contents and more importantly, the communication data (Rachovitsa 2016; Schuster et al. 2017). Not designed for conducting cyberattacks, these tools are far less ambiguous than dual-use hacking tools and fall automatically outside the scope of the international texts. In contrast, s3A CMA unwittingly criminalises them, significantly impacting on newsgathering practices.

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

3.1

49

The Dual Use of Obfuscating Tools

Two are of particular interest for the purpose of this chapter: Virtual Private Networks (VPNs) and The Onion Router (TOR). VPNs arrived in the mid-nineties, but became mainstream from 2003 onwards (Stieglitz 2006). They hide the IP address; and often encrypt the traffic data. Legitimate uses include being a pre-requisite to access an employer’s intranet away from the workplace, and protecting payment details while shopping online to counteract fraudulent schemes. Criminals can of course use VPNs to obfuscate their trail of illegal activities, but they are often traceable since standard web browsers will keep a log of the connections made under the provided IP address (Kleberg 2015). R v Martin (2013) illustrates the point, since the defendant Martin was traced back despite having used Cyberghost, a common, legitimate VPN, to mask his DDOS attacks of various websites. Created in 1995 and originally funded by the US military and its Naval Research Laboratory, TOR became available around the same time as VPNs in 2003 (Jardine 2015). It encrypts traffic and directs it through several relays or onion routers, thus providing anonymous access to the Internet and the dark web, i.e., the web not indexed by search engines such as Google. While TOR is more secure than a VPN, its last exit node or relay is not encrypted. TOR allows offering services for legitimate activities: radios; a space to discuss sensitive information when living in repressive regimes; a platform such as SecureDrop to receive sensitive information, used by journalists and even law enforcement officers, as acknowledged by the European Parliament in 2017 (Jardine 2015; Romanosky et al. 2015; European Parliament 2017). TOR can of course facilitate criminal activities, such as the infamous Silk Road or botnets services. This has led to questioning the legitimacy of the US Congress’ funding of TOR. In its ensuing report, RAND concluded that stopping TOR in the name of fighting cybercrime would endanger the lives of dissenters, human rights activists, journalists and other legitimate individuals, within various parts of the world (Romanosky et al. 2015). These objectives and functions of obfuscating tools are essential elements to articulate their legal status in the Convention and in the Directive.

50

3.2

A. Guinchard

The Non-criminalisation of Obfuscating Tools in International Law

By restricting programmes to those designed or adapted primarily to commit a computer misuse offence, Article 6 Convention excludes obfuscating tools from its scope. It was unintended, in that at the time of drafting the Convention, in 1999–2000, TOR was not yet available to the public, and VPNs’ use remained circumscribed to very specific circumstances. By the time the EU started discussing the draft Directive, the use of obfuscating tools has become more widespread, but has barely been the focus of the debates before the EU (European Parliament 2011). The EU’s willingness to align the Directive with the Convention has meant that obfuscating tools have been excluded from the scope of Article 7. The contrast with UK law is sharp.

3.3

The Criminalisation of Obfuscating Tools Under UK Law and Its Impact on Newsgathering Practices

Because of the initial choice in 2006 not to restrict ‘programs’ to those primarily designed or adapted for the purpose of committing computer misuse offences, it suffices that obfuscating tools are computer programmes for users to fall within the scope of s3A CMA. This extended scope could be argued to positively contribute to the fight against cybercrime, allowing the prosecution and conviction of cybercriminals as in R v Martin. This criminalisation however has also a negative impact on freedom of expression which has not been quantified in 2006, and was not later questioned. Especially since Snowden’s revelations of mass surveillance, the use of obfuscating tools has become part of a panoply of measures journalists and whistle-blowers are advised to take to safeguard their anonymity online (Van der Vlist 2017; Posetti 2017; Townend and Danbury 2017; Brunton and Nissenbaum 2013). In particular, a number of newspapers organisations, such as the New Yorker, the Intercept, ProPublica and in the UK, the Guardian, provide

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

51

SecureDrop, a software based on TOR, so that whistle-blowers can ‘divulge information that they cannot afford to be traced back to them’ (Ball 2014). Wikileaks also uses the dropbox based on TOR. In 2017, the EU Parliament has recognised the use of obfuscating tools for legitimate newsgathering purposes and has underlined how ‘hidden networks and onion-routing [such as TOR] provide a free space for journalists, political campaigners and human rights defenders in certain countries to avoid detection by repressive state authorities’ (European Parliament 2017). This recommended use of obfuscating tools can fall within the scope of s3A CMA. When whistle-blowers download TOR in order to access SecureDrop to then leak the data, they can commit s3A(3) CMA by obtaining the tool with an intention to commit unauthorised access. Indeed, access under s1 CMA includes access to data, not just to information systems, and includes the copying and downloading of data in a storage place different from the original. Whistle-blowers access data, often copying it and transferring it to a different storage place, for example to SecureDrop. More often than not, they are insiders who were granted original access to the data they wish to leak, but they exceed this authorisation, by using the access for purposes other than those it was initially granted for, i.e., for leaking the data (Allison, 2002). Their access is thus unauthorised. That they are motivated by concerns of public interest to foster debates in a democratic society is indifferent to their intention (aim and purpose) of accessing the data without authorisation, in the same way that security researchers’ motives to secure information systems is indifferent to their mens rea. It is not a coincidence that Snowden, the US whistle-blower of the Five Eyes’ mass surveillance practices, has revealed that he used TOR to contact The Guardian’s journalists Luke Harding and Glenn Greenwald (Lee 2015). His aim and purpose was to leak the data, and TOR, as an obfuscating tool, would facilitate what would be under the UK CMA unauthorised access. Under s3A, this use of TOR is an offence. For journalists, and newsgathering organisations, offering SecureDrop falls within the scope of s3A(1) and (2) CMA. They supply a tool which facilitates the commission of s1 CMA; they intend to do so, in that their aim and purpose is for whistle-blowers to provide information which

52

A. Guinchard

journalists know they are unlikely to have obtained authorisation for; and even if intention is difficult to prove, s3A(2) CMA only requires a belief that it is likely that an offence will be committed. SecureDrop has been created in the belief that it is likely that whistle-blowers will be watched and have no authorisation to leak the data to journalists, and thus that needed the protection of anonymity (Poulsen 2013; CRLNN 2020). In the absence, currently, of a public interest defence for any CMA offence, absence noted in R v Coulson (2013), journalists and whistle-blowers in the UK can thus be liable for s3A CMA, and also for unauthorised access under s1 CMA. The case of Assange illustrates the danger of cybercrime legislations. US prosecutors allege Assange conspired with Manning to commit unauthorised access under the CFAA by trying to crack a password linked to a log-in account which would have hidden Manning’s identity. The behaviours ascribed are notably: ‘tak[ing] measures to conceal Manning as the source of the disclosure […], encourage[ing] Manning to provide information […], us[ing] a special folder on a cloud drop box of Wikileaks to transmit classified records [..]’, and from Manning, the ‘cop[ying of ] a Linux operating system to a CD to allow […unauthorised] access’(US v J P Assange, 2018). It may be contested that Assange was a journalist, but these behaviours are those of a traditional journalist. Copying an operating system into a CD and using TOR for secure cloud computing are two of the many techniques recommended for journalists to protect their sources, and for whistle-blowers to avoid detection (Committee to Protect Journalists 2012; Townend and Danbury 2017; Romanosky et al. 2015). They also correspond to s1 and s3A CMA, and under US law—because its misuse of tools offence is narrower—to aiding and abetting the main defendant. Assange or Manning has no possibility to raise a public interest defence. Therefore, three factors contribute to the criminalisation of legitimate newsgathering practices: the extremely wide scope of s3A CMA and s1 CMA; the integration of obfuscating tools to the recommended panoply of legitimate newsgathering practices; and the lack of a public interest defence for CMA offences. The UK has not formally banned obfuscating tools as some authoritarian regimes have done (Romanosky et al. 2015), but its criminal law has unwittingly the effect of endangering

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

53

standard newsgathering practices without any defence available. It is time to rethink the scope of these cybercrime offences.

4

Remedying the Weaknesses of s3A CMA and Beyond

Different avenues for reform will be sketched, but this section will dwell longer on the root of the problem: an unbalanced approach to the criminalisation of cybercrime activities where immediate law enforcement interests trump the reality of what cybersecurity and the fight against cybercrime entails and what democratic debates require.

4.1

The Need to Reform the Computer Misuse Act 1990

Given this chapter’s space constraints, only a few avenues for reform will be presented, a more extensive demonstration being available at the Criminal Law Reform Now network (CRLNN 2020). For s3A CMA, restricting the tools to those primarily designed to commit a cybercrime offence would automatically de-criminalise obfuscating tools and greatly contribute to the decriminalisation of most dual-use hacking tools. In addition, abolishing the lower mens rea of s3A(2) CMA to tailor s3A exclusively to a specific intention to commit a criminal endeavour would protect security researchers and journalists and whistle-blowers from criminal prosecution. S3A CMA is however only a canary in the coal mine. Restricting its scope will not fully protect these legitimate actors from prosecution under other sections of the CMA. The breadth of s1 CMA brings into its scope behaviours that international law does not require the criminalisation thereof because they are simply preparatory. Restricting the scope of the offence of unauthorised access would reduce the criticisms, but there is also the need to think of providing defences to both security researchers and journalists and whistle-blowers. These defences would not be as innovative as one may fear, at least with regard to UK law. For security

54

A. Guinchard

researchers, s171 Data Protection Act 2018 already provides a defence to accessing personal data without authorisation when security researchers demonstrate the failures in the de-anonymisation capabilities of software. In other words, s171 DPA 2018 is a defence to hacking personal data. For journalists and whistle-blowers, s170(2) Data Protection Act 2018 provides a defence of ‘reasonable belief in the public interest’ to accessing without authorisation personal data, a defence slightly broader in scope than that of the previous DPA 1998. In light of the overlap between s170 DPA 2018 and s1 CMA—which encompasses but is not limited to access to personal data—establishing defences to CMA offences would protect actors who are at risk under the CMA of being criminally liable for behaviours they would be justified to commit under the DPA 2018! Defences to CMA offences would bring greater coherence within the UK criminal law. The comparison with the DPA 2018 (and for journalists with DPA 1998) raises however a question of criminal policy: why the CMA offences have been so broad and without defences?

4.2

Beyond s3A CMA: A Call for a More Balanced Approach to the Criminalisation of Cybercrime Activities

S3A CMA is an inchoate offence which aims to strike before criminals use the tools and damage information systems and/or steal data. In criminal law theory, inchoate offences are conduct crimes, structured restrictively, notably with intention (not recklessness) as mens rea, to avoid the slippery slope of criminalising thought crimes and vesting too much power to investigatory and prosecutorial authorities (Law Commission 2007; Horder 2019: c13). Sentencing is also lower than for result crimes. S3A CMA contradicts this ‘remoteness principle’ with its lower mens rea and its overly broad definition of tools. More importantly, it is not isolated. S1 CMA has from the outset included preparatory acts, while its sentencing instead of being reduced, has been increased in 2006 from one to two years imprisonment. The s3 CMA offence of modifying a computer system has been extended in 2006 into a conduct crime (any

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

55

unauthorised act), with an additional lower mens rea, that of recklessness, and an increased (not reduced) sentence of ten years. The 2015 reform added s3ZA as a conduct crime with a fault element that does not have to be intention, so that creating a risk to a national security interest of the UK or of a foreign country can be commit with recklessness, without a result, and trigger between a fourteen years to a life imprisonment sentence when critical infrastructures are at stake! In fact, the CMA is emblematic of a more worrying trend in UK criminal law, that of not approaching ‘any reform of inchoate liability’ with ‘special care’ in order to avoid ‘over-extend[ing] the scope of the criminal law’ (Law Commission 2007, para 1.6). The reasons given by the UK Government for this pattern of criminalisation are utterly unconvincing. In its 2006 and 2015 reforms of the CMA, it put forward its international obligations, with regard, respectively, to the Convention and to the Directive 2013/40/EU; but for s3A CMA, this chapter has demonstrated how the international texts, in letter and spirit, clearly contradict the Government’s affirmation that the scope of the criminal law needed to be overly broad. The seriousness of the cybercrime activities is also invoked, but the controversy still surrounding the criminalisation of unauthorised access betrays doubts as to the suitability of criminal law for perceived civil wrongs (CRLNN 2020). It is as if the word ‘cybercrime’ and ‘hacking’ conjure up images of hoodie hackers hiding behind their keyboards, with legislators ignoring the realities of the fight against cybercrime. Cybercrime offences stem, first and foremost, from the insecurity of information systems and networks. If it were not for the thousands of vulnerabilities affecting computer systems and networks and accumulating over the years, the possibilities for criminals to conduct cyber attacks would be greatly reduced. In other words, the prevention of cybercrime primarily requires supporting the private sector in its capacity to close the security gap. This in turn requires that the criminal law stops constituting a threat to security researchers finding vulnerabilities, as s3A and s1 CMA currently do. Viewed in light of these realities, the overly broad scope of the CMA reflects an unsustainable criminal policy. It is particularly true for s3A CMA: why criminalising dual-use hacking tools if the security industry cannot close the security gap without these tools?

56

A. Guinchard

It is no more logical than to criminalise the creation and supply of cars because criminals use them to conduct their criminal activities. To be fair to the UK Government, neither the Council of Europe nor the European Union have fully anticipated how the cybercrime legislations and their criminalisation of unauthorised access affect the supporting role of the security industry in the fight against cybercrime, and none of the international texts provide defences either. For the Convention, this may well due to the nascent state of security research in 1999–2000. Vulnerability markets emerged around mid-2000s, and it took time for academics to establish their features and to evidence their necessity in securing information systems and networks. By the time the Directive was drafted though, the role of the private sector in combatting cybercrime has become well understood (Guinchard 2020). At UK level, it became part of the UK Government’s National Cybersecurity Strategy in 2016 and that of its Serious and Organised Crime Strategy in 2018. Yet, the CMA remains unfit for purpose (CRLNN 2020: 16, 40). Properly engaging with the security industry, not seeing them as solely defending their economic interests in securing information systems, would be more beneficial, in the short and long terms, to the fight against cybercrime than the chosen path of over-criminalisation. With regard to journalists and whistle-blowers, in addition to s3A CMA, s1 CMA remains problematic, significantly broader in scope than its data protection counterpart, but paradoxically without attracting a public interest defence. It could therefore be argued that the CMA creates a disproportionate interference with Article 10 ECHR and Article 11 Charter. There is a certain irony that during the 1990 debates to the future CMA, MP Cohen argued for a defence to s1 CMA, citing as a justificatory example the Goodwin case for which the UK would be found in violation of Article 10 ECHR a few years later (CRLNN 2020). Thirty years on, in view of the recent high-profile data leaks at the origins of a number of newspapers’ investigations (Wikileaks, The Panama Leaks, LuxLeaks; Trump Leaks), rethinking cybercrime offences with regard to their impact on journalistic work is more pressing than ever. The current prosecutions in the US of Assange and in Brazil, of UK journalist Greenwald, for assisting cybercrimes, are a reminder that journalists working with whistle-blowers on sensitive news topics are not

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

57

immune from the scope of cybercrime offences and will benefit from a defence in the public interest (Safi 2020). The UK is not an exception here. The Council of Europe’s Convention on cybercrime has always suffered from criticisms of giving too much power to governments and law enforcement authorities to the detriment of human rights’ protection (Cyber-Rights 2003). The drafting of the protocol on transborder access to data has reinitiated concerns that human rights protections remain inadequate (EDRi 2018, 2019). It is time to look at cybercrime legislations more holistically: to reflect on the articulation with other legislations on data; and to engage with human rights organisations and civil society. The UK could lead the way here, using Brexit as a way to foster international cooperation to deal with the significant negative side-effects of cybercrime legislations.

5

Conclusion

This chapter outlined the patterns of criminalisation the UK adopted for the misuse of tools, demonstrating how security researchers, journalists, whistle-blowers, human rights campaigners, may fall fool of s3A CMA because of their use of either dual-use hacking tools or of obfuscating tools. Too broad in scope, with a mens rea not limited to intention, the offence violates the spirit of the Cybercrime Convention and of the Directive 2013/40/EU. But s3A CMA is only one element of the problem. It embodies a more general approach to over-criminalise cybercrime activities. Ultimately this pattern harms the fight against cybercrime and crime, defeating the very objective of deterrence cybercrime offences harbour. It is time, not just for reforming the CMA and in particular s3ACMA, but also for the legislator, both in the UK and at international level, to properly engage with the security industry and civil society.

58

A. Guinchard

References Ball, J. (2014, June 5). Guardian Launches SecureDrop System for Whistleblowers to Share Files, The Guardian [Online]. Available from: https://www.theguardian.com/technology/2014/jun/05/guardian-lau nches-securedrop-whistleblowers-documents. Billig, J., Danilchenko, Y., & Frank, C. E. (2008, September). Evaluation of Google Hacking. In Proceedings of the 5th Annual Conference on Information Security Curriculum Development (pp. 27–32). Broucek, V., & Turner, P. (2013). Technical, Legal and Ethical Dilemmas: Distinguishing Risks Arising from Malware and Cyber-attack Tools in the ‘Cloud’—A Forensic Computing Perspective. Journal of Computer Virology and Hacking Techniques, 9 (1), 27–33. Brunton, F., & Nissenbaum, H. (2013). Political and Ethical Perspectives on Data Obfuscation. In Privacy, Due Process and the Computational Turn: The Philosophy of Law Meets the Philosophy of Technology (pp. 164–188). Clayton, R. (2007, December 31). Hacking Tool Guidance Finally Appears. Blog. https://www.lightbluetouchpaper.org/2007/12/31/hackingtool-guidance-finally-appears/. Accessed 27 November 2017. Clough, J. (2015). Principles of Cybercrime. Cambridge University Press. Committee to Protect Journalists. (2012). CPJ Journalist Security Guide: Covering the News in a Dangerous and Changing World . Available at https:// cpj.org/security/guide.pdf. CRLNN, Criminal Law Reform Now Network. 2020. Reforming the Computer Misuse Act. Available at http://www.clrnn.co.uk/. Council of Europe. Explanatory Report to the Convention on Cybercrime. Available at https://www.coe.int/en/web/conventions/full-list/-/conventions/ treaty/185. Cyber-Rights. (2003). An advocacy Handbook for the Non Governmental Organisations. http://www.cyber-rights.org/cybercrime/. Denning, D. (2000). Reflections on Cyberweapons Control. Computer Security Journal, 16 (4), 43–53. European Digital Rights (EDRi) Submission to the Council of Europe’s Second Protocol to the Convention on cybercrime, 20 February 2019. https://edri. org/safeguarding-fundamental-rights-in-the-new-cybercrime-protocol/. European Digital Rights (EDRi). (2018, April 3). Nearly 100 Public Interest Organisations Urge Council of Europe to Ensure High Transparency Standards

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

59

for Cybercrime Negotiations. Available at https://edri.org/global-letter-cyberc rime-negotiations-transparency/. European Network and Information Security Agency (ENISA). (2013). The Directive on Attacks Against Information Systems. A Good Practice Collection for CERTs on the Directive on Attacks Against Information Systems. Available at https://www.enisa.europa.eu/publications/the-directive-on-attacksagainst-information-systems. European Network and Information Security Agency (ENISA). (2015). Good Practice Guide on Vulnerability Disclosure. From Challenges to Recommendations. Available at https://www.enisa.europa.eu/publications/vulnerabilitydisclosure. Accessed 4 February 2020. European Network and Information Security Agency (ENISA). (2018). Economics of Vulnerability Disclosure. Available at https://www.enisa.europa. eu/procurement/economics-of-vulnerability-disclosure. European Parliament. (2011, November 24). Draft Report on the Proposal for a Directive of the European Parliament and of the Council on Attacks Against Information Systems and Repealing Council Framework Decision 2005/222/JHA, 2010/0273 (COD). European Parliament, LIBE. (2017, July 25). Report on the Fight Against Cybercrime, (2017/2068 (INI), para 21, 34. Available at http://www.eur oparl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+ A8-2017-0272+0+DOC+PDF+V0//EN. Fafinski, S. (2006). Access Denied: Computer Misuse in an Era of Technological Change. The Journal of Criminal Law, 70 (5), 424–442. Fafinski, S. (2008). Computer Misuse: The Implications of the Police and Justice Act 2006. The Journal of Criminal Law, 72(1), 53–66. Furnell, S., & Papadaki, M. (2008). Testing Our Defences or Defending Our Tests: The Obstacles to Performing Security Assessment References. Computer Fraud & Security, 2008(5), 8–12. Great Britain. Police and Justice Act 2006. Explanatory Notes. Available from: https://www.legislation.gov.uk. Great Britain. House of Lords. (2006, July 11). Official Report: Parliamentary Debates [Hansard], Vol. 684, co. 611. London: The Stationery Office. Guinchard, A. (2018). Transforming the Computer Misuse Act 1990 to Support Vulnerability Research? Proposal for a Defence for Hacking as a Strategy in the Fight Against Cybercrime. Journal of Information Rights, Policy and Practice, 2(2). Guinchard, A. (2020). Better Cybersecurity, Better Democracy? The Public Interest Case for Amending the Convention on Cybercrime n.185 and

60

A. Guinchard

the Directive 2013/40/EU on Attacks Against Information Systems. In R. Pereira, A. Engel, & S. Miettinen (Eds.), The Governance of Criminal Justice in the European Union: Transnationalism, Localism, and Public Participation in an Evolving Constitutional Order. London: Edward Elgar. Hafiz, M., & Fang, M. (2016). Game of Detections: How Are Security Vulnerabilities Discovered in the Wild? Empirical Software Engineering, 21(5), 1920–1959. Horder, J. (2019). Ashworth’s Principles of Criminal Law (9th ed.). Oxford: Oxford University Press. Jardine, E. (2015). The Dark Web Dilemma: Tor, Anonymity and Online Policing. Global Commission on Internet Governance Paper Series, No. 21. Available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2667711. Katos, V., & Furnell, S. (2008). The Security and Privacy Impact of Criminalising the Distribution of Hacking Tools. Computer Fraud & Security, 2008(7), 9–16. Kleberg, C. F. (2015). The Death of Source Protection? Protecting Journalists’ Source in a Post-Snowden Age. London, UK: LSE Polis. Available at http:// eprints.lse.ac.uk/63140/. Law Commission. 2007. Conspiracy and Attempts. CP 183. Lee, M. (2015, November 12). Edward Snowden Explains How to Reclaim Your Privacy. The Intercept [Online]. Available from: https://theintercept. com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/. Maurushat, A. (2013). Disclosure of Security Vulnerabilities: Legal and Ethical Issues. Springer. Organisation for Economic Co-operation and Development. (1986). Computer-Related Crime: Analysis of Legal Policy. OECD. Posetti, J. (2017). Protecting Journalism Sources in the Digital Age. UNESCO. Available at https://unesdoc.unesco.org/ark:/48223/pf0000248054. Poulsen, K. (2013, May 14). Strongbox and Aaron Schwartz. The New Yorker [Online]. Available from: https://www.newyorker.com/news/news-desk/str ongbox-and-aaron-swartz. Pyetranker, I. (2015). An Umbrella in a Hurricane: Cyber Technology and the December 2013 Amendment to the Wassenaar Arrangement. Northwestern Journal of Technology and Intellectual Property, 13, i. Rachovitsa, A. (2016). Engineering and Lawyering Privacy by Design: Understanding Online Privacy Both as a Technical and an International Human Rights Issue. International Journal of Law and Information Technology, 24 (4), 374–399.

The Criminalisation of Tools Under the Computer Misuse Act 1990 …

61

Romanosky, S., Libicki, M. C., Winkelman, Z., & Tkacheva. O. (2015). Internet Freedom Software and Illicit Activity: Supporting Human Rights Without Enabling Criminals. Santa Monica: The RAND Corporation. Chapter 7, ProQuest Ebook Central. Available at https://www.rand.org/ pubs/research_reports/RR1151.html. Accessed 8 September 2020. R v Bow Street Magistrates’ Court and Allison (AP) Ex Parte Government of the United States of America (Allison). (2002). 2 AC 216. R v Coulson. (2013). EWCA Crim 1026. R v Martin. (2013). EWCA Crim 1420. Safi, M. (2020, January 22). Greenwald Charges Are ‘Existential Threat’ to Journalism in Brazil, Says Edward Snowden. The Guardian [Online]. Available from: https://www.theguardian.com/media/2020/jan/22/greenw ald-charges-are-existential-threat-to-journalism-in-brazil-says-edward-sno wden and https://www.hrw.org/news/2020/01/23/brazil-journalist-faces-bas eless-charges. Schuster, S., Van Den Berg, M., Larrucea, X., Slewe, T., & Ide-Kostic, P. (2017). Mass Surveillance and Technological Policy Options: Improving Security of Private Communications. Computer Standards & Interfaces, 50, 76–82. Silic, M. (2013). Dual-Use Open Source Security Software in Organizations– Dilemma: Help or Hinder? Computers & Security, 39, 386–395. Sommer, P. (2006). Criminalising Hacking Tools. Digital Investigation, 3(2), 68–72. Stieglitz, E. J. (2006). Anonymity on the Internet: How Does It Work, Who Needs It, and What Are Its Policy Implications. Cardozo Arts & Entertainment Law Journal, 24, 1395. Townend, J., & Danbury, R. (2017). Protecting Sources and Whistleblowers in a Digital Age. Institute of Advanced Legal Studies. Available at https://infolawcentre.blogs.sas.ac.uk/files/2017/02/Sources-Report_ webversion_22_2_17.pdf. United States v J P Assange, Indictment. (2018, March). Available from: https:// www.justice.gov/usao-edva/press-release/file/1153481/download. Van der Vlist, F. N. (2017). Counter-Mapping Surveillance: A Critical Cartography of Mass Surveillance Technology After Snowden. Surveillance & Society, 15 (1), 137–157.

A Short History of Hacktivism: Its Past and Present and What Can We Learn from It Vasileios Karagiannopoulos

1

Introduction

The Internet has expanded and developed into a social space where people constantly live part of their lives, from shopping and communicating to working and falling in love or waging political campaigns. Whilst 15–20 years ago our online and offline lives seemed much more distinct, we are currently seeing the blending of online and offline experience jointly constituting our everyday reality, making this the era of networked, information-based societies (Webster 2006). In these societies, politics have also become transformed, since online and offline activities and interaction blend together and shape our modern democracies through constant information interplay, political decision-making and citizen contestation. From e-governance initiatives and the Web 2.0 revolutions of the Arab Spring to the Cambridge V. Karagiannopoulos (B) Institute of Criminal Justice Studies, University of Portsmouth, Portsmouth, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_4

63

64

V. Karagiannopoulos

Analytica scandal and the alleged influencing of global elections through covert hacking attacks and misinformation, we can easily see that cyberspace is at the same time a communications tool, but also in itself a political space, where political power is generated, exercised and challenged. Within this space then, hacktivism has developed organically over the years as a particular form of online activism, where its proponents use hacking techniques as a form of symbolic political expression. The term has been excessively used in sensationalist media reports and by cybersecurity experts and government officials for many incidents of political use of computer networks and information, ranging from whistle-blowing to cyberterrorism and cyberwarfare (Vegh 2003; Samuel 2004; Denning 2001). Trying to distil the essence of multiple definitions Karagiannopoulos (2018) narrows down hacktivism as: ‘the use of computer and network access and reconfiguration techniques that transgress or challenge cybercrime laws in order to produce or facilitate symbolic effects that confer a political message or protest a particular policy’. For this chapter, this will be the working definition used, which excludes phenomena such as whistle-blowing (Manning and Snowden for example) or online petition campaigns that do not necessarily involve hacking as a form of expression. Although hacktivism as a term has featured regularly in the media in recent years, it is not a recent phenomenon. In fact, it originates from the early movements that fused activist mentalities with the hacker ethic in the 1990s and early 2000s. As Jordan and Taylor (2004) highlight, hackers originated from the phone phreaks and computer programmers even before the Internet existed and developed into a subculture of people that were at ease with new technologies and challenged the norm of fear and insecurity of the information revolution. With the advent of the Internet, activists started experimenting with new expressive/disruptive tools, whilst hackers also started becoming more socially considerate, as information technologies became an inextricable element of our society and information in itself became a core asset. The history of hacktivism is very extensive and this account cannot be exhaustive of all the groups and individuals that have engaged in such activities in the past 25–30 years. However, the author will provide a

A Short History of Hacktivism …

65

brief description of some major groups that were active from the 90s up until today, mainly in the US and the UK, acknowledging that hacktivist phenomena span the globe, but requiring a more focused scope due to the limitations posed on this publication. This chapter will then identify how hacktivism changed in the past 10–15 years with the rise and fall of Anonymous, drawing some conclusions on the impact of these changes, but also on the possible future of the hacktivist movement overall after the trough in activity that we seem to be experiencing currently. The next section will focus on what the author considers to be the birthing, 1st wave of hacktivism, discussing some of the major groups of this period and drawing some general conclusions about hacktivist rationales and practices during that era.

2

The 1st Era of Hacktivism

2.1

The Birth of Hacktivism and Relevant Groups

There are multiple groups that relate to this initial era of hacktivist activity. One of the first groups to explicitly articulate legally ambiguous, symbolically expressive hacktivist tactics in the early 90s were the Critical Art Ensemble (CAE), a group engaging in tactical media interventions. Tactical media encompasses hacktivism, but generally involves the use of new technologies in artistic projects that, instead of attempting to generate grand revolutionary events, focus on producing micropolitical effects that disrupt, intervene and educate (Riley 2009: 1). The main contribution of CAE was the conceptualisation of Electronic Civil Disobedience (ECD), which CAE defines as the transition of the tactics of blockage and trespass onto the Internet (Critical Art Ensemble 1996). They argue such tactics should avoid causing damage to websites that are irrelevant to the cause protested or are used for the provision of critical services (Critical Art Ensemble 1996). However, CAE (1993) also accept that such hacktions can entail unpredictable, collateral consequences, which they deem inherent in social protests. The CAE (2012) can arguably be considered one of the core predecessors of the online activism that we see today with Wikileaks and Anonymous.

66

V. Karagiannopoulos

The teachings of CAE were put to practice by other groups, such as the Electronic Disturbance Theater (EDT). As Dominguez (Simon 2003), a former member of CAE, and one of EDT’s core members argued, EDT: ‘attempted to translate and express the unbearable weight of physical beings into the immaterial informational channels’, without any regard for technical efficiency, as their goal was not: ‘to bring the enemy down, but be “effective” in side-loading information beyond the local and offering a point of focus for the communities involved’. EDT did not see their activities as undercover direct action, but as artistic gestures and performances combined with notions of civil disobedience, which would have to be realised publicly and openly in order to have political legitimacy and avoid legal repercussions (Goldstein 2010; Dominguez 2008b). EDT became more popular through their campaign in support of the Zapatistas in the late 90s, and even though the group in its original form has disbanded, some of its original members still participate in similar projects. Dominguez still continues to organise many different actions to protest issues ranging from healthcare budget cuts to US immigration policies and even police killings in Greece (Dominguez n.d., 2008a) Their online disobedience/performances were and still are mainly virtual sit-ins, a public-supported distributed denial of service attack, where multiple like-minded users coordinate to access and reload a particular website relevant to the cause of their protest until it crashes from the amount of information requests. These sit-ins were realised through the use of a specialised software tool, called Floodnet, a free software, which essentially automated the process of reloading a webpage, thus, making virtual sit-ins more efficient. Despite their controversial tactics and the targeting of high profile governmental and other websites, such as the Frankfurt Stock Exchange, EDT did not face any legal ramifications during their early years and Dominguez even acquired a position as a professor of Digital Arts at the University of California in order to teach practices such as ECD, hacktivism and electronic disturbances. Through his University work, Dominguez and others have revived and continued the work of the original EDT in the form of EDT 2.0. Applying his teachings even to his own place of work, Dominguez organised a virtual sit-in against the UC

A Short History of Hacktivism …

67

Principal’s office in relation to budget cuts a few years ago, invoking the threat of federal prosecution. Investigations were dropped only after an array of online and offline protests led to a private agreement with the University, with Dominguez pledging not to employ such tactics against the UCOP for four years. Inevitably, these news sparked another virtual sit-in protest against the UCOP (Goldstein 2010). Recently, EDT 2.0 organised a similar protest of e-graffiti, amongst other offline and online methods of protest in solidarity with the Zapatistas, planning to disrupt the Mexican president’s website and to write supporting messages for the Zapatistas on the webserver’s logs (Electronic Disturbance Theater and Comrades 2014). As Dominguez says, for his collective of banglab/EDT 2.0, the aesthetics and activism are intertwined, but he does not see himself or his group as activists per se, but as artists that seek to enhance activist work through their digital art performances (Reclamations Blog 2011). It is clear that EDTs actions are now getting much more attention from the authorities, thus making engaging in hacktivist protests more challenging. As will be seen when Anonymous will be discussed, in recent years, crackdowns on hacktivists have become much more commonplace than when EDT started doing its interventions 25 years ago. Apart from EDT, though, there were more groups that engaged in hacktivism such as the UK-based Electrohippies, mostly known for having organised a major virtual sit-in during the Seattle World Trade Organisation (WTO) meetings in 1999. They promulgated their own protest tool and successfully combined hacktivist with offline protests against capitalist globalisation policies (DJNZ and The Action Tool Development Group of the Electrohippies Collective 2001). The Electrohippies tried to establish community accountability for their protests and published a list of preconditions for using their virtual sit-in tool, ranging from providing information and facilitating the traceability of protesters by the authorities, to prior notification to the targets and explanation of the motives and causes for the protest (DJNZ and The Action Tool Development Group of the Electrohippies Collective 2001). Despite their explicitly principled, organised way of protesting, eventually they were forced to abandon hacktivist practices due to the impact the UK’s new cybercrime/cyberterrorism laws could have on hacktivists (The Electrohippies Collective 2000).

68

V. Karagiannopoulos

Similar hacktivist actions were also perpetrated by non-techie activist groups, such as Greenpeace (2003) or Kein Mensch is Illegal (European Digital Rights 2006). The latter group’s virtual sit-in against Lufthansa in Germany protesting against the airline offering assistance in government deportations is in fact considered a major moment in hacktivism history. This is because the Frankfurt Appellate court, which considered the case after the initial conviction of the organisers, found their virtual sit-in analogous to free expression rather than illegal coercion, thus acquitting the organisers. This acquittal was reinforced by the organisers’ actions, as they had taken all steps to warn Lufthansa of the protests and complied with regulations applicable for offline street protests. However, it remains the only reported decision of its kind globally, since prosecuted hacktivist cases in recent years in the UK and the US have resulted in guilty pleas and convictions, as will be discussed further below. During the same period, various web-artists (artivists) resorted to legally ambiguous and politically expressive acts, such as distributing viruses with a political message or modifying (defacing) digital artworks exhibited on websites. These artists used their interventions to protest various political and economic phenomena, from the ‘commodification’ of artistic expression and the intensification of intellectual property restrictions to the neo-liberal, capitalist policies, adopted by governments or the environmental indifference of corporations (Vegh 2003; Bazzichelli 2008). One such group was EpidemiC, which had focused primarily, but not exclusively on viruses, seeking to uncover the artistic and communicative potential in viral code. The underlying software code of the virus they created with 0100101110101101.org, another artivist group, was written as a story trying to highlight the positive aspects of viral code and its undue demonisation by the cybersecurity industry. Its code was circulated at a web-art festival through various online and offline means, and was even given to anti-virus companies as a show of the artists’ benign intentions (Klang 2003). EpidemiC (n.d.) also created, amongst other projects, a free Windows-based programme, called ‘Anti-Mafia Action Sharing’, which utilised file-sharing software to help coordinate virtual sit-ins. Although producing such software was legal at the time, today it

A Short History of Hacktivism …

69

would probably fall foul of laws relating to the production and distribution of software tools that can facilitate unauthorised access or computer impairment, such as s.3A of the Computer Misuse Act 1990 in the UK. 0100101110101101.org is another pair of artists that have engaged in technology-manipulating, legally ambiguous performances. For example, they created fake online gallery websites similar to those offered to limited subscribers-buyers by online galleries and even mutated the works on display in one of those virtual galleries, which resulted in civil legal action by the gallery owners. The purpose was to unveil the pretences of originality and uniqueness in digital works that could be reproduced in identical copies (0100101110101101, 1999–2000; Castle 2000). In another potentially illegal intervention, the artists hacked the website of a web-art festival, as part of their own festival performance, randomly mixing the exhibits with the artists’ names (0100101110101101, 2001). Despite there being no legal repercussions, their performance got the curator dismissed and the conference cancelled, causing the pair to reconsider hack-related performances in the future (Bazzichelli 2008). Despite the above, Eva and Franco Mattes have not stopped challenging Internet norms and practices through their art as can be seen from their recent work (0100101110101101.org, n.d.). There are more groups that belong to this early era of hacktivism. Hacktivismo (n.d.), for example, was an offshoot of the hacker group Cult of the Dead Cow, which was involved in the development of software tools for facilitating activist communications through encryption and the identification of security flaws. Unfortunately, the limitations of this chapter do not allow for a fully detailed account and thus this section has focused on the more controversial/legally ambiguous groups of this era (for a more extensive account on Hacktivismo, see Jordan and Taylor 2004; Karagiannopoulos 2018).

2.2

Initial Conclusions from the 1st Era

The particular groups and campaigns mentioned brought hacktivist practices and debates to the fore, both in relation to using information technology as a symbolic tool for political expression, but also

70

V. Karagiannopoulos

on the specific philosophies and tactical choices regarding best practice, efficiency and avoiding legal repercussions. If we were to identify some specific characteristics from this foundational period of hacktivism, one could argue that the more obvious ones would be the relative concreteness of these groups in terms of membership, philosophy and tactics. First, as seen above, we have smaller and more defined groups with specific members organising the public participation-based events, i.e. virtual sit-ins and there are often general, explicitly communicated principles regarding the open and non-harmful realisation of these protests and even efforts to prevent any unwanted consequences. Moreover, there was a much more distinct and relatively obvious core of accountable members/leadership, which were responsible for organising the activities and even generated the software related to those actions. The rhetoric is also generally artistic and less conflicting and focuses on accountability and minimising the harmful effects of the hacks, attempting more to use the Internet as a new medium for expressing their grievances and supporting offline protests. However, hacktivism has moved into a new era with many similarities, but also some very distinct differences. The following section will discuss the transition of hacktivism into the modern era and will primarily analyse Anonymous and its impact in the shaping of the contemporary hacktivism landscape.

3

The Second Era of Hacktivism

3.1

The Domination of Anonymous

Although there have definitely been isolated incidents of hacktivism in the past decade or so (see for example the cases of Swartz and Auernheimer in Karagiannopoulos 2018), Anonymous has dominated the hacktivist scene in the past 10–15 years and further popularised hacktivism, but also challenged the organisational, tactical and legal limits of the practice even more. Anonymous originates from www.4chan.org, a message boards website, with topics ranging from Japanese anime and

A Short History of Hacktivism …

71

cat videos to sports and pornography. Users frequent these spaces to exchange information, discuss trending topics, create and share memes and even embark on trolling campaigns. The most controversial content can be found in group /b/. These modern, gatherings of users and ‘geeks’ are characterised by a fluidity, giving rise to a loose community (Bennett 1999) which further enhances an intrinsic subculture element: resistance to mainstream culture through a semiotic guerrilla warfare (Hebdige 2002). The geek and trolling culture of /b/contains carnivalistic elements, such as satire and masquerade, which Bakhtin links with the countercultural elements of laughter and anti-establishment ideologies that challenge a culture of submission and orderly living (Lachmann et al. 1998). The blending of this countercultural mentality with the sense of community, exchange of ideas and seeking the ‘lulz’ that characterises 4chan eventually led to the politicisation of parts of this initially loose gathering of users (Coleman 2011). Although it is often referred to as a concrete group, Anonymous is essentially an umbrella identity, without predefined membership and leadership. Instead, it encompasses many factions with potentially different ideological and tactical orientations, but often converging under common aims (Allnut 2011). Coleman (2014) identifies the lack of agreed mandates and the endemic fluidity, unpredictability and lack of institutionalisation as Anonymous’ core characteristics. Anonymous is also characterised by a humorous and deviant outlook, they promote an anti-celebrity philosophy for those identifying with the group, and use diverse technical tools to facilitate their long list of political interventions (Coleman 2014). Anonymous arguably functions in a direct democratic way (although there are exceptions to that) since decision-making is often based on voting by those participating in the iRC channels (Mansfield-Devine 2011; Coleman 2014). The lack of identifiable representatives/organisers is also one of the weaknesses of the group, since its representation is diverse and faceless, which in turn allows anyone to use the Anonymous identity to serve their own goals, from de-legitimisation of the group through politically illegitimate or harmful actions to personal gratification (Rawnlison 2011). Although the leaderless, memberless

72

V. Karagiannopoulos

collective can be perceived as a disorganised, uncontrollable mob, assessments of Anonymous’ operations suggest that the collective can indeed behave with a loose, political conscience and organisation in the form of a ‘diffuse crowd’ (Warner 2010). In fact, there are—or at least were during the peak of Anonymous a few years back—more concrete subgroups that work towards developing media projects or working on shaping the collective’s public relations. These are operated by influential Anons, whose opinions carry additional gravity and have many followers (Coleman 2014). The intense politicisation has led to a split in Anonymous with lulz-oriented members (hatefags), criticising their more politicised peers (moralfags) and the transformation of Anonymous from a fun-based collective to a more serious political entity (Crenshaw 2011; Coleman 2014). There have also been splinter groups, such as Lulzsec, where Anonymous-affiliated hackers engaged in a cyberattack spree against high profile targets, leading to their arrest and conviction (Arthur 2013). This splintering highlights the multi-faceted nature of Anonymous, which is essential for understanding that there cannot be set and predefined ideological and tactical norms, which would be attributed to and followed by all those individuals and factions that use the name of Anonymous (Anonymous 2011). Naturally, another core characteristic of Anonymous is anonymity, differentiating them from the more open/pseudonymous initial hacktivist groups. Although pseudonymity and anonymity was a norm in the 4chan fora as a feature of equality and meritocracy, it has also been advocated more recently as a needed precaution against criminal prosecutions and personal attacks (Terban 2011) In order to avoid state surveillance, anonymity is even recommended during real-life protests organised under the banner of Anonymous, such as the Million Mask Marches, where many Anonymous-affiliated protesters wear Guy Fawkes masks; their official ‘trademark’ (Coleman 2014).

A Short History of Hacktivism …

3.2

73

Tactics and Operations

Anonymous often comes together because of the citizens’ need to do something about common socio-political concerns, without a clear understanding of how to realise their goals, yet acting rationally and conscientiously, with members having the option to participate or not (Warner 2010). In many cases, their goal is not to create disruption per se, but to create symbolic effects and raise awareness with their activities (Fox 2010). Reflecting the above, the iRC channels frequented by Anonymous are managed by more experienced members, which influence in decisions and are also tasked with communicating constantly the collective’s evolving self-regulatory norms, such as avoiding the targeting of media outlets or the incitement of violence (Coleman 2014). Anonymous employ controversial and legally ambiguous tactics, reflecting their diverse ideological and tactical perceptions as well as backgrounds. These range from virtual sit-ins and website defacements to information hacks and ‘doxing’, which is the acquisition and release of private/confidential information (Crenshaw 2011). Anonymous have also developed their own software for facilitating virtual sit-ins, called Low Orbit Ion Cannon (LOIC). LOIC functions similarly to EDT’s Floodnet and allows for IP addresses to be identified, thus rendering participants using it traceable by the authorities (Singel 2010). However, as virtual sit-ins in the past decade have resulted in prosecutions, Anonymous have also developed more advanced tools that allow for anonymised virtual sit-in participation (Gallagher 2012). Reflecting the inherent diversity of the collective, the language used on their messages and declarations is also multi-faceted, but also often feels more confrontational to the first era groups, potentially due to the collective’s anti-authoritarian origins and the enthusiasm of its numerous young participants (Warner 2010). Even the motto of the collective: ‘we do not forgive, we do not forget, expect us!’ expresses a more polemic attitude compared to the more artistically minded groups of the previous era that were discussed in the previous section. In a quasi-political form, Anonymous have been active since 2006. However, one of their major campaigns that established their transformation into a politicised collective was Operation Chanology targeting

74

V. Karagiannopoulos

the Church of Scientology. These protests related to the Church’s efforts to censor a Tom Cruise video talking about his experience as a Scientologist (Coleman 2014). The protests included online campaigns of hacking Scientology websites and doing virtual sit-ins, telephone and fax pranks. Protests were also organised offline with protesters in Guy Fawkes masks joining street protests in many big cities internationally. Although OpChanology generated media interest and also resulted in a couple of prosecutions of virtual sit-in protesters, as will be discussed further below, Anonymous became the target of media and police attention even more intensely due to their very successful campaign in support of Wikileaks (OpAvengeAssange) at the end of 2010. During this protest thousands participated globally in a virtual sit-in against Mastercard, Paypal and Amazon to express their disapproval of the corporations’ unjustified denial to process donations and offer hosting services to Wikileaks. This denial was seen as a retaliatory response against the release of US diplomatic cables by Assange and although Amazon was not impacted upon by the protests, Paypal experienced some service slow-down, which eventually gave rise for prosecuting and convicting 14 protesters in the US and four in the UK (Coleman 2014). Anonymous continued their controversial protest activity by hacking HB Gary Federal’s emails in order to expose and protest the intentions of HB Gary to spy and hinder the operations of Wikileaks through media campaigns, cyberattacks, misinformation and sabotage in addition to intimidating donors, challenging the reputation of supporters and trying to expose Anonymous’ identities (Coleman 2014). Anonymous also hacked and published police officer information in relation to protests in San Francisco (OpBART) (Sankin 2011). Less controversially, Anonymous have been involved in assisting Tunisian and Egyptian protesters’ communications during the Arab Spring, have exposed paedophile networks, and they even declared war on ISIS webpages for their Paris attacks. They have also targeted international organisations and banks, security organisations and national governments and even more recently the Ku Klux Klan and Donald Trump (Wikipedia, n.d.). As mentioned above, the activities of Anonymous were not handled with as much tolerance as those of past hacktivist groups. In the US, two individuals were prosecuted and pled guilty to computer damage

A Short History of Hacktivism …

75

charges for participating in the OpChanology sit-ins, and were handed imprisonment, probation and financial restitution penalties (Anonymous 2008; Kravets 2010).1 Another 14 members of Anonymous (Paypal 14) have also pled guilty to relevant felony and misdemeanour charges. The 12 who pled guilty to both counts were on probation for a year after which the felony charge was dropped and also had to pay $5600 each as restitution to Paypal. This was considered a victory by their lawyers after a three year-long legal struggle, where Paypal 14 were faced with charges of conspiracy and criminal damage to computers that could have resulted in up to 15 years in prison (Mintz 2011). Eric Rosol was also sentenced in 2012 to two years of federal probation and $183,000 in restitution for participating in an Anonymous virtual sit-in against a Koch Industries website for less than one minute (Ribeiro 2013). At least four members have also been tried in the UK under similar charges of conspiracy to commit computer misuse offences in relation the Paypal protests, with the presumed leader of the group, Weatherhead, who did not plead guilty, receiving 18 months in prison. Although he did not actively take part in the virtual sit-in, he was considered the coordinator of the communications hub at the time (Coleman 2014; Halliday 2017).2 Many more alleged Anonymous protesters have been arrested and charged or investigated in various countries (Watkins et al. 2011; Tremlett and Agencies in Istanbul 2011; Leyden 2011; BBC 2012). Although some of those efforts have brought praise, their constant threats of ‘cyberwar’ against governments and their disruptive, legally controversial campaigns seem to have reached a saturation point and their actions are not attracting as much attention or participation anymore (Clark 2016; Newman 2019). In fact, there is arguably a 95% reduction in hacktivist incidents since 2015, which is indicative of the lack of Anonymous’ popularity and originality. (Mayersen 2019; Catalin 2019) The decrease is also reinforced by the deterring effect that the crack-downs from the authorities have generated, thus suggesting that the second wave of hacktivism is starting to plateau. 1 See

US v Guzner (New Jersey, Dist. Court) Case No. 2:09-cr-00087. R v Weatherhead, Rhodes, Gibson, and Burchall (Unreported) Southwark Crown Court, 24 January 2013.

2 See

76

V. Karagiannopoulos

Considering the above, we can identify distinctive elements that characterise the transition to the Anonymous-dominated era of hacktivism and differentiate this era from the previous one.

3.3

Conclusions from the Second Era

First, Anonymous demonstrates that there has been a gradual development in the hacktivist movement over the years, going from small activist clusters engaging in technologically facilitated disruption to also adopting more fluid structures, where there is a less concrete, identifiable core membership. Compared to earlier established groups that seemed to have a distinct organising cluster and predefined strategic aims and even a clearer ideological direction, Anonymous, as seen above, feel more like a constantly mutating and evolving living organism that reacts to different socio-political stimuli reflecting its multi-faceted origins and the diversity of its ideological and tactical aspirations. Anonymous itself as a concept seems to be functioning as an alias that can be used in a decentralised and uncoordinated way by collectives, affinity groups and even individuals (Deseriis 2012 cited in Alexopoulou and Pavli 2019). According to Deseriis (2012 cited in Alexopoulou and Pavli 2019) ‘improper’ names, such as the umbrella term of Anonymous, have three particular common features: they empower the social groups by providing them with a medium for identification and mutual recognition, enable those who lack a voice to attain extra-institutionalised symbolic power and also allow the expression of collective and singular processes of subjectivation through the proliferation of difference. In this sense then, the Anonymous ‘mask’ operates as an empowering title for netizens that want to relate to a modern politicised collective without being restricted by rigid party lines or rules. This ‘improper name’ liberates political participation in a sense, but presupposes members are responsible for their actions with much less guidance and supervision; something which cannot always be practically guaranteed. This shift is also reflected in the more aggressive rhetoric that can be considered ambivalent at best. As Goode (2015) aptly suggests: ‘the voices articulated through these testimonial texts are simultaneously

A Short History of Hacktivism …

77

nihilistic and idealistic, dystopian and utopian, egoistic and collectivist, and dedicated to the negative freedoms of libertarianism yet also concerned with collectivist goals of equality and justice’ (p. 79). This linguistic transition reflects the abovementioned ideological shift towards a more empowered, populist and direct democratic rationale, where citizens adopt a dystopian perspective of democracy and take the enforcement of democratic accountability in their hands. Yet at the same time, as Woods (2013) highlights, Anonymous are re-branding hacktivism through their rhetoric and activism guidance as a more inclusive process in order to recruit more members with their pro-populist language. Their diverse communications seem to be another way of constructing an identity within this wide online space of distributed ideology and anonymity that Anonymous inhabits contrary to the rhetoric of the first era groups. The more concrete identities of the initial groups were not in such need of identity building/reinforcement through language, instead employing it as a means for the public’s ideological/political education. The above does not mean that the two eras lack ideological and tactical commonalities. A constant denominator for protesters is their struggle against globalisation and capitalist exploitation. Although this remains a core theme throughout, Anonymous focus a lot more on user rights, privacy and security as well as freedom of information and expression. These are all issues that have come to the fore with the unrestricted expansion of the Internet and the significant impact of information technologies on our everyday lives compared to 20 years ago. As the issues hacktivists protest for or against become more commonly relevant and relatable to a larger part of our interconnected society, digital activism, respectively transforms from a ‘countercultural politics of resistance to a counterhegemonic politics of popular mobilisation’ (Gerbaudo 2017). Activists, thus approach cyberspace as part of the political mainstream where occupation and mass mobilisation happens compared to the early digital activists that viewed the Internet as a distinct space that provided their activism with innovative tools, but was still separate from the space where their political concerns would be alleviated. The popularisation of cyberspace consequently leads to an ideological transition of online activism from autonomism and anarcho-authonomism to a brand of populism Gerbaudo (2017) calls ‘citizenism’. ‘Citizenism’ focuses on the

78

V. Karagiannopoulos

grassroots recuperation and reclamation of democracy and political institutions by citizens and direct participation. It is not hard to see all these elements strongly reflected in the open and quasi-vigilantist behaviours of Anonymous. There are still shared, harm-reducing operational principles that are communicated and underpin many hacktivist actions. However, as seen above, the fragmented diversity of Anonymous, their traditional affinity to anonymity and the lack of a clear and centralised, accountable leadership has resulted in less principled and more controversial activities overall. Anonymous incorporates and popularises further the pre-existing tactics that multiple groups employed in the initial era, essentially demonstrating the simultaneous evolutionary and traditional nature of hacktivist practices as an online reflection of offline actions. However, Anonymous’ arsenal is not restricted to purely symbolic acts. Doxing and information hacks which reflect a more direct action approach rather than the more artistic and symbolic activity of the first era seem to be more commonplace with Anonymous and consistent with the citizenist agenda identified above. This populist transformation of ‘netizens’, which we could call ‘netizenism’ simultaneously impacts on the political legitimisation of Anonymous’ activities, distorting the purely expressive disruptions with a more coercive mentality that has started to backfire (BBC 2015; Clark 2016). Although Alexopoulou and Pavli (2019) claim that Anonymous’ lack of physical intimacy and identifiability by the public makes their cyber-performances more powerful, and this might have been the case in past years, it is questionable whether the mystique of the collective can in itself sustain the public’s interest and support when their activities lack the novelty and tactical political legitimacy the initial groups tried to preserve.

4

Overall Conclusions and the Future of Hacktivism

Hacktivism as a philosophy and reconfiguration of political practice has been an intrinsic part of Internet culture from its early start and has taken many shapes and forms with differing manifestations globally,

A Short History of Hacktivism …

79

expressing anti-globalisation/capitalist dissent, protecting civil liberties and democratic values, but also protesting nation-based social issues. Inevitably, with Internet penetration being much higher in recent years than in the 90s, hacktivism became much more popular (network effect) and with cybersecurity and information/network integrity becoming a core concern for companies and governments, hacktivism also attracted more attention from the authorities as well as cybersecurity companies. Consequently, its popularisation is not just an issue of more intense politicisation of internet users, but in parallel a direct consequence of the increased numbers of users globally and the much higher value information and networks have today compared to 20 years ago for public and private organisations, but also users. From the trends we have highlighted in the past 25 years, there are periods where hacktivist activity is intensified and prolific and periods where hacktivist protests subside, as is the time we are in now after the large wave of Anonymous hacktivism between 2006–2015. It is not uncommon for social resistance to have ebb and flow periods which can relate to external and internal elements. These ebbs and flows can be due to the intensity of social problems, the efficacy of the political engagement, the permissiveness of harshness of regulatory crack-downs or internal issues, strong or weak leadership and conflicting interests and ideological perceptions within the protest movement itself (De la Porta and Diani 2006; Dee 2014; Bennett et al. 2014; Conrad 1981). Despite the current ebbing of popular hacktivist action, the author anticipates that the new eco-activist movement will eventually manifest itself through hacktivist protest as well, especially when offline disruptive actions seem to be generating more friction with the public rather than gaining its support (The Guardian 2019). Extinction Rebellion and other ecological groups have already realised some disruptive protests offline and there seems to be a gradual shift of online protest, which also encompasses previous anti-capitalist/anti-globalisation agendas (Enoughisenough14.org 2019; East 2019; HLN 2019; Reddit 2019). It seems inevitable that, as with previous protests, eco-protests will combine online with offline protests in order to further enhance the reach of the message and public participation (Haynes 2018).

80

V. Karagiannopoulos

Whether the upcoming eco-protests will revive/absorb Anonymous or whether they will be realised by a milieu of different smaller groups or individuals remains to be seen, but the intensity and the urgency of the climate crisis and the increasing interconnectivity the era of the Internet of Things entails (Tobby 2017) seem bound to fuel a new wave of activism and even reconfigure hacktivist methods and tactics. Hacktivism reflects a shift in modern, technology-facilitated politics that manifest as ‘connective action’ where participants engage with social problems individually through finding common ground in personalisable action modes, which allow the expression of differing views of mutual problems shared on online networks (Bennett et al. 2014). This time protesters will be fighting for a more globally encompassing and relevant struggle that goes beyond the polarising ideologies and political identities of the previous century and the diversity guaranteed by hacktivist action will play a crucial role in enhancing collective action. Hacktivism can thus survive and flourish by promoting inclusivity and by choosing disruptive/symbolic tactics and targets of protest that do not alienate the general public and move beyond inefficacious tactics of the past. McLuhan et al. (1967) once famously said that ‘the medium is the message’. Irrespective of its efficiency and efficaciousness, hacktivism as a phenomenon still has a lot to teach us about doing modern politics in networked societies and we should be looking forward to learn from its upcoming manifestations and permutations.

References 0100101110101101.org. (n.d.). Works. Retrieved from https://010010111010 1101.org/works/. 0100101110101101.org. Copies (0100101110101101.org, 1999–2000). Retrieved from http://www.0100101110101101.org/home/copies/index. html. 0100101110101101.org. The K Thing: Story of an Infamous Online Performance (0100101110101101.org, 2001). Retrieved from http://010010111 0101101.org/the-k-thing/.

A Short History of Hacktivism …

81

Alexopoulou, S., & Pavli, A. (2019). Beneath This Mask There is More Than Flesh, Beneath This Mask There Is an Idea’: Anonymous as the (Super)heroes of the Internet? International Journal for the Semiotics of Law. https://doi.org/10.1007/s11196-019-09615-6. Allnutt, L. (2011, June 8). Old-School Hacker Oxblood Ruffin Discusses Anonymous and the Future of Hacktivism. Tangled Web. http://www.rferl. org/content/hacker_oxblood_ruffin_discusses_anonymous_and_the_fut ure_of_hacktivism/24228166.html. Anonymous. (2011, August 17). Anonymous Is Not Unanimous. Pastebin. http://pastebin.com/4vprKdXH. Anonymous. (2008, October 18). Teenage Hacker Admits Scientology CyberAttack USA v. Guzner – Information. Secretdox. http://secretdox.wordpr ess.com/2008/10/18/usa-v-guzner-plea-agreement-for-defendant-dmitriyguzner/. Arthur, C. (2013, May 16). LulzSec Hackers Jailed for String of Sophisticated Cyber-Attacks. The Guardian. https://www.theguardian.com/techno logy/2013/may/16/lulzsec-hackers-jailed-cyber-attacks. Bazzichelli, T. (2008). Networking: The Net as Artwork. Aarhus: Aarhus University. BBC. (2012). Anonymous Hackers: Police Arrest 25 in Four Countries. Retrieved from https://www.bbc.co.uk/news/world-latin-america-17195893. BBC. (2015). Anonymous Posts Ku Klux Klan Alleged Sympathisers List. Retrieved from https://www.bbc.co.uk/news/technology-34736941. Bennett, A. (1999). Subcultures or Neo-Tribes? Rethinking the Relationship between Youth, Style and Musical Taste. Sociology. Retrieved from http:// journals.sagepub.com/doi/abs/10.1177/S0038038599000371. Bennett, W. L., Segerberg, A., & Walker S. (2014). Organization in the Crowd: Peer Production in Large-scale Networked Protests. Information, Communication & Society, 17 (2), 232–260. https://doi.org/10.1080/1369118x.2013. 870379. Castle, N. (2000). Internet Art and Radicalism in the Digital Culture Industry. http://www.lulu.com/items/volume_1/89000/89324/2/preview/netart_pre view.pdf. Catalin, C. (2019). Hacktivist Attacks Dropped by 95% Since 2015. ZDNet. Retrieved from https://www.zdnet.com/article/hacktivist-attacks-droppedby-95-since-2015/. Clark, B. (2016, March 15). ‘Anonymous’ #OpTrump Isn’t a ‘War,’ It’s a Nail in the Coffin of the Encryption Debate.’ The Next

82

V. Karagiannopoulos

Web. http://thenextweb.com/opinion/2016/03/15/anonymous-declares-waron-donald-trump-again-with-optrump/. Coleman, G. E. (2011, April 6). Anonymous: From the Lulz to Collective Action. The New Everyday. http://mediacommons.futureofthebook.org/tne/ pieces/anonymous-lulz-collective-action. Coleman, G. E. (2014). Hacker, Hoaxer, Whistleblower, Spy: The Many Face of Anonymous. London: Verso. Conrad, C. (1981). The Transformation of the ‘Old Feminist’ Movement. Quarterly Journal of Speech, 67 (3), 284. Crenshaw, A. (2011). Crude, Inconsistent Threat: Understanding Anonymous. Irongeek. http://www.irongeek.com/i.php?page=security/understanding-ano nymous. Critical Art Ensemble. (1993). Electronic Disturbance. New York: Autonomedia. Critical Art Ensemble. (1996). Electronic Civil Disobedience and Other Unpopular Ideas. New York: Autonomedia. Critical Art Ensemble. (2012). Disturbances. Retrieved from http://critical-art. net/?page_id=309. Dee, E. T. C. (2014). The Ebb and Flow of Resistance: Analysis of the Squatters’ Movement and Squatted Social Centres in Brighton. Sociological Research Online, 19 (4), 1–17. De la Porta, D., & Diani, M. (2006). Social Movements: An Introduction (2nd ed.). Malden, MA: Blackwell. Denning, D. (2001). Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy. In J. Arquila & D. Ronfeldt (Eds.), Networks and Netwars: The Future of Terror, Crime, and Militancy. RAND Corporation. Deseriis, M. (2012). Improper Names: Collective Pseudonyms and MultipleUse Names as Minor Processes of Subjectivation. Subjectivity, 5 (1), 140– 160. DJNZ and The Action Tool Development Group of the Electrohippies Collective. (2001). Client-Side Distributed Denial-of-Service: Valid Campaign Tactic or Terrorist Act? Leonardo, 34, 269. Dominguez, R. (n.d.). Electronic Civil Disobedience. thing.net. http://www. thing.net/~rdom/ecd/ecd.html. Dominguez, R. (2008a). Electronic Disobedience Post-9/11. Third Text, 22, 661. Dominguez, R. (2008b). Electronic Civil Disobedience in Solidarity with Greek Anarchists. thing.net. http://post.thing.net/node/2457.

A Short History of Hacktivism …

83

East, M. (2019). Anonymous Declare Support for Extinction Rebellion in Italy, Data Leaked from 6 Organizations. Red Revolution. Retrieved from https://redrevolution.co.uk/2019/04/19/anonymous-declare-supportfor-extinction-rebellion-in-italy-data-leaked-from-6-organizations/. Electronic Disturbance Theater and Comrades. (2014). E-Graffiti in Solidarity with the Zapatistas - May.24.2014. Retrieved from http://www.thing.net/ ~rdom/ZapatistasMayo24/. Enoughisenough14.org #Anonymous #OPGreenRights: Hacktivists Attacked 14 Polluter. Retrieved from https://enoughisenough14.org/2018/11/19/ano nymous-opgreenrights-hacktivists-attacked-14-polluter/. EpidemiC. (n.d.). Antimafia: The Action Sharing. Retrieved from http://epi demic.ws/antimafia/action.php?lng=en. European Digital Rights. (2006, June 7). Frankfurt Appellate Court Says Online Demonstration Is Not Coercion. European Digital Rights. Retrieved from https://edri.org/. Fox, L. (2010, December 12). From Hacktivists to Spammers: Is Anonymous Failing? newsjunkiepost.com. http://newsjunkiepost.com/2010/12/12/ from-hacktivists-to-spammers-is-anonymous-failing/. Gallagher, S. (2012, February 16). High Orbits and Slowlorises: Understanding the Anonymous Attack Tools. Ars Technica. http://arstechnica. com/business/news/2012/02/high-orbits-and-slowlorises-understandingthe-anonymous-attack-tools.ars. Gerbaudo, P. (2017). From Cyber-Autonomism to Cyber-Populism: An Ideological Analysis of the Evolution of Digital Activism. tripleC: Communication, Capitalism & Critique. Open Access Journal for a Global Sustainable Information Society, 15 (2), 477–489. Goldstein, E. (2010). Digitally Incorrect. The Chronicle Review. Retrieved from http://chronicle.com/article/Digitally-Incorrect/124649/. Greenpeace. (2003, March 10). Bhopal Protests Move Online. Greenpeace. http://www.greenpeace.org/international/en/news/features/bhopal-protestsmove-online/. Accessed 24 October 2010. Goode, L. (2015). Anonymous and the Political Ethos of Hacktivism. Popular Communication, 13(1), 74–86. Hacktivismo. (n.d.). Hacktivismo Projects. Retrieved from http://www.hackti vismo.com/projects/index.php. Accessed 1 December 2012. Halliday, J. (2017, January 24). Anonymous Hackers Jailed for Cyber Attacks. The Guardian. Retrieved from http://www.guardian.co.uk/technology/2013/ jan/24/anonymous-hackers-jailed-cyber-attacks.

84

V. Karagiannopoulos

Haynes, O. (2018). Anonymous for the Voiceless. The Ecologist. Retrieved from https://theecologist.org/2018/dec/13/anonymous-voiceless. Hebdige, D. (2002). Subculture: The Meaning of Style. Taylor & Francis. HLN. (2019). Makers sms-bom riskeren tot 2 jaar cel . Retrieved from https:// www.hln.be/nieuws/binnenland/makers-sms-bom-riskeren-tot-2-jaar-cel ~ae829fe1/. Jordan, T., & Taylor, P. A. (2004). Hacktivism and Cyberwars: Rebels with a Cause? London: Routledge. Karagiannopoulos, V. (2018). Living with Hacktivism [electronic resource]: From Conflict to Symbiosis. Palgrave Macmillan. Klang, M. (2003). A Critical Look at the Regulation of Computer Viruses. International Journal of Law and Information Technology, 11, 162. Kravets, D. (2010, January 26). Guilty Plea in ‘Anonymous’ DDoS Scientology Attack. ThreatLevel. http://www.wired.com/threatlevel/2010/01/guilty-pleain-scientology-ddos-attack/. Lachmann, R., Eshelman, R., & Davis, M. (1998). Bakhtin and Carnival: Culture as Counter-Culture. Cultural Critique, 11, 115–152. https://doi. org/10.2307/1354246. Leyden, J. (2011, June 10). Spanish Poice Cuff Three Anonymous Hack Suspects. The Register. Retrieved from http://www.theregister.co.uk/2011/ 06/10/spain_anonymous_arrests/. Mansfield-Devine, S. (2011). Anonymous: Serious Threat or Mere Annoyance? Network Security, 2011(1). Mayersen, I. (2019). Anonymous Took the Hacktivism Community with Them When They Died. Techspot.com. Retrieved from https://www.tec hspot.com/news/80138-anonymous-took-hacktivism-community-themwhen-they-died.html. McLuhan, M., Fiore, Q., & Agel, J. (1967). The Medium is the Massage. New York: Bantam Books. Mintz, H. (2011, September 1). ‘Anonymous’ Defendants Appear in San Jose Federal Court in Paypal Cyberattack Case. Mercury News. http://sip-tru nking.tmcnet.com/news/2011/09/01/5747845.htm. Newman, L. (2019). Hacktivists Are on the Rise—But Less Effective Than Ever. Wired.com. Retrieved from https://www.wired.com/story/hacktivismsudan-ddos-protest/?verso=true. Raley, R. (2009). Tactical Media. Minneapolis: University of Minnesota Press. Rawlinson, K. (2011). Inside Anonymous: The “Hacktivists” in Their Own Words. Independent. Retrieved from http://www.independent.co.uk/life-

A Short History of Hacktivism …

85

style/gadgets-and-tech/news/inside-anonymous-the-quothacktivistsquot-intheir-own-words-2294935.html. Reclamations Blog. (2011, November 24). Interview with Ricardo Dominguez. Reclamations Blog. Retrieved from http://www.reclamationsjournal.org/ blog/?ha_exhibit=interview-with-ricardo-dominguez. Reddit. (2019). I Just Hacked 40K Printers for #DebtStrikeForClimate, r/ExtinctionRebellion. Retrieved from https://www.reddit.com/r/Extinctio nRebellion/comments/bpyjdy/i_just_hacked_40k_printers_for/. Ribeiro, J. (2013, December 2). Winsconsin Man Sentenced for Participating in Anonymous DDOS. PCWorld . http://www.pcworld.com/article/206 8600/wisconsin-man-sentenced-for-participating-in-anonymous-ddos.html. Samuel, A. (2004). Hacktivism and the Future of Political Participation (DPhil Thesis). Harvard University. Sankin, A. (2011, August 17). ‘Anonymous’ BART Police Attack: Hackers Expose Cops’ Personal Information. Huffington Post. Retrieved from http://www.huffingtonpost.com/2011/08/17/anonymous-bart-policeattack-personal-information_n_929627.html. Simon, B. (2003). Illegal Knowledge: Strategies for New Media Activism: Dialogue with Ricardo Dominguez and Geert Lovink. In B. Marc & W. Katharine (Eds.), The Politics of Information: The Electronic Mediation of Social Change. Stanford, CA: Altx Press. Singel, R. (2010, December 9). Dutch Arrest Teen for Pro-Wikileaks Attack on Visa and Mastercard Websites. Threat Level. Retrieved from http://www.wired.com/threatlevel/2010/12/wikileaks_anonymous_arr ests/#seealsoaff033736dd3e21e1f35daab3a12f8f9. Terban, S. (2011, March 10). Anonymous and Their Alleged Propagandist Barrett Brown. Infosec Island. Retrieved from https://www.infosecisland. com/blogview/12441-Anonymous-and-Their-Alleged-Propagandist-BarrettBrown.html. The Electrohippies Collective. (2000). Cyberlaw UK: Civil Rights and Protest on the Internet. iwar.org. Retrieved from http://www.iwar.org.uk/hackers/ resources/electrohippies-collective/comm-2000-12.pdf. The Guardian. (2019). Tube Protest Was a Mistake, Admit Leading Extinction Rebellion Members. Retrieved from https://www.theguardian.com/env ironment/2019/oct/20/extinction-rebellion-tube-protest-was-a-mistake. Tobby, S. (2017). Critical Infrastructure and the Internet of Things, Global Commission on Internet Governance. Chatham House. Retrieved from https://www.cigionline.org/sites/default/files/documents/GCIG%20no.46_ 0.pdf.

86

V. Karagiannopoulos

Tremlett, G. and Agencies in Istanbul. (2011, June 13). Turkish Arrests Intensify Global War Between Hacker Activists and Police. The Guardian. http://www.guardian.co.uk/technology/2011/jun/13/turkisharrests-global-war-hackers-police. Vegh, S. (2003). Classifying Forms of Online Activism: The Case of Cyberprotests Against the World Bank. In M. McCaughey & M. D. Ayers (Eds.), Cyberactivism: Online Activism in Theory and Practice. London: Routledge. Warner, G. (2010, December 13). Internet Anarchy: Anonymous Crowds Flex Their Muscles. CyberCrime and Doing Time Blog. Retrieved from http://garwarner.blogspot.com/2010/12/internet-anarchy-anonymouscrowds-flex.html. Watkins, M., Bradshaw, T., & Menn, J. (2011, January 21). Global Police Moves Against ‘Hacktivists’. The Financial Times. Retrieved from http:// www.ft.com/cms/s/0/db6f5ab0-2a34-11e0-b906-00144feab49a.html#axz z1YaNDtzCj. Webster, F. (2006). Theories of the Information Society (3rd ed.). London: Routledge. Wikipedia. (n.d.). Timeline of Events Associated with Anonymous. Retrieved from: https://en.wikipedia.org/wiki/Timeline_of_events_associated_with_ Anonymous. Woods, H. S. (2013). The Rhetorical Construction of Hacktivism: Analyzing the Anonymous Care Package (Doctoral dissertation). Retrieved from https://bay lor-ir.tdl.org/handle/2104/8748. Assuming Identities Online: How linguistics is helping the policing of online grooming and the distribution of abusive images.

Assuming Identities Online: How Linguistics Is Helping the Policing of Online Grooming and the Distribution of Abusive Images Nicci MacLeod and Tim Grant

1

Introduction

There is no doubt that child abuse is one area of criminal activity that has been made easier and less risky by technological advances. The sexual grooming of children, i.e. the preparation of children for sexual activity (Chiang and Grant 2017), is a widespread issue, and one that has escalated in line with the advancement of the World Wide Web. Increased access to large numbers of like-minded individuals and potential victims at the click of a button has led to figures suggesting that 60% of children in the UK have been sexually solicited online (Internet Watch Foundation 2013). Compounding these statistics, the anonymity afforded by the Internet means decreased levels of perceived risk involved in such activities. The rise of the Dark Web, a heavily encrypted and thus N. MacLeod (B) Northumbria University, Newcastle upon Tyne, England, UK e-mail: [email protected] T. Grant Aston University, Birmingham, England, UK © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_5

87

88

N. MacLeod and T. Grant

anonymous means of accessing online content, has rendered traditional methods of offender identification, such as tracking geolocation and IP addresses, wholly ineffectual. Thus, online policing of child abuse has been described as being in crisis, with undercover operatives in dire need of alternative methods for pursuing the identification and prosecution of offenders. Our involvement with the UK-wide ‘Pilgrim’ training programme for undercover online officers (UCOs) arose from the 2007 policing operation against members of a worldwide nexus of child sex abusers. Following the arrest of the ringleader Timothy Cox, Operation Chandler involved the assumption of his identity by UCOs who then interacted with his network in order to identify offenders, secure arrests and rescue victims. As well as assuming a particular offender’s identity, UCOs are often required to pose online as victims or potential victims in order to effect arrests of dangerous child abusers. Consider this scenario: a child has been identified by a parent or guardian as being at risk from an online would-be sex offender. The child and the perpetrator have been engaging in sexualised conversation over Instant Messaging (IM) for some time, and the child believes she is in a relationship with the adult man with whom she has been chatting. The parent alerts the police, and the child is removed to a place of safety. Clearly the police wish to identify the perpetrator and secure an arrest, but for obvious reasons the child cannot be placed back in the dangerous situation, even if she was willing to be. Instead, an officer must operate undercover online, posing as the child, synthesising her identity, to arrange a meeting where the police can close in and make their arrest. The task is cognitively demanding and fraught with ethical challenges. It is time sensitive, in that any delay in appearing online may alert the offender to police involvement—so time for preparation is limited. Furthermore, UCOs may be required to take over each other’s operations due to shift patterns, sickness or leave. Similarly, a UCO may be required to engage in multiple operations simultaneously. The wary perpetrator, already likely to be on high alert to the possibility of being apprehended, must not have their suspicions aroused that the person they are talking to

Assuming Identities Online: How Linguistics Is Helping …

89

is no longer the child that they have been grooming for sex for a number of months. During the conversations UCOs must avoid operating as agents provocateur. That is to say, they must anticipate and deflect any subsequent accusations of having incited illegal behaviour from their targets during the course of their communications (see Martellozzo 2012). The Police and Criminal Evidence Act (PACE) 1984 further constrains the UCOs, as officers must also avoid conducting an illegal interview, and The Regulation of Investigatory Powers Act (RIPA) (2000) s. 26–29 requires that all their undercover actions be legally authorised and warranted. (+75)

2

Forensic Linguistics

Forensic linguistics refers to the contributions of linguistic analysis to the delivery of justice. There are a number of questions for scholars to address at this interface between language and the law, and the field is generally viewed as comprising three main streams of work. First, there is a concern with the peculiarities of the written language of the law and issues around the comprehensibility of these texts for lay readers. Texts of interest to forensic linguists working in this area have included police cautions (e.g. Rock 2012), jury instructions (e.g. Dumas 2012), contracts, statutes and wills (e.g. Tiersma 2001). Such work has sometimes resulted in the redrafting of legal texts such that they can be more easily understood by those for whom justice relies upon them being able to understand them. The second body of work within forensic linguistics focusses on interactions in the legal system, such as investigative interviews (e.g. Heydon 2005) and courtroom examination (e.g. Ehrlich 2001). Scholars have taken interest in how a bilingual context affects the dynamics of these interactions (e.g. Berk-Seligson 2002) and in the experiences of lay participants whose linguistic and/or cultural background differs to that of the legal system in which they find themselves (e.g. Eades 2002). The role of the interpreter in legal interactions has proved a further focal point for research in this area (e.g. Hale 2004), as has the linguistic experiences of particular categories of vulnerable witnesses

90

N. MacLeod and T. Grant

within the judicial system, such as children or those with communicative disabilities (e.g. Aldridge 2010), or victims of sexual crimes (e.g. MacLeod 2016). The application of work in these areas has included the publication of handbooks for legal practitioners to assist in communicating with clients of particular backgrounds (e.g. Eades 1992) and the delivery of research-based training packages to institutional agents such as police interviewers (MacLeod and Haworth 2016), representing a direct and mutually beneficial engagement between professionals and researchers, and undeniable societal impact. Lastly, and of most relevance for the current discussion, there is the provision of investigative assistance and/or evidence based on linguistic analysis. Linguists are consulted by both sides in civil and criminal matters on an increasing scale, and are often called upon to present their findings in court. The work undertaken by forensic linguists in this vein is diverse, ranging from commenting on linguistic aspects of trademarks (e.g. Butters 2008) through to providing opinion on a suspect’s linguistic competence and ability to participate in an interview (e.g. Pavlenko 2008), to ascertaining meaning in forensic contexts (e.g. Grant 2017). In the UK context the most common question linguists are called upon to answer is ‘do these texts share an author?’, or ‘who is the most likely author of this disputed text from this candidate pool of suspects?’ (‘comparative authorship analysis’—see Grant 2010). At the early stages of an investigation, police may wish to employ the services of a forensic linguist to comment on the social background of the author of an anonymous text, in order to narrow down the pool of suspects or provide intelligence for media appeals (‘sociolinguistic profiling’). As the discipline has increased in visibility, more attention has been paid to refining the methods forensic linguists use to address their questions (e.g. Nini 2015; Wright 2013, 2017). The point of departure for sociolinguistic profiling and comparative authorship analysis as described above is an understanding of the causes of consistency and variation in language production. This understanding also underpins the new forensic linguistic task of authorship synthesis, a task that UCOs must engage in the types of operation described in the introduction to this chapter. The authors have become

Assuming Identities Online: How Linguistics Is Helping …

91

involved in assisting investigators with this kind of identity assumption (see MacLeod and Grant 2017; Grant and MacLeod forthcoming), providing a clear evidence base for covert policing methods. Part of the Pilgrim course involves a simulated operation, in which trainee UCOs prepare and perform the identity of a specific child victim from a resolved historic case, and engage in conversation via IM with the ‘offender’, played by one of their trainers in another part of the building. Trainees are instructed to arrange a meeting with their target, and to elicit particular details ‘on record’ such that the criteria of ‘arranging or facilitating the commission of a child sex offence’ as set out in the Sexual Offences Act 2003s. 14 are satisfied. As well as attempting to produce convincing linguistic identities, the trainees must also collate and remember a clear picture of the child’s life based on the content of the historic chat logs, such as hobbies, school and family life. The authors’ role in this exercise is to (a) provide a half day of linguistic training input prior to the simulation and (b) evaluate the trainees’ performance from a linguistic perspective once the simulation is complete. We report later in the chapter on the effectiveness of our input for trainees’ identity assumption.

3

Language and Identity Online

There are a number of linguistic components of an individual’s identity that need to be emulated if a UCO is to successfully assume their identity online. Among the phenomena focussed on in the computer mediated discourse analysis (CMDA) literature are features at the structural level, such as spelling and punctuation rules, and an individual’s use of abbreviations, initialisms, emoticons, and so forth. Individuals may also vary pragmatically, in that they differ in terms of their preferences for particular speech acts, levels of indirectness, and so forth (note that this is also subject to contextual variation). Individuals have also been shown to vary in terms of their interactional patterns, such as average turn length, propensity for breaking turns over more than one transmission, and introduction and response to particular topics. These considerations are

92

N. MacLeod and T. Grant

Table 1 Domains of CMDA adapted from (Herring 2004: 18) Phenomena

Issues

Methods

Structure

typography, orthography, morphology, syntax, discourse schemata

Structural/Descriptive linguistics, Text analysis

Meaning

Meaning of words, utterances (speech acts), macrosegments

Interaction

Turns, sequences, exchanges, threads

Genre characteristics, orality, efficiency, expressivity, complexity What the speaker intends, what is accomplished through language Interactivity, timing, coherence, interaction as co-constructed, topic development

Semantics, Pragmatics

Conversation analysis, Ethnomethodology

best demonstrated in the following table, adapted from Herring (2004: 18) (Table 1).

4

Training Identity Synthesis

The linguistic input in Pilgrim comprises a three to four-hour session covering aspects of vocabulary, orthography, pragmatics and topic development, and the relevance of these key concepts for the practicalities of adopting an alternative persona online. Trainees are then introduced to a pro-forma developed to assist them in analysing and describing a linguistic persona. They have two hours to prepare for the roleplaying activity described above. The historical chat log is some thirty pages long and comprises several chats between the victim and the offender. As well as noting down the target persona’s tendencies regarding spelling and vocabulary (based on MacLeod and Grant’s (2012) taxonomy), Pilgrim participants are provided with space to record their observations on their pragmatic, discursive and interactional behaviour.

Assuming Identities Online: How Linguistics Is Helping …

93

Having been introduced to speech act theory (Austin 1962; Searle 1969) and the illocutionary nature of language, trainees are encouraged to record details of this aspect of the target user’s language throughout the chat log. Gumperz’s (1982) approach to tracing topic development within a conversation is also introduced, and trainees are asked to categorise turns as either introducing a topic, as maintaining a topic or as rejecting a topic, based on an analysis of their cohesive ties with the preceding discourse. In order to evaluate our input in this regard, we compared the performance of trainees before receiving any linguistics training with their performance afterwards. In the ‘Before’ set there are five chats with a single trainee author and one with two trainee authors, with the point at which one takes over from the other clearly marked in the text. In the ‘After’ set there are six conversations, all of which are produced by two trainee authors with the point at which one takes over from the other clearly marked in the text (the instruction to swap over is explicitly provided by the instructor around half way through the conversation). The length of the conversations ranges from three to nine sides of A4, spanning around an hour and a half for each conversation. For reasons of space we shall limit our discussion here to the trainees’ performance in relation to two structural features and their overall performance in relation to topic control. As Fig. 1 shows, the victim’s preference is for the standard no, although she phonetically stylises the item in around a third of instances, her favoured stylisation being nahh. Prior to the authors’ input, the group of trainees makes use of no fewer than seven variant spellings. The most frequent variant matches that of the victim (no), but this does Victim Before training After training 0% na

10% naah

20% nah

30% nahh

40% no

noo

50% nooo

60%

70%

noooo

80%

nooooo

Fig. 1 Variants of ‘no’ in Pilgrim (Source Author’s creation)

90% nope

100%

94

N. MacLeod and T. Grant

not account for as large a proportion of occurrences as it does in the victim’s historical data. Furthermore, the second most frequent variants in the ‘before’ set—nooo and nah—do not appear in the victim’s chat at all. Lastly, there are no occurrences of nahh or nope in the ‘before’ set, which together account for over a quarter of the victim’s occurrences of the variable. The trainees’ proportional use of the standard no increases after training, bringing the number closer to that evident in the victim’s chat. However, the second most frequent variant here is nooo, which, as mentioned earlier, does not occur at all in the victim’s historical transcript. The broad effect of training on these variable spellings, then, appears to be that while trainees’ awareness of the use of standard forms becomes raised, they nevertheless continue to struggle with choosing appropriate rarer forms. The same is not true for another variable spelling that appears numerous times across the data, that of ‘what’. Of sixteen occurrences of the item in the victim’s chat history, she invariably spells it wht (Fig. 2). Evidently the training input has made improvements to trainees’ performance when it comes to this variable feature—as well as losing completely the variant wot —previously the most frequent variant and yet nowhere to be found in the victim’s chat, they increase their use of the variant wht —most frequent in the victim’s chat—from 12 to 43%. It is nevertheless disappointing to note that the standard variant what,

Victim

Before training

After training

0%

20%

40% wat

60% what

wht

80% wot

Fig. 2 Variants of ‘what’ in Pilgrim (Source Author’s creation)

100%

Assuming Identities Online: How Linguistics Is Helping …

95

though never present in the victim’s chat, accounts for the majority of occurrences in the trainees’ chats post-training. The post-training set of interactions showed a reduction in structural level identity performance errors, and none were commented on by the instructors in their evaluations in the post-training condition. There was a notable reduction in linguistically focussed challenges in the posttraining condition, and remaining challenges focused either on factual inconsistencies or behavioural differences observed by the instructors. The table below shows the topic management patterns across all the trainees both before and after training. A willingness to engage in conversation about sexual topics may seem counter-intuitive and dangerous to an investigator impersonating a person under the age of consent, but can be a fundamental component of impersonation. Examination of patterns of topic management in the trainee chat logs prior to linguistic input demonstrates significant differences as compared to the victim. In the historic chat log the child introduces sexual topics and sexual activity on several occasions. In all but one case the trainee UCO failed to do this. For some trainees, not only did they not initiate sexualised conversation, but they declined it when it was instigated by the ‘offender’. This natural reluctance to engage in online sexual activity while performing as a 14-year-old girl needs overcoming in these tasks, yet some trainees find this difficult to achieve. An explicit learning objective of the simulation exercise is to facilitate officers doing this more easily while staying within their authorisation, and avoiding going further than activity and discussions, evident in the historic chat. A further feature of the pre-training chat is the nature and quantity of initiated topics which are of operational interest to the UCOs. These types of operation are extremely demanding, and UCOs need to focus on a number of tasks simultaneously. They must try to obtain information about the offender which might identify them; they must be explicit about the child’s age; and they must establish intention to engage in sexual activity in order to ensure that the act falls within the terms of the Sexual Offences Act 2003s. 14. Furthermore, they are instructed to try and arrange a location to meet away from other children who might be endangered by a sexual predator, and attempt to get a description of

96

N. MacLeod and T. Grant

the offender so that they can be easily recognised at the meeting place. All these tasks may create points of inconsistency with the child’s previous conversations, and it is part of the skills that the officers develop to work these new topics naturally into the conversations while simultaneously maintaining a linguistic identity consistent with the child’s. After training the officers showed consistent improvement in this area and particularly appreciated how the language analysis can protect against accusations of acting as an agent provocateur. As can be seen in Table 2 the points of inconsistency typically involved introduction of the operational issues as discussed above. In both pre- and post-training chats an additional operational issue was that the trainees did not respond to attempts by the ‘offender’ to start a webcam conversation, activity in which for obvious reasons they could not engage during a genuine operation. The aims of the trial reported on here were to evaluate the usefulness of the linguistic model for adopting a persona and to determine when and on what basis instructors, playing the role of the offender, would detect or become suspicious of identity assumption by the trainee operative. By taking a principled linguistic approach to authorship synthesis training we can hope to ensure that different aspects of identity performance can be analysed and then emulated, thus complementing the skills of UCOs to enable them to provide more convincing and less detectable identity assumption in their investigation of a broad range of crimes, including the online sexual abuse, exploitation and grooming of children.

5

Experiments

The data described in the previous section are ideally suited to testing the effectiveness of our linguistic training for the task of identity assumption. However, we had further questions about the relationship between language and identity that these data could not answer for a number of reasons. The texts themselves are relatively short, and furthermore, while we were able to carry out a straightforward comparison of the before and after sets, the data did not allow for a systematic examination of the effects of preparation on identity synthesis. Nor did they allow for a

Sexual contact with offender Own sexual arousal and use of objects Own appearance on cam Offender’s motive for blackmail Offender’s location, health, appearance Sexual activity (one occurrence) Meeting including location, time and travel arrangements Offender’s phone number and location Offender’s experience of 14-year-olds Offender’s clothing, description, name Offender’s arousal Being nervous

Victim

Before training

Topics initiated

Interlocutor

Table 2 Topic management in Pilgrim

Cameras Victim’s own clothing Some sexual talk

Video conversation—clothing and sexually explicit content Offender’s ‘hacking’ Sister Offender’s instructions for sexual behaviour on camera

Topics developed

(continued)

Sexual activity Victim’s arousal Victim’s masturbation, oral sex anal sex Putting webcam on

Teasing (sister in room) Sexual activity involving sister

Topics declined

Assuming Identities Online: How Linguistics Is Helping …

97

After training

(Source Author’s creation)

Topics initiated

Sexual activity (much more apparent across all trainee UCOs) Offender’s arousal Present from offender Victim’s mother as reason for not answering phone Travel arrangements Offender’s clothing School uniform Victim’s virginity School in morning Being nervous Offender’s phone number

Interlocutor

Table 2 (continued) Travel and plans for the evening Proposed sexual activity Location of meeting Victim’s location

Topics developed Sharing webcam Possible phone call

Topics declined

98 N. MacLeod and T. Grant

Assuming Identities Online: How Linguistics Is Helping …

99

deeper engagement with the question of what arouses suspicion among naïve interlocutors that their conversational partner has been substituted. Lastly, despite their ‘inauthentic’ status, the content of the chats was nevertheless highly sensitive, and consistent with practitioners endeavouring to create as ‘true to life’ a scenario as possible. While the often graphic details of sexual abuse may be familiar and comfortable territory for UCOs, this is not necessarily true for the conference attendees and journal readers to whom we wished to ultimately disseminate our research findings, and to whom we believe ourselves to owe a duty of care. It is for all these reasons that a series of experiments was designed to address the question of what linguistic analysis is necessary and sufficient to describe an online linguistic persona to the extent it could be successfully assumed by another individual. Participants took part in three 15-minute online conversations using the now defunct chat client Yahoo! Messenger. In the online conversations, participants acted in one of three roles, before switching roles and repeating the process two more times per session. The three roles were as follows: ‘Judge’ : Judges were seated alone at a PC and asked to engage in online chat with their allocated interlocutor over IM. They were provided with a list of topics in the event that conversation ran dry, but were told not to feel limited by this. Judges were told in advance that at some point during the chat their interlocutor was going to be replaced by an impersonator. Judges were then asked to complete a form indicating where they believed the switch occurred, how confident they were in this and the criteria on which they based their decision. ‘Interlocutor’ : Interlocutors were seated with their allocated impersonator, out of sight of their judge, and asked to engage with their judge over IM. They were not asked to play any role but simply to engage in conversation. They were instructed that at some point during the chat they should hand over control of the keyboard to the impersonator with whom they had been paired. At this point, they were asked to complete a form with information about when the switch took place, to enable us to ascertain judges’ accuracy. Impersonator: The impersonator’s job was to take over from their allocated interlocutor at some point during the online chat. Depending on

100

N. MacLeod and T. Grant

the condition, impersonators had either (i) no knowledge of the interlocutor’s online style (‘No Preparation’ condition); (ii) some knowledge based on watching them type (‘Over the Shoulder’ condition) or (iii) extensive knowledge based on taking away and scrutinising their historical chats (‘Homework’ condition). Impersonators were instructed to try to provide as convincing an impression of their interlocutor as they could in the circumstances, and were told that those who succeeded in fooling their judges would be entered into a prize draw.

The experiments generated a number of data sets, including the chat logs themselves which could be analysed for effective impersonation, and judges’ comments about what had aroused their suspicion that a switch had taken place. One phenomenon to emerge from analysis of the former was what we have termed linguistic ‘leakage’. This is demonstrated in Fig. 3 below. Clearly Participant 10 is, on the whole, a turn initial capitaliser, while Participant 11 tends not to capitalise at the start of turns. When 11 attempts their impersonation of 10, it does appear that they have picked 1%

47% 72% 99%

53% 28%

PARTICIPANT 11

PARTICIPANT 10 Turn initial caps

11 IMPERSONATING 10

No turn initial caps

Fig. 3 Turn initial capitalisation, participants 10 and 11 (Source Author’s creation)

Assuming Identities Online: How Linguistics Is Helping …

101

up on this difference, and have attempted to introduce more capitalisation into their style—moving from just 28% up to 53%. However, they have failed to completely suppress their habit of non-capitalisation—a feature which is incredibly rare in 10’s style, accounting for only 1% of turns overall. We thus see a ‘hybrid’ identity emerge, which has incorporated some features of the target identity but retains some residue of the ‘home’ identity. One practical outcome of these observations has been a recommendation to trainees to study their own linguistic style in preparation for identity assumption tasks, so that they are cognisant of what they must repress, as well as what they must emulate. Moving on to the comments provided by judges’ about the features that alerted them to potential impersonation, it is interesting to note that comments at the structural level—i.e. those relating to spelling, punctuation, vocabulary and so on—account for the vast majority of these observations. We see comments such as ‘there was a decrease in capitalisation’ and ‘a doubling of letters for stylisation’ and so on. This provides strong justification for the training model we currently offer, where the structural elements of language are placed front and centre. However, it is important to note that a good deal of comments relate to the interactional level—judges note changes such as ‘the sentences were longer’ and make comments about the types of topic that their interlocutors talked about. Thus, effective impersonation extends beyond an accurate performance of low-level features. This provides a rationale for ensuring trainees analyse every level of the linguistic persona before attempting to assume it online.

6

Conclusion

With the continuing advance of technology and increased opportunities for anonymous communication online, it is clear to see that the future will present an expanded requirement for forensic linguists to assist with online policing tasks—not just identity assumption but also, for example the infiltration of online criminal communities. By ensuring that such assistance is underpinned by empirical testing and robust theory, we can

102

N. MacLeod and T. Grant

safeguard the overriding rationale of forensic linguistic work—the use of linguistic analysis to assist in the delivery of justice.

References Aldridge, M. (2010). Vulnerable Witnesses in the Criminal Justice System. In M. Coulthard & A. Johnson (Eds.), The Routledge Handbook of Forensic Linguistics (pp. 296–314). Abingdon: Routledge. Austin, J. L. (1962). How to do Things with Words. Oxford: Clarendon. Berk-Seligson, S. (2002). The Bilingual Courtroom: Court Interpreters in the Judicial Process. Chicago: University of Chicago Press. Butters, R. (2008). A Linguistic Look at Trademark Dilution. Santa Clara High Technology Journal, 24, 3. Chiang, E., & Grant, T. (2017). Online Grooming: Moves and Strategies. Language and Law/Linguagem E Direito, 4 (1), 103–141. Dumas, B. (2012). Language of Jury Instructions. In C. Chappelle (Ed.), The Encyclopedia of Applied Linguistics. Chichester: Wiley. Eades, D. (1992). Aboriginal English and the Law: Communicating with Aboriginal English Speaking Clients: A Handbook for Legal Practitioners. Brisbane: Queensland Law Society. Eades, D. (2002). Evidence Given in Unequivocal Terms: Gaining Consent of Aboriginal Young People in Court. In J. Cotterill (Ed.), Language in the Legal Process (pp. 161–196). London: Palgrave. Ehrlich, S. (2001). Representing Rape: Language and Sexual Consent. London: Routledge. Grant, T. (2010). Text Messaging Forensics: Txt 4n6: Idiolect Free Authorship Analysis? In M. Coulthard & A. Johnson (Eds.), The Routledge Handbook of Forensic Linguistics (pp. 508–522). Abingdon: Routledge. Grant, T. (2017). Duppying Yoots in a Dog Eat Dog World, Kmt’: Determining the Senses of Slang Terms for the Courts. Semiotica, 2017 (216), 479–495. Gumperz, J. (1982). Discourse Strategies. Cambridge: Cambridge University Press. Hale, S. (2004). The Discourse of Court Interpreting. Amsterdam: John Benjamins.

Assuming Identities Online: How Linguistics Is Helping …

103

Herring, S. (2004). Computer-Mediated Discourse Analysis: An Approach to Researching Online Behavior. In S. A. Barab, R. Kling, & J. H. Gray (Eds.), Designing for Virtual Communities in the Service of Learning (pp. 338–376). New York: Cambridge University Press. Heydon, G. (2005). The Language of Police Interviewing: A Critical Analysis. Basingstoke: Palgrave. Internet Watch Foundation. 2013. Annual Report. https://www.iwf.org.uk/rep ort/2013-annual-report. MacLeod, N. (2016). “I Thought I’d be Safe There”: Pre-Empting Blame in the Talk of Women Reporting Rape. Journal of Pragmatics, 96, 96–109. Grant. T., & MacLeod, N. (Forthcoming). Language and Online Identities: The Undercover Policing of Internet Sexual Crime. Cambridge: Cambridge University Press. MacLeod, N., & Grant, T. 2012. Whose Tweet?: Authorship Analysis of Micro-Blogs and Other Short form Messages. Electronic Proceedings of the International Association of Forensic Linguists’ 10th Biennial Conference, Aston University, Birmingham, UK, July 2011. www.linguisticaforense.ufsc.br/ tiki-index.php?page=IAFL+2011. MacLeod, N., & Grant, T. (2017). ‘Go on Cam But Don’t be Dirty’: Linguistic Levels of Identity Assumption in Undercover Online Operations Against Child Sex Abusers. Language and Law/Linguagem E Direito, 4 (2), 157–175. MacLeod, N., & Haworth, K. 2016. Developing a linguistically Informed Approach to Police Interviewing. In R. Lawson & D. Sayers (Eds.), Sociolinguistic Research: Application and Impact. Abingdon: Routledge. Martellozzo, E. 2012. Online Child Sexual Abuse: Grooming, Policing and Child Protection in a Multi-Media World . London: Routledge. Nini, A. 2015. Authorship Profiling in a Forensic Context. PhD dissertation. Aston University, Birmingham, UK. Pavlenko, A. (2008). Non-Native Speakers of English and the Miranda Warnings. TESOL Quarterly, 42(1), 1–30. Rock, F. (2012). The Caution in England and Wales. In L. Solan & P. Tiersma (Eds.), The Oxford Handbook of Language and Law (pp. 312–325). Oxford: Oxford Press. Searle, J. (1969). Speech Acts: An Essay in the Philosophy of Language. Cambridge: Cambridge University Press. Tiersma, P. (2001). Textualising the Law. International Journal of Speech, Language and the Law, 8(2), 73–92.

104

N. MacLeod and T. Grant

Wright, D. (2013). Stylistic Variation Within Genre Conventions in the Enron Email Corpus: Developing a Text-Sensitive METHODOLOGY for Authorship Research. International Journal of Speech, Language and the Law, 20 (1), 45–75. Wright, D. (2017). Using Word N-Grams to Identify Authors and Idiolects: A Corpus Approach to a Forensic Linguistic Problem. International Journal of Corpus Linguistics, 22(2), 212–241.

The Need to Think Beyond Objective Territoriality to Better Protect the Rights of the Suspect of a Cybercrime Jean-Baptiste Maillart

1

Introduction

Despite the decentralized, borderless and pervasive nature of cyberspace, the exercise of jurisdiction over cybercrimes remains largely based on the principle of territoriality.1 This is explained mostly by the existence of very strong ties between the notions of state sovereignty and territoriality, the latter being the necessary corollary of the former in the Westphalian legal order. The predominance of territorial jurisdiction in the context of cybercrime is notably highlighted in all the national 1 In

this regard, see e.g. Foggetti, N., Transnational Cyber Crime, Differences Between National Laws and Development of European Legislation: By Repression?, in Masaryk University Journal of Law and Technology 2008/2, p. 35; Hayashi, M., The Information Revolution and the Rules of Jurisdiction in Public International Law, in The Resurgence of the State: Trends and Processes in Cyberspace Governance [Dunn, M./Krishna-Hensel, S. F./Mauer, V., eds], Aldershot/Burlington (Ashgate) 2007, p. 80.

J.-B. Maillart (B) AML/CTF & Cybercrime Independent Researcher, Geneva, Switzerland e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_6

105

106

J.-B. Maillart

reports submitted in the framework of Section IV’s preparatory colloquium (Helsinki 2013) to the Association internationale de droit pénal ’s XIXth International Congress of Penal Law (Rio de Janeiro, 2014).2 In its general report drawn up on the basis of these reports, Klip thus unsurprisingly emphasizes that “the most important principle of jurisdiction with regard to cybercrime is the principle of territoriality.”3 This observation is also found in one of the resolutions adopted by participants in Congress.4 In order to highlight the preponderance of territorial jurisdiction over cybercrimes, one could also mention the fact that all the international and regional instruments that aim at enhancing the fight against cybercrime rely on territoriality as the primary basis for exercising jurisdiction.5 The objective of this paper is, however, to point out the limits of objective territorial jurisdiction, one of the two main forms of territoriality, and thereby call into question the territorial imperium in the digital age. More specifically, this paper aims at demonstrating that, although territoriality constitutes one of the keystones of the international legal order, the adequacy of its objective expression with regard to Internet-based offences is questionable as its exercise may easily lead to a violation of the accused’s rights. Objective territorial jurisdiction, which can be claimed by any state on the territory of which the result of an offence occurred, can indeed be claimed by so many States when an offence qualify as cybercrime that its exercise may seriously undermine the principle of legal foreseeability as well as the ne bis in idem rule. One therefore needs 2 Reports

available at: http://www.penal.org/en/reaidp-2014-e-riapl-2014. A, Section IV––International criminal law. Information society and penal law. General report, in RIDP 2014/1, p. 391. 4 Section IV––International criminal law. Information society and penal law, in RIDP 2014/2013, p. 640. 5 See e.g. Convention on Cybercrime, Budapest, 23.11.2001, ETS No. 185, art. 22(1)(a); Additional Protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems, Strasbourg, 28.1.2003, ETS No. 189, art. 4(1); Arab Convention on Combating Information Technology Offence, Cairo, 21.12.2001, art. 30(1)(a); Directive 2011/92/EU of the European Parliament and of the Council of 13 December 2001 on combating the sexual abuse and sexual exploitation of children and child pornography and replacing Council Framework Decision 2004/68/JHA [2011] OJ L 335, art. 17(1)(a); Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA [2014] OJ L 218, art. 12(1)(a). 3 Klip,

The Need to Think Beyond Objective Territoriality …

107

to think beyond objective territoriality to better protect the rights of the suspect of a cybercrime. Resorting to active personality may be a good option.

2

The Spillover Effect of Cybercrimes

An offense committed in cyberspace can of course involve only one State and only one victim. This would, for example, be the case of an individual who, being in Geneva, Switzerland, would unlawfully access a computer system located in Zurich, Switzerland, or that of a person who would be a victim of cyber harassment from a neighbour.6 Such local cybercrimes are, however, very rare.7 Most often, indeed, a cybercrime affects many individuals and its repercussions are felt in multiple territories simultaneously. The vast majority of offenses committed offline have a one-to-one character.8 In contrast, cybercrimes very often have a one-to-many character, cyberspace eradicating the need for offender-victim proximity. With a single click of mouse, a cybercriminal can send an email containing a malware to millions of persons, be they natural or legal persons. For instance, “[a] criminal operating out of, say, Nigeria, can use

6 In

this sense, see e.g. Brenner, S. W., Cybercrime Jurisdiction, in Crime Law and Social Change 2006, p. 193. 7 See contra Kaspersen, H. W. K., Cybercrime and Internet Jurisdiction, Council of Europe Discussion Paper, 2009, p. 15 (available at: https://rm.coe.int/16803042b7). 8 According to Brenner, this is explained by the physical constraints to which offline offenses are subjected: “[T]he one-to-one character of real-world crime derives from the constraints physical reality imposes upon human activity: A thief cannot pick more than one pocket at a time, a forger cannot forge more than one document at a time, and, prior to the rise of firearms, it was exceedingly difficult for one to cause the simultaneous deaths of more than one person” Brenner, S. W., Toward a Criminal Law for Cyberspace: Product Liability and Other Issues, in Pittsburgh Journal of Technology and Law 2004, p. 10. In the same vein, see Rosenzweig, P., Cyber Warfare: How Conflicts in Cyberspace Are Challenging America and Changing the World, Santa Barbara (Praeger) 2013, p. 86.

108

J.-B. Maillart

cyberspace to defraud thousands of victims around the world.”9 Furthermore, the fact that a great deal of information in cyberspace is publicly accessible makes it easy to make several victims at once. According to Brenner, “[c]yberspace… transforms ‘personal’ crime (one-to-one crime) into broadcast crime, i.e., crime in which a perpetrator more or less simultaneously targets multiple victims.”10 The “force multiplier”11 inherent to cyberspace is also reflected at the personal level. Victims of cyber-crimes are indeed rarely concentrated in the territory of a single state and are rather often spread across a very large number of states. “[C]ybercrimes frequently have a “spillover effect” and therefore they are not confined within a certain country’s sphere of jurisdiction,” highlights Seker in this regard.12 This is true not only regarding content-related cybercrimes but also regarding a large number of virus attacks, scams, and intellectual property crimes committed over the internet.13 For instance, the WannaCry ransomware recently infected more than 300,000 computer systems in more than 150 countries in less than 24 hours.14 Another example is that of the Trojan horse Zeus which was distributed between 2007 and 2012 in more than 13 million computers in 190 countries according to Microsoft.15

9 Brenner,

S. W., Cybercrime Jurisdiction, in Crime Law and Social Change 2006, p. 194. In the same vein, the European Commission noted in 2015 that “[c]ybercriminals can act from outside the Union to harm critical infrastructures and simultaneously target a large number of victims across Member States, with minimum effort and risk” (Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, The European Agenda on Security, Strasbourg, 28.4.2015, COM(2015) 185 final, p. 13). 10 Brenner, S. W., Cyberthreats and the Decline of the Nation-State, Abingdon/New York (Routledge) 2014, p. 64. 11 Yar, M., The Novelty of ‘Cybercrime’: An Assessment in Light of Routine Activity Theory, in European Journal of Criminology 2005, p. 411. 12 Seker, O. K., International Regulaton of National Cybercrime Jurisdiction, LL.M. Thesis, University of Tilburg, 2012, p. 22. 13 In this regard, see e.g. Explanatory Report of the Convention on Cybercrime, para. 239 (available at: https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent? documentId=09000016800cce5b). 14 McAfee, McAfee Labs Threats Report, September 2017, p. 2. 15 On this case, see e.g. the news article available at: http://www.france24.com/fr/20120326-mic rosoft-zeus-botnet-virus-trojan-cybercriminalite-volinternet-piratage-operation-b71.

The Need to Think Beyond Objective Territoriality …

3

109

The Limits of Objective Territoriality in the Cybercrime Context

From a legal point of view, the fact that a cybercrime most often involves a multitude of countries and victims means that a wide range of countries can potentially claim and exercise their objective territorial jurisdiction over it. As underlined by Podgor, “[t]he resulting damage can provide a limitless number of jurisdictions.”16 In this regard, one could even say that objective territoriality in fact result in universal jurisdiction.17 Overlapping territorial jurisdictions is, however, a problem in that it may seriously hamper the rights of the suspect. First, it may undermine the principle of legal foreseeability and thereby contradict one of the main rationales of territoriality according to which territorial jurisdiction is supposed to ensure due process. Second, it creates a real risk for the suspect to be prosecuted several times for the same facts. In the context of cybercrime, the result of the offence as territorial nexus triggering criminal jurisdiction therefore appears too broad in that it may easily jeopardize some of the most fundamental principles of criminal law.

3.1

The Inherent Lack of Legal Foreseeability

As rightly noted by the AIDP, objective territoriality “leaves individuals in doubt as to which states may claim jurisdiction.”18 Yet, foreseeability of criminal norms, also known by the Latin maxim nullum crimen nulla poena sine praevia lege, is recognized as a suspect’s right under public international law. This right, which derives in particular from Article 7 European Convention of Human Rights implies knowledge of the 16 Podgor,

E., Cybercrime: National, Transnational or International?, in Wayne Law Review 2004, p. 102. 17 In this regard, see e.g. Kohl, U., Jurisdiction in Cyberspace, in Research Handbook on International Law and Cyberspace [Tsagourias, N./Buchan, R., eds.], Cheltenham/Northampton (Edward Elgar) 2015, p. 48; Kulesza, J., International Internet Law, Oxon/New York (Routledge) 2012, p. 14; Wolswijk, H. D., Locus Deliciti and Criminal Jurisidiction, in Netherlands International Law Review 1999, p. 37. 18 Section IV––International criminal law. Information society and penal law, in RIDP 2014/3, p. 640.

110

J.-B. Maillart

law, i.e., physical and intellectual access to the content of legal rules. In other words, each defendant must be able to reasonably anticipate the legal consequences of his/her actions. As Ryngaert points out with regard to content-based cybercrimes, this is particularly problematic when the suspect did not intend to target Internet users in a particular State and/or his when his/her conduct is not deemed a criminal offense in the state from which he/she acted.19 In this regard, it should be pointed out that the principle of dual criminality could not be invoked since its respect is only imposed on States acting on the basis of the principle of personality (active or passive) and not also on States claiming territorial jurisdiction. In their report to the AIDP on the legal regime applicable in Turkey, Önok/Erman/Akyürek emphasize in particular this point: [A]ny person committing a conduct from abroad may be prosecuted by Turkish courts, if the result of that conduct occured in Turkey, and if the person is caught by Turkish authorities, without taking into account whether or not the same conduct is defined as a criminal offense in the country of origin….20

The lack of foreseeability which results from the exercise of objective territorial jurisdiction in the context of cybercrime is problematic not only from a substantive law point of view but also from a sanction point of view. As in all other areas of criminal law, States indeed apply very different types and levels of sanctions to cybercrimes. The UNODC study on cybercrime notes, for example, that regarding offenses of illegal access to data or computer systems, the maximum penalties in the 67 countries participating in the study range from a simple fine to more than three years in prison.21 The fact that states are parties to the Budapest Convention does not reduce sanctions-related discrepancies in any way since, like any international treaty addressing criminal matters, the Budapest Convention does not aim at harmonizing the level and 19 Ryngaert,

C., Jurisdiction in International Law, 2nd ed., Oxford (Oxford University Press) 2015, pp. 80–81. 20 Report available at: http://www.penal.org/sites/default/files/files/RH-15.pdf. 21 UNODC, Comprehensive Study on Cybercrime, 2013, p. 62 (available at: https://www. unodc.org/documents/organized-crime/cybercrime/CYBERCRIME_STUDY_210213.pdf).

The Need to Think Beyond Objective Territoriality …

111

types of criminal sanctions. Rather, it only requires States to ensure that cybercrimes “are punishable by effective, proportionate and dissuasive sanctions, including custodial sentences.”22

3.2

A Real Risk of Multiple Prosecutions

In addition to the lack of legal foreseeability, the fact that multiple States may, on the basis of the principle of objective territoriality, claim their criminal jurisdiction over the perpetrator of a cybercrime, entails for the latter a risk of being prosecuted several times for the same facts. Multiple prosecutions of an individual on the basis of the same facts are, however, detrimental to the rights and interests of this individual. Moreover, it can lead to duplication of activities, and defendants, victims, and witnesses may have to be summoned for hearings in several countries. One should also mention the additional psychological burden weighing on the individual concerned, the increase in costs, the complexity of his/her representation in court, and the obvious injustice resulting from a possible double conviction. Yet, public international law provides rules which aim at settling in advance positive conflicts of jurisdiction and determining the State best placed to prosecute the case. However, these rules do not allow to settle positive conflicts of jurisdiction that involve only territorial States. Likewise, the ne bis in idem principle which requires, according to a generally accepted definition, that a person cannot be criminally prosecuted several times for the same facts and which thus usually constitutes an important instrument to resolve positive conflicts of jurisdiction, does not seem to be able to halt the multiplication of prosecutions resulting from conflicts of objective territorial jurisdictions in the area of cybercrime.

22 Article

13.

112

J.-B. Maillart

3.2.1 The Lack of International Rule to Solve Positive Conflicts of Territorial Jurisdiction There is currently no customary rule establishing a hierarchy between heads of jurisdiction in criminal matters. In other words, “international law… does not provide for choosing among competing bases of jurisdiction to prescribe rules of conduct.”23 The “first come first served” principle therefore applies and the choice of jurisdiction is left to chance. Yet, there are a few de jure and de facto rules in public international law which allow to settle conflicts of jurisdiction in advance. Unfortunately, these rules are not sufficiently developed to effectively resolve conflicts occurring in the internal application of the principle of territoriality. First, all treaties dealing with criminal matters suggest that in the event of a positive conflict of jurisdiction, the States parties concerned launch consultations to determine which one of them is best placed to prosecute. For instance, article 22(5) Budapest Convention provides that “[w]hen more than one Party claims jurisdiction over an alleged offence established in accordance with this Convention, the Parties involved shall, where appropriate, consult with a view to determining the most appropriate jurisdiction for prosecution.” This provision has a major weakness, however, in that the obligation to consult is not of an absolute nature. Rather, an obligation to consult only exists “where appropriate,” which opens the door for States to ultimately pursue their own interests without even making an effort to coordinate their course of action with other States also claiming jurisdiction. For example, “if one of the Parties knows that consultation is not necessary (e.g., it has received confirmation that the other Party is not planning to take action), or if a Party is of the view that consultation may impair its investigation or proceeding, it may delay or decline consultation.”24 Even more importantly, the mechanism provided for in article 22(5) Budapest Convention is clearly unsuitable when the only States concerned claim their jurisdiction on the 23 Akehurst,

M., Jurisdiction in International Law, in British Yearbook of International Law 1972–1973, p. 168. 24 Explanatory Report of the Convention on Cybercrime, para. 239 (available at: https://rm. coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=090000168 00cce5b).

The Need to Think Beyond Objective Territoriality …

113

basis of the territoriality principle. The principle of territoriality being the necessary corollary of the principle of sovereignty,25 no State will indeed ever accept to restrict the exercise of its territorial jurisdiction for the benefit of that of another. Second, within the framework of the European Union, article 10(1) Council Framework Decision 2009/948/JHA of 30 November 2009 on prevention and settlement of conflicts of exercise of jurisdiction in criminal proceedings26 provides that “when it is established that parallel proceedings exist, the competent authorities of the Member States concerned shall enter into direct consultations in order to reach consensus on any effective solution aimed at avoiding the adverse consequences arising from such parallel proceedings, which may, where appropriate, lead to the concentration of the criminal proceedings in one Member State.” However, even if compulsory “when it is established that parallel proceedings exist,” it is highly unlikely that the implementation of this mechanism will result in the choice of the Member State best able to exercise the prosecution when the states concerned claim territorial jurisdiction, for reasons identical to those mentioned in the previous paragraph. Third, one should note that the principle of territoriality enjoys a certain de facto superiority over the other principles of jurisdiction. This superiority is reflected in particular by the fact that, in international treaties addressing criminal matters, the principle of territoriality is almost always imposed by virtue of an obligation on States unlike other principles, such as passive personality, the implementation of which is very often purely optional.27 Furthermore, the applicability of the principle of territorial jurisdiction is never be subject to one or several conditions, unlike other principles, such as active personality, for example, which is generally subject to the principle of double

25 See

supra p. 1. L 328. 27 See e.g. 5(1) Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, New York, 10.12.1984. 26 OJ

114

J.-B. Maillart

incrimination.28 However, this de facto rule for settling conflicts of jurisdiction, which is also found explicitly mentioned in a certain number of doctrinal works relating to cybercrime—such as in article 5(4) of the Draft International Convention to Enhance Protection from Cyber Crime and Terrorism—29 does not reduce the risk of multiple prosecutions of cybercrime perpetrators since it does not concern conflicts of territorial jurisdiction.

3.2.2 The Limits of Ne Bis in Idem in a Transnational Context The ne bis in idem principle is almost universally included in the domestic laws of the State. That said, the transnational dimension of the ne bis in idem principle is very often ignored. There is indeed still reluctance or even opposition to recognize foreign decisions as res judicata and, thus, to refrain from a new prosecution. As a result, multiple prosecutions and convictions of an individual on the basis of the same facts still take occur today. Even the main human rights treaties do not recognize the transnational aspect of the ne bis in idem principle. For instance, article 4(1) Protocol 7 to the Convention for the Protection of Human Rights and Fundamental Freedoms provides that “[n]o one shall be liable to be tried or punished again in criminal proceedings under the jurisdiction of the same State for an offence for which he has already been finally acquitted or convicted in accordance with the law and penal procedure of that State.” Another example is that of article 14(7) International Covenant on Civil and Political Rights which reads as follows: “No one shall be liable to be tried or punished again for an offence for which he has already been finally convicted or acquitted in accordance 28 See

e.g. art 22(1)(d) cum 22(2) Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment. 29 «Each State Party will exercise its rights and fulfill its obligations under this Convention to the extent practicable in accordance with the following priority of jurisdiction: first, the State Party in which the alleged offender was physically present when the alleged offense was committed; second, the State Party in which substantial harm was suffered as a result of the alleged offense; third, the State Party of the alleged offender’s dominant nationality; fourth, any State Party where the alleged offender may be found; and fifth, any other State Party with a reasonable basis for jurisdiction».

The Need to Think Beyond Objective Territoriality …

115

with the law and penal procedure of each country.” Although it results from the literal interpretation of this text a certain ambiguity as to its transnational scope, the Human Rights Committee however clarified in 1986 in a Recommendation that it prohibits double convictions for the same offense only in the case of persons tried in a given state.30 While the transnational effect of the ne bis in idem principle does not yet clearly constitute a rule of customary international law31 or a general principle of international law, it must nevertheless be recognized that it enjoys increased recognition. Several States thus explicitly provide in their legislation for the negative authority of res judicata abroad. Article 113–9 of the French Criminal Code provides, for example, that “no prosecution can be brought against a person proving that he has been tried definitively abroad for the same facts and, in the event of conviction, that the sentence has been suffered or prescribed.” Article 68 of the Dutch Criminal Code or article 153(c) of the German Criminal Procedure Code may also be mentioned as well as a number of European legal instruments, such as the Convention on the International Validity of Criminal Judgments32 (article 53(1)), the Convention on the Transfer of Proceedings in Criminal Matters33 (article 35(1)) the Charter of Fundamental rights34 (article 50) or the Convention implementing the Schengen Agreement35 (article 54). The transnational application of the ne bis in idem rule is however considerably limited by the application of the territoriality principle. As

30 Human Rights Committee, AP vs. Italy, Communication n° 204 of 16 July 1986, CCPR/C/31/D/204/1986, § 7.3. 31 Schomburg, W., Criminal Matters: Transnational Ne Bis in Idem in Europe—Conflict of Jurisdictions—Transfer of Proceedings, in ERA Forum 2012, p. 313; Vervaele, J. A. E., Ne Bis In Idem: Towards a Transnational Constitutional Principle in the EU?, in Utrecht Law Review 2013/2014, p. 213. 32 European Convention on the International Validity of Criminal Judgments, The Hague, 28.5.1970, ETS No. 70 33 European Convention on the Transfer of Proceedings in Criminal Matters, Strasbourg, 15.5.1972, ETS No. 73. 34 Charter of Fundamental Rights of the European Union, 18.12.2000 (2000/C 364/01). 35 Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders, OJ L 239.

116

J.-B. Maillart

rightly pointed out by Van den Wyngaert/Stessens, “[a]s far as prosecutions for a crime committed on the territory of the State are concerned, most legal systems refuse to attach any weight to foreign judgment.”36 For instance, article 113–9 French Criminal Code only applies to “cases provided for in articles 113–6 and 113–7” of the same code, that is to say offenses committed “outside the territory of the Republic” by a French person and/or against a French person. The same applies to all the legislative provisions mentioned above and provided as examples, with the notable exception of article 68 Dutch Criminal Code which does not envisage any breach of the ne bis in idem rule, as well as all the interventional conventions previously mentioned. For instance, both the Convention on the International Validity of Criminal Judgments (article 53(3)) and the Convention on the Transfer of Proceedings in Criminal Matters (article 35(3)) provide that “any Contracting State where the act was committed or considered as such according to the law of that State shall not be obliged to recognise the effect of ne bis in idem unless that State has itself requested the proceedings.” The territorial exception to the transnational application of the ne bis in idem principle, which shows a certain distrust of foreign jurisdictions, is justified in terms of sovereignty, territorial jurisdiction in criminal matters being in fact one of the main expressions of state sovereignty. It is also justified on practical grounds in view of the procedural difficulties which the national courts may encounter in trying offenses committed abroad.

4

Exploring Active Personality as an Alternative to Objective Territoriality

As seen above, objective territoriality produces adverse effects when applied to offences in cyberspace, in that it de facto allows states to localize offences on their territory almost on a universality basis and

36 Van den Wyngaert, C./Stessens, G., The International Non Bis In Idem Principle: Resolving Some of the Unanswered Questions, in ICLQ 1999, p. 782.

The Need to Think Beyond Objective Territoriality …

117

thereby may seriously undermine two fundamental principles of criminal law, namely the principle of legal foreseeability as well as the ne bis in idem rule. One therefore needs to think of an alternative to objective territoriality as the primary principle of jurisdiction with regard to cybercrime. In this context, the active personality principle, on the basis of which a State can claim and exercise its criminal jurisdiction over an offence committed anywhere by one of its nationals, seems to be a good solution, though not perfect. Unlike objective territorial jurisdiction, active personality respects the perpetrator’s needs for legal foreseeability and thus reduces almost entirely the risk of “jurisdictional surprise.” As Kulesza explains, “[t]he [active] personality principle enables the state to lay down, in a relatively certain manner, the rights and obligations of each national participating in online activities whilst at the same time subjecting them to a regime familiar both in terms of culture and geography.”37 Furthermore, since it can only be claimed by one State at a time, the principle of active personality prevents the accumulation of criminal proceedings. Certain authors already recognize the advantages of active personal jurisdiction in the cybercrime context. Kulesza thus considers that “the personality principle is the most likely to set the limits for regulating online activities.” 38 Another example is Seker who considers that “while the active nationality theory is regarded to have an external focus, it proves to be rather competent with cybercrime.”39 State practice also shows some interest for active personality. This is notably reflected in the aforementioned UNODC 2013 study in which “many countries have mentioned the use of the principle of active nationality to assert jurisdiction over offenses committed by their nationals, regardless of the place where they were committed.”40 It should also be mentioned that all international, regional, and subregional legal instruments, intended to strengthen the fight against cybercrime, provide for active personal 37 Kulesza,

J., International Internet Law, Oxon/New York (Routledge) 2012, p. 14.

38 Ibidem. 39 Seker,

O. K., International Regulaton of National Cybercrime Jurisdiction, LL.M. Thesis, University of Tilburg, 2012, p. 22. 40 UNODC, Comprehensive Study on Cybercrime, 2013, p. 62 (available at: https://www. unodc.org/documents/organized-crime/cybercrime/CYBERCRIME_STUDY_210213.pdf).

118

J.-B. Maillart

jurisdiction for States Parties. In particular, article 22(1)(d) Budapest Convention requires each State party to establish its criminal jurisdiction over any cybercrime established in accordance with the Convention when the offense has been committed “by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State.” However, one should note that, while it is true that the active personality principle represents, in the context of cybercrime and from the perspective of the perpetrator, a much more adequate head of jurisdiction than the principle of territoriality, it may be detrimental to the fight against impunity. First, it should be noted that there is a general reluctance in common law countries to apply this principle. Countries belonging to the common law tradition indeed generally refuse to apply the principle of active personality, the main reason being that they are always ready to extradite their nationals. Moreover, what if the State of nationality of the perpetrator does not have the political will and/or the legal and institutional capacity to exercise its criminal jurisdiction?

References Akehurst, M. (1975). Jurisdiction in International Law. British Yearbook of International Law, 46, 145–257. Brenner, S. (2004). Toward a Criminal Law for Cyberspace: Product Liability and Other Issues. Pittsburgh Journal of Technology and Law, 5 (1), 1–112. Brenner, S. (2006). ‘Cybercrime Jurisdiction’, Crime Law and Social. Change, 46, 189–206. Brenner, S. (2014). Cyberthreats and the Decline of the Nation-State. Abingdon and New York: Routledge. European Commission. (2015). Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, The European Agenda on Security, COM(2015) 185 final. Foggetti, N. (2008). Transnational Cyber Crime, Differences Between National Laws and Development of European Legislation: By Repression? Masaryk University Journal of Law and Technology, 2(2), 31–45.

The Need to Think Beyond Objective Territoriality …

119

Hayashi, M. (2007). The Information Revolution and the Rules of Jurisdiction in Public International Law. In M. Dunn, S. Krishna-Hensel, & V. Mauer (Eds.), The Resurgence of the State: Trends and Processes in Cyberspace Governance (pp. 59–85). Aldershot and Burlington: Ashgate. Kaspersen, H. (2009). Cybercrime and Internet Jurisdiction, Council of Europe Discussion Paper, viewed 14 April 2020. https://rm.coe.int/168030 42b7. Klip, A. (2014). Section IV––International criminal law: Information society and penal law. General report. Revue Internationale de Droit Pénal, 85 (1), 381–428. Kohl, U. (2015). Jurisdiction in Cyberspace. In N. Tsagourias & R. Buchan (Eds.), Research Handbook on International Law and Cyberspace (pp. 30–54). Northampton: Edward Elgar. Kulesza, J. (2012). International Internet Law. Oxon and New York: Routledge. McAfee. (2017). McAfee Labs Threats Report, viewed 14 April 2020. https:// www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-sept2017.pdf. Önok, M., Erman, B., & Akyürek, G. (2014). Turkish report, Preparatory Colloquium Section I Report of the Turkish National Group, Revue électronique de l’Association Internationale de Droit Pénal, viewed 14 April 2020. http://www.penal.org/sites/default/files/files/RH-15.pdf. Podgor, E. (2004). Cybercrime: National, Transnational or International? Wayne Law Review, 50 (1), 97–108. Rosenzweig, P. (2013). Cyber Warfare: How Conflicts in Cyberspace Are Challenging America and Changing the World . Santa Barbara: Praeger. Ryngaert, C. (2015). Jurisdiction in International Law (2nd ed.). Oxford: Oxford University Press. Schomburg, W. (2012). Criminal Matters: Transnational Ne Bis in Idem in Europe—Conflict of Jurisdictions—Transfer of Proceedings. ERA Forum, 13(3), 311–324. Seker, O. (2012). International Regulaton of National Cybercrime Jurisdiction, LL.M. Thesis, University of Tilburg. United Nations Office on Drugs and Crime. (2013). Comprehensive Study on Cybercrime, viewed 14 April 2020. https://www.unodc.org/documents/org anized-crime/cybercrime/CYBERCRIME_STUDY_210213.pdf. Van den Wyngaert, C., & Stessens, G. (1999). ‘The International Non Bis In Idem Principle: Resolving Some of the Unanswered Question’s. International Comparative Law Quarterly, 48(4), 779–804.

120

J.-B. Maillart

Vervaele, J. (2013). Ne Bis In Idem: Towards a Transnational Constitutional Principle in the EU? Utrecht Law Review, 9 (4), 211–229. Wolswijk, H. (1999). Locus Deliciti and Criminal Jurisidiction. Netherlands International Law Review, 46 (3), 361–382. Yar, M. (2005). The Novelty of ‘Cybercrime’: An Assessment in Light of Routine Activity Theory. European Journal of Criminology, 2(4), 411.

Images of Violence and Atrocity in Modern Media Wayne Noble

In this chapter we shall be discussing how social media has become an outlet for videos and images of murder, torture and abuse. This chapter will also examine how these images were manifest in the pre-internet age and parallels with modern media. We will also discuss the etymology of the ‘snuff film’ and examining it with reference to modern technology and social media. This chapter is also an expansion to the previous work of Noble (2017, pp. 241–252). Human beings have long held a fascination for the darker side of life. Violence intrigues and attracts our attention as a moth to a flame. Our interconnected world has made this fascination easier to exercise than ever before with sites devoted to gore and murder, live streamed atrocities, the aftermath of accidents, terrorists posting manifestos and murderers posting blog style videos. How does this affect our perception of violence and potential danger? Are we becoming more sensitive, or have our senses become hardened W. Noble (B) Digital Publishing and UCRU Research Fellow, Preston, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_7

121

122

W. Noble

to appalling scenes? In this chapter there will be a discussion of how technology has brought images of violence and murder into our homes and to our fingertips, with a discussion of websites which are dedicated to hosting this material and the rumoured ‘red rooms’ of the dark web. Also, there have been several instances during the past few years when a person has live streamed torture and murder on social media.

1

Pre-Internet Era

1.1

Snuff Films

To begin the discussion let us examine the so-called snuff movie in the pre-internet age; and how this has contributed to the mythology and background of death and torture as a form of modern entertainment. A ‘snuff ’ movie is where a murder is caught on camera for financial gain as a commodity, as opposed to an incident accidentally caught on camera, such as a traffic accident. The film historian R. P. Whalen (Quoted in Stoetzel 2008) states that: …a movie or film loop produced for profit. It contains an onscreen murder and that is usually as far as it goes.

Retired FBI profiler Larry C. Brubaker (quoted in Stoetzel 2008) give more detail: …a snuff film would be when an individual is videotaping, filming someone and eventually kill them. They would be torturing them, doing bizarre sexual acts and just mainly controlling this person and then when everything is finalised they kill that person right on film.

Images of violence and death are not new, anyone who has seen the Caravaggio portrait The Beheading of John the Baptist or the depiction of King Harold’s death on the Bayeux Tapestry would realise that humans have been chronicling death and mutilation for a very long time. What perhaps distinguishes our modern age is the graphic detail and quality of

Images of Violence and Atrocity in Modern Media

123

such instances and how they are true to life in their reproduction. Not all instances are genuine and there have been notable examples of how people have been deceived into thinking that images are genuine. This in turn focuses public attention and creates concern about the moral health of the media. 1975 saw the premiere of a film called Snuff which was widely marketed as: The bloodiest thing that ever happened in front of a camera.

And The film that could only be made in South America where life is CHEAP!

The film itself was a deception. It used recycled footage from a film called Slaughter (Newman 2011: 275) which ends with an obviously added scene in which a supposed ‘out-take’ displays a girl’s murder and disembowelment, all in real time. It is so obviously fake that today’s viewer would find it impossible to believe, but in the late seventies, when theatre audiences had not been exposured to such violence, it caused quite a stir. Also, the fact that there was no other way to watch this other than a limited cinema showing, added to the mythos of the ‘snuff’ movie. Strossen (1996: 190–191) draws our attention to a false equivalence made between the concept of ‘snuff ’ and pornography. That there has been no evidence presented for ‘snuff’ movies existence and that it does not typify the pornographic genre (Ibid). It is worth noting that this was written in the pre-internet age when extreme sadomasochistic acts could not be found easily on the surface web. Although the quasiviolence portrayed in such films does not constitute ‘snuff’, it is easy to understand how the two could be conflated. Another drama which added to the mystic of the ‘snuff ’ movie was Confessions of a Blue Movie Star (Martine 1978) which follows the career of Claudia Fielers, 23-year-old medical student turned porno actress. Within the first minute we witness her undressing, followed by some distressing sounds of what we assume is her distress, although we see no evidence of this.

124

W. Noble

All sexual taboos on screen were broken and people think what could be the next step, the next step is to kill someone for real. Because such films wouldn’t be made if there were no market for it. I think that film only reflects what the world, what the society’s about. I think the old truth that art reflects, is a mirror of the world. (Roman Polanski quote in Kostenko and Martine 1978)

What the film chronicles is the ‘wearing down of the soul ’ which ultimately leads to the death of the individual, in this case Fielers’ death by suicide. The drama documents the process of replacing Fielers, and the selection of ‘actresses’, the technical requirements and directions. When the subject of underage actresses is raised, Christina von Strata a 12year-old from Munich is cited as an example of a girl who has been performing explicitly since she was eleven years old. Film director Roman Polanski defends her, stating: It is some significance of our times and that’s really the end of the road. (Roman Polanski quoted in Kostenko and Martine 1978)

This quote is a little unnerving when we reflect on Polanski’s conviction for sex offences in 1977 (Romney 2008). The film itself presents a grimy and unpleasant world which leaves the viewer feeling uncomfortable. The last two and a half minutes is presented as ‘real’ footage with a snuff movie maker, wearing a paper bag over his head to protect his anonymity. The narrator explains that this footage was received by the film makers shortly after completing the film and ‘serves to complete our evolution of snuff ’ (Ibid.). The paper bag wearing man pontificates about the public desire to watch such scenes whilst footage of an alleged ‘snuff ’ movie is intertwined. This footage bears a close resemblance to scenes from Wes Craven’s Last House on the Left (1972), an observation also made by Kerekes and Slater (1994: 309) and it may be that it proved to an inspiration for this depiction. The film closes with this caption card:

Images of Violence and Atrocity in Modern Media

125

THE END AND THE END OF ALL HUMANITY. (Ibid)

1.2

Mondo Documentaries

Mondo was a type of exploitation movie which took its inspiration from the real world to create lurid and titillating documentaries. Pioneered by Italian cinema with such films as Mondo Cane (1962) which documented different cultural practices to entertain, bemuse and shock an audience. A Mondo film may have a theme, such as sex, witchcraft and death. As Kerekes and Slater (1994: 102) state a Mondo film’s raison d’etre is: …being to shock the audience with an expose of bizarre cultural behaviour, fluctuating from exotic to the erotic to the undeniably repellent.

The film Faces of Death (Schwartz 1978) exploited the theme of death like no other before it and became a success in Japan (Ibid.: 143) and theatrically out-grossed Star Wars (Martin 1997: 83). Faces of Death is a series of vignettes with each scene loosely held together by our host, Dr. Frances B. Gröss (actor Michael Carr). We are witness to scenes of animal slaughter, autopsy footage and news camera footage of accidents and suicides. These are genuine, but they are augmented with completely fictional scenes including an execution by electric chair and a group of tourists eating live monkey brains. This blurring of fact and fiction increases the impact, if the audience does not know which is real and which isn’t, but their senses have already been assault by scenes of animal slaughter; then the deception becomes plausible. As the director John Schwartz explains:

126

W. Noble

I bought footage of a woman who was committing suicide jumping off a building. That footage was about 40 s so what we did is we shot inserts. Video inserts of Firemen running up the stairs, and then cut to her out front. Then all of a sudden, she jumps. Then you see her drop and then we did an insert shot with another actress with brains on the sidewalk. (Quoted in Barry 2006)

A similar conflation of real death and fake footage appeared in Ruggero Deodato’s film Cannibal Holocaust (1980) which had scenes of genuine animal cruelty mixed with faked human deaths. The viewer cannot help but believe that the atrocities are genuine after our senses have already been brutalised. In fact, Deodato succeeded so well that he was put on trial for the murder of the actors. Faces of Death started a trend for gore-documentaries and spurned Faces of Death 2 (1981), Faces of Death 3 (1985), The Worst of Faces of Death (1987), Faces of Death 4 (1990), Faces of Death 5 (1995) and Faces of Death 6 (1996). Each instalment continued to mix authentic footage and bogus material (Keres and Slater 1994: 146–147). But 1993 saw a rival series of films which made no pretence about what it was, displaying real-life scenes of gore and death Traces of Death (1993) left no holds barred. It begins with an extreme warning which states: EXTREME WARNING This film is meant for the true ‘reality death enthusiast’. Absolutely none of the footage contained in this film is recreated in any way, which makes TRACES OF DEATH the first “TRUE SHOCKUMENTARY” ever released!!! The material contained in this tape is explicitly graphic and is not for children or the squeamish of any kind. From this point on of the film forward view at your own risk! WE ARE SERIOUS!!!

They are not joking with this warning; the film is purely crime scene footage, autopsies, the aftermath of accidents and murders, suicides, executions, murders, operations and animal cruelty set to music with the occasional pithy remark. It is deeply depressing and nauseating, but as

Images of Violence and Atrocity in Modern Media

127

with the Faces of Death films it spawned several sequels; Traces of Death 2 (1994), Traces of Death 3 (1995), Traces of Death 4: Resurrected (1996) and Traces of Death 5: Back in Action (2000). The Traces of Death series of film is morally reprehensible and represents the closest thing we have to the modern gore websites from the pre-internet age. The first film in the series was submitted to the BBFC for classification in 2005 and was rejected out-right because; By presenting actual human death, mutilation and suffering as entertainment, the work has the potential to desensitise viewers, and perhaps even to incite some to harm others. The work invites the viewer to take sadistic pleasure in death, injury, mutilation and pain and encourages callousness towards victims. (BBFC Rejection Explanation—Traces of Death 2005)

They also highlighted that: In this case the combination of the shocking and distressing images in the work, the lack of any justifying context, the editorial treatment, and the possible appeal to a young audience, all appear to the Board to raise serious concerns about the acceptability of the work to public opinion. (Ibid)

A film which was passed by the BBFC was Executions (1995) directed by Herman, Kumar and Monaghan which was presented as a serious documentary without the prurient qualities of its predecessors. The tone of the video is sombre and, although there is graphic content, it is treated seriously and with deference. Further legitimacy is added when we examine the film sources, such as the United States Holocaust Museum and the National Archives.

2

Dramas

There are a couple of notable film dramas which have added to the mythology of ‘snuff’ movies during the pre-internet age; Hardcore (1979) and 8MM (1999). The former stars George C. Scott as a father trying to

128

W. Noble

track down his missing daughter who has fallen into a career of making pornographic films. As the character delves into the seedy underbelly of life he begins to suspect that she was the subject of a ‘snuff ’ movie. In 8MM Nicholas Cage plays a detective who is hired to validate (or debunk) the origins of a ‘snuff’ movie. Similarly, the main character confronts the seediness of life in his search for the truth. Films like this kept the concept of ‘snuff ’ in the minds of the public and may even, in some instances, contribute to a moral panic. The furore over the Video Nasties of the early 1980s could be an example of this. Many people, including MP’s and moral entrepreneurs (such as Mary Whitehouse), would conflate dramatised acts of violence and horror with true life scenes. This could be in part a result of films such as Faces of Death and Cannibal Holocaust which contain some form of ‘real’ death as well as fakery. A film which fooled some people into believing it was a genuine ‘snuff movie’ was Saturo Ogura and Hideshi Hino’s 1985 Guinea Pig 2: Flower of Flesh and Blood . The film is so realistic and anatomically detailed that Hollywood actor Charlie Sheen reported it to the FBI (Timpone, quoted in Barry 2006). FBI Special Agent Ken Lanning (quoted in Barry 2006) explains how instances such as this contributed to the mythos surrounding ‘snuff ’ movies: … a lot of times what they are reporting is the myth and the legend and they dramatize that, exaggerate and embellish it.

Technological advances have made the dissemination of horrorific and violent scenes more prolific, with greater detail and much speedier in distribution. When affordable video cameras and recorders became available it could allow people to document any aspect of their lives. Could this include ‘snuff movies’? Perhaps, it is certainly not beyond the bounds of credibility if we think about the ‘home videos’ made by Leonard Lake and Charles Ng to give but one example. In the film Henry Portrait of a Serial Killer (1986) the lead characters are pictured watching their murders on video in slow motion in a way that we could imagine Lake and Ng doing.

Images of Violence and Atrocity in Modern Media

129

The internet can distribute in real time acts of cruelty, violence and atrocity as they occur. In this next section we shall develop the notion that internet technology has contributed to the amount and extremity of violent we can view.

3

Websites

Today you can find a website dedicated to just about any subject or special interest you can think of. Equally if you are looking for titillation or seeking a thrill you can satisfy your desire. A case in point would be pornographic material on the internet; this can be found quite easily and does not apply paywalls or ages restrictions to control access. Nor are they on the dark web, they can be found in an internet search engine and require no special privileges to access. A good example of this is the website ‘PornTube’ which has 69 different categories. We can observe similar characteristics with ‘gore’ sites such as the now defunct websites Rotten.com and Steak and Cheese to today’s DeathTube and RiGoreMortis with archives of content divided into different categories such as ‘Autopsies’, ‘Executions’ and ‘Suicide’. The site RiGoreMortis currently has 47 categories which feature graphic photographs and video footage. WARNING: You must be at least 18 years old to access this site. (RiGoreMortis.com)

The line between gore/violence and pornography becomes blurred on a site like TheYNC.com which runs a ‘porn’ feed alongside a ‘gore’ feed. The association between sexually related content and violence is catalysed in the post entitled ‘Beautiful Big Tit Woman Violated, Murdered, and Dumped’. This is clearly written to appeal to a morbid and voyeuristic viewership. Documenting Reality is a forum with a social element to it where users upload and comment on images and videos. The forums are divided into several categories with sub-threads within them. There are categories for ‘Death Pictures & Death Videos’, ‘True Crime Related Chat & Research’,

130

W. Noble

‘Caught on Camera’, ‘Police, Fire, & Government ’, ‘True Crime & Artistic Endeavors’, Women, Sports, & Humor ’ and ‘Member Help & The Hall of Shame’. From what we can observe of the statistics on these forums, the main users are likely to be male. There are two threads in ‘Women, Sports & Humour’ called ‘Hot Girls (What Boys Want)’ and ‘Hot Guys (What Girls Want)’ with 1484 threads/24, 482 posts for the former and 488 threads/4805 posts for the latter. We can assume that this section at least is predominantly heterosexually male in orientation, and we can also hypothesise that this could be a general indication of the viewership for the rest of the site. The site is not entirely free as access is restricted to several allotted free views and then you must purchase a membership at a cost of $20 per month. They state: Looks Like You Have Exceeded Your Allotted Views. Allotted free views are reset randomly every 4-6 weeks or so. Documenting Reality is a private member supported forum. If you would like to join the community, you can do so by donating a onetime fee of $20 to the cost of running the site. Even though we are 100% legal, due to the nature, and the content on the website, most payment processors will not work with us, so you may find that getting a membership here is not as straightforward or as easy as it may be at other places, so I apologize for that. If you would like another payment option, please email me …, but bitcoin is recommended. Getting setup with Bitcoin is just as easy as paypal, you can do so here. Once you setup your account, just come back and donate below. Accounts are generally setup ten minutes after receiving payment. (Documenting Reality Message)

This paywall may help to restrict the number of people who access the site and perhaps bring some form of order and control to the site. The rules of the site are worth noting as they would indicate a social hierarchy within the members with a system of membership levels. They also state that: This site does not condone violence. As the name suggests, we simply document the reality of the world in which we live in. Granted, sometimes that does include violent acts, but we do not condone them. We

Images of Violence and Atrocity in Modern Media

131

only document the fact that such things occur. The fact that you can watch violent video coverage on CNN does not mean that they condone that violence, or the violence they document in images and articles. It is my hope that you understand the difference, and that the same applies to Documenting Reality. This is not a hate site, if you came here hoping to find a home for your racist or phobic beliefs, you’ve come to the wrong place, save yourself the disappointment and go elsewhere. (Documenting Reality – Forum Rules)

This would appear to demonstrate a more responsible attitude towards sire administration and indeed the site itself is very restrained compared with RiGoreMortis and DeathTube. Best Gore has a justification for the nature of its content which could broadly be described as a defence of free speech. They state that they are a ‘reality news website’ (Best Gore 2020) which is founded on the fundamental principle of freedom of expression, freedom of the press and the right of the public to be informed. This they say is essential for the promotion and protection of all human rights. It is difficult to accept this argument as it seems a little disingenuous when we consider that nature of the content the site hosts. The site has 39 different categories of content, such as autopsy, drowning, hanging, stoning and torture. It is hard to believe that witnessing a beheading or an act of torture is the main concern for free speech advocates, similar arguments could be utilised to defend other heinous content such as child pornography. It is interesting to note that these sites rely heavily on amateur footage and incidents that are caught accidentally. In this respect they are very similar to the Traces of Death films discussed earlier because they are collections which are curated rather than produced. Remember the reference to ‘reality death enthusiasts’ in the Traces of Death warning? This suggests that it occupies that status of hobby or past-time. In this next section the intention is to deliberately produce these terrible scenes as we shall see, this is business.

132

4

W. Noble

Red Rooms—Urban Myth?

The existence of ‘Red Rooms’ has entered into the mythology of the internet as ‘snuff’ did for cinema before it. They are websites in which the paying customer can witness live scenes of torture and murder. These places are cloaked in secrecy requiring a VPN, TOR Browser, special software to access the site and payment in un-traceable bit coins. Users can bid for certain acts to be committed against the victim. This would make it quite an expensive activity and one which the casual viewer is unlikely to come across purely accidentally. Instead it would indicate a deliberate and rational action on the part of the consumer. Despite these frightening and alarming rumours there is very little evidence to support their existence. This not to say they don’t exist. It is not beyond the bounds of possibility to believe that such a thing may be real. It is also hardly likely that someone who accesses such material is going to share that knowledge or make it freely available. If the levels of security and anonymity are to be believed from the rumours, then it would be difficult to access. When we consider the almost limitless opportunities and potential of the internet then we must conclude that ‘red rooms’ are a serious possibility. The exploits of Peter Scully (Cambridge Alert 2019), who accepted payment from subscribers in return for watching him torture and murder children, are perhaps the nearest instance of such a phenomenon. The ISIS execution videos are graphic and harrowing but do not meet the criteria to qualify as a ‘snuff’ movie. The difference between these examples is that Scully was fulfilling a perverted sexual desire, whereas the terrorist videos are designed to make us live in fear (Lactar 2018). Red rooms have a financial motivation where a transaction must take place to enable the violent act. Therefore, we must conclude that it is a financially driven activity; Whereas terrorist videos and paedophile recordings are ideologically or sexually motivated. Paedophile networks are discovered and prosecuted with regularity, but there does not seem to have been a ‘snuff ’ network discovered. YouTube blogger ‘Takedownman’ (aka ‘Godfather of the Deepweb’) has several videos in which he details the ‘dark hidden history and documentaries from things on the darker side of life’ (Takedownman YouTube

Images of Violence and Atrocity in Modern Media

133

Channel). In some of his videos he will tour the dark web, visiting sites such as ‘The Silk Road’ which are not available on the surface web. He has even visited the page for ‘Shadow Web Red Room Entrance’ (YouTube 2015). The Description of the site is: Once you pay for admission you are given a link to watch and produce murders, rapes and so on in REAL TIME! There is no limit on the torture you can afflict (sic), provided you have enough money, there is also no limit on how many deaths you can also cause!

However, in a video dated 7 March 2016 (YouTube 2016) he describes the same site as a possible scam site. This raises an interesting question; are ‘Red Rooms’ simply a scam? Imagine this scenario; an individual is of a mind to seek thrills by watching the torture and/or murder of a person for their own pleasure. Let us say that this person is actively seeking out such a resource and is serious enough to pay money for the experience. It may be that they find a site and exchange money, via Bit Coin for example, but do not receive anything in return. They are hardly likely to discuss the deception with the authorities and it most probably would not occur in conversation in their everyday lives, so the deception has been a success. There are probably enough people globally to part with their money to witness such a disgusting spectacle to make the deception worthwhile. Although the presence of encountering real death footage on the dark web has yet to be confirmed, on the surface web this is a different matter. There have been several instances of live streamed murders and suicides on social media over the past decade.

5

Facebook Live Streams and Social Media

5.1

Cartel Executions

In 2011 a video which shows the decapitation of two alleged members of the Cartel de Sinaloa was circulated on the internet. The video is very graphic and very disturbing. The intention of the video is obvious, to

134

W. Noble

send a message that the consequences of betrayal are severe. This video came to general attention of a wider audience when it appeared on Facebook feeds, although it is not a Facebook Live broadcast. If you had the automatic play function enabled in your settings, it would play automatically before you had a chance to decide whether to watch it or not.

5.2

The Facebook Killer

2017 was the year that Steve Stephens (aka The Facebook killer) videoed the murder of Robert Godwin on Easter Sunday. He subsequently posted it on Facebook, along with another video in which he claimed to have killed 13 other people and expressed a desire to kill more (Steinbuch 2017). A reason given by Stephens for the attack was that he had ‘just snapped ’ (BBC 2017) following relationship and gambling problems, but this does not help us to understand why he decided to record and broadcast the event. Stephens took his only life when cornered by the police and took his motivations to the grave.

5.3

The Black Lives Matter Tortures

December 2016 four Black Lives Matter supporters kidnapped and torture a mentally handicapped man and live streamed it on Facebook Live (Hussain 2017). During the live stream of January 2017, the mentally handicapped man was bound, punched, kicked and forced to drink water from a toilet. The torturers were heard using racial slurs which included ‘Fuck Trump and fuck white people’. The video lasted about half an hour and documents Brittany Covington (18), Tesfaye Cooper (18), Jordan Hill (18) and Tanishia Covington (24) abusing their hostage; forcing him to drink toilet water from the bowl and cutting his scalp with a knife whilst being made to state ‘I love black people’ (Ibid.). The motivation behind this crime appears to be one of race hate and would qualify as a hate crime. What is not quite so clear cut is, why they broadcasted their action? Perhaps it was an attempt to win kudos amongst other BLM supporters or gang affiliates. Whatever the reason,

Images of Violence and Atrocity in Modern Media

135

the presence of technology has impacted this crime significantly because it exposes the behaviour to a worldwide audience.

5.4

Swedish Rape Gang

Early 2017 also saw another controversial Facebook Live stream when three Tunisian asylum seekers in Sweden were arrested on suspicion of gang raping a woman (Jose 2017). The incident was broadcast to a Facebook group which was viewed by many users. The motivations behind this seem confused, is it for kudos? There doesn’t appear to be any financial exchange involved, so why broadcast a crime openly and not expect to be caught?

5.5

Wuttisan Wongtalay Murder and Suicide

Also, in 2017 Facebook hosted the murder of an 11-month child by Wuttisan Wongtalay and his subsequent suicide. The video was reportedly available for a further 24 hours after being broadcast (Agence France-Presse 2017).

5.6

Abu Marwan Facebook Live Stream

2018 saw another Facebook Live broadcast in which a 41-year old Syrian man attempted to justify the murder of his wife (Burns and Hall 2018). The murder is committed off camera, but Marwan is covered in blood and states that this is a message to women who irritate their husbands.

5.7

Terrorism and Terrorist Attacks

Twitter likewise becomes the platform on which scenes of violence and atrocity are exposed to the viewing public. When a terrorist attack occurs eye-witnesses can live stream events and upload images of the events and the aftermath. The ubiquity of mobile technology and the interconnectivity it brings mean that we are all documentary film reporters, recording

136

W. Noble

many different aspects of our lives. This means that if accidents, murders, suicides and terrorist attacks continue to happen, the gore websites will not run out of material any time soon.

5.8

Narcissism

Is it a possibility that, in some instances, these incidents are a product of narcissism? Not only that, could Nietzsche’s concept of slave morality1 contribute to a broadcasted act of murder? When a person decides to transmit a heinous act such as murder, it says a lot about the inadequacies of the culprit. It demonstrates the weakness of character that the individual has in allowing their ressentiment2 to overcome their rationale facilities. For example, Steve Stephens is using his gambling debts and relationship breakdown to excuse the murder of another (unconnected) human being. It seems rather that he would like to portray himself as a victim of situations beyond his control. Similarly, the BLM torturers have displayed their narcissism by broadcasting the torture of an innocent man. In this instance the radical ideology of these criminals usurped their humanity and re-enforced their ideological beliefs, a belief which makes them feel oppressed and entitled. By committing vile acts on an innocent stranger, they declare their own sense of entitlement and grandiosity. The Swedish rape gang are showing their disdain for the culture which they have settled into by broadcasting the criminal acts which they are committing. It is a display of narcissism which states that we can do anything we wish, because the culture we have joined is inferior to the one we have left. Wuttisan Wongtalay and Abu Marwan are a pair of inadequates, whose narcissistic rage lead to the death of an 11-month old child and the murder of an adult woman. Wongtalay could easily have taken his own life without inflicting the added injury of the child’s death, but his grandiosity knew that this would not provoke adequate response, 1 Nietzsche

defines slave morality as a collective herding instinct in which feelings of “hatred born of weakness” (Nietzsche 2013: 22) emerge. 2 Ressentiment for Nietzsche is manifest “in imaginary acts of vengeance” (2013: 25).

Images of Violence and Atrocity in Modern Media

137

so he had to take the life of another before he took his own. Marwan was unable to cope with the relationship he had with his wife and to solve their problems. His grandiosity and narcissism lead directly to the murder of his wife because he could not deal with his own ressentiment. In these instances, it has been an act of selfishness, a compensation for the resentiment felt by these individuals for their own circumstances; an excuse for their own failings and their slave morality to dictate their actions. They are weak and nihilistic people.

5.9

Social Media Responsibilities?

Does this mean that social media platforms such as Facebook and Twitter are responsible for the nature of the content they host? Perhaps, and perhaps not. If social media is purely a carrier which delivers the content of others, much like the postal service, then no. They may have rules in place to police their service to prevent criminal acts, such as posting child pornography, but there is nothing to say that scenes which will cause upset should not be shown. However, if there is any form of editorialising taking place then yes, they are wholly responsible. To editorialise is to control what is said on the platform beyond what is illegal. For example; a newspaper is subject to editing, nothing appears in the newspaper without the permission of the editor. So, consequentially if there is any libel, or if any law is broken the editor is responsible because they control what appears in their publication. If a twitter user shows the aftermath of a terrorist attack, then this would not result in censure as it does not break the law. But if one were to live stream a murder or act of torture or similar criminal offence then it wold be morally reprehensible of the carrier to do so. When the ‘Happy Slapping’ craze occurred between 2005 and 2009 users posted video evidence of themselves committing assaults. Not only is this evidential of crime and could lead to the culprits being prosecuted, but it would be the responsibility of the carrier to remove such content and inform the authorities. In this respect the carriers are continually playing catch up

138

W. Noble

when monitoring the amount of posts that are uploaded every second of the day. Another consideration is the damaging psychological effects of witnessing these acts. Whilst some individuals may be harder to shock than others there will be some, children for example, who could be exposed to such ghastly scenes. I do not think it would be too much of stretch or an infringement on civil liberties to conclude that there are some things which should not be easily seen in public spaces. We do not yet know what the long-term effects of using social media will be, or how it may induce trauma and psychological damage.

6

Conclusion

Today we are encouraged to have a social media presence, so much of our lives is conducted online, so much of our business is done online that it is difficult to avoid it. Our exposure to images of violence and atrocity has become far greater because of the widespread use of technology and the likelihood of coming across something accidentally is increasing, despite safeguards. This could have several possible outcomes for the internet user; increased fear of crime, terrorism and accident and the consequences of such, also a hardening of the senses and a nihilistic sense of enjoyment from witnessing traumatic scenes. The spectacle of cruelty and sadism may lead to a darkening of the soul and a cheapening of our sensibilities. At least for now, it appears that extreme content of the nature we have discussed here is far from being in the mainstream; and yet sites such as Best Gore and Death Tube exist to satisfy the appetites of the ‘reality death enthusiast’. The existence of ‘Red Rooms’ remains open to discussion and there is no denying that the concept holds a powerful place in the human psyche.

Images of Violence and Atrocity in Modern Media

139

Bibliography Agence France-Presse. (2017, 27 April). Thai Mother Saw Daughter Being Killed on Facebook Live, featured in The Guardian [online], UK. Posted Thursday. Available online at: https://www.theguardian.com/world/2017/ apr/27/thai-mother-watched-daughter-being-killed-on-facebook-live. Barry, E. (2006, 18 April). The Dark Side of Porn: Does Snuff Exist? Season 2 Episode 4 Broadcast. The Dark Side of Porn. Channel Four. TV Broadcast. Available online at: https://www.youtube.com/watch?v=neI6oK8A7Co. BBC. (2017, 18 April). ‘Facebook Killer’ Steve Stephens Found Dead After Car Chase, from the British Broadcasting Corporation online. GB. Available online at: http://www.bbc.co.uk/news/world-us-canada-39634681. BBFC. (2005). Rejection Explanation––Traces of Death. The British Board of Film Classification. Great Britain. Available online at: https://bbfc.co.uk/rel eases/traces-death-2005. Best Gore. (2020). Welcome to Best Gore. Best Gore [online]. Available online at: https://www.bestgore.com/. Burns, I., & Hall, A. (2018, 5 March). Blood-Splattered Syrian Man Posts Chilling Facebook Live video ‘Moments After Stabbing His Wife to Death in Germany, Warning Women “this is how you’ll end” if you “irritate” your husband, from The Mail Online, posted 09:46, 5 March 2018 | UPDATED: 14:22 [online]. GB. Available online at: https://www.dailymail.co.uk/news/article-5463005/Blood-splattered-Syr ian-man-posts-chilling-Facebook-Live-video.html. Cambridge Alert. (2019). Peter Scully: The Dark Internet Criminal from Cambridge Alert. Available online at: https://cambridgealert.com/peter-scu lly/. Faces of Death. (1978). Film. Directed by John Schwartz. USA: Faces of Death Productions. Henry Portrait of a Serial Killer. (1986). Film. Directed by John McNaughton. USA: Maljack Productions. Herman, D., Kumar, A., & Monaghan, D. (1995). Executions. Video. Great Britain. Available online at: https://www.youtube.com/watch?v=bAxPGq 8PjR0. Hussain, R. (2017). Four Accused in Facebook Live Torture Case Plead Not Guilty, from Chicago Sun Times [online] USA. Available online at: http://chicago.suntimes.com/news/four-accused-in-facebook-livetorture-case-plead-not-guilty/.

140

W. Noble

Jose, B. (2017, January 24). Sweden: 3 Men Arrested for Gangraping Woman, Broadcasting Live on Facebook, from Reuters [online] Stockholm. Available online at: http://indiatoday.intoday.in/story/sweden-facebook-rape-arrestedbroadcast-woman-assaulted/1/864962.html. Kerekes, D., & Slater, D. (1994). Killing for Culture––An Illustrated History of death Film from Mondo to Snuff . Great Britain: Creation Books. Kostenko, A., & Martine, K. (1978). Confessions of a Blue Movie Star––The Evolution of Snuff . West Germany: Drama/Documentary. Lactar, E. P. (2018). Child Rape and Torture Materials on the Dark Web: Peter Scully and Beyond from End Ritual Abuse. Available online at: https://end ritualabuse.org/child-rape-torture-materials-dark-web/. Martin, J. (1997). The Seduction of the Gullible––The Curious History of the British “Video Nasties” Phenomenon. Great Britain: Procrustes Press. Newman, K. (2011). Nightmare Movies. Great Britain: Bloomsbury. Nietzsche, F. (2013). On the Genealogy of Morals (Trans. Michael A. Scarpitti). Penguin Books. Great Britain. Noble, W. (2017). Something You Wish you Had Never Seen––Videos of Death and Murder on Facebook, YouTube and Other Social Media Platforms. In Tim, Owen, Wayne Noble and Faye Speed (Eds.), New Perspectives on Cybercrime (pp. 241–252). Great Britain: Palgrave Macmillan. Romney, J. (2008). Roman Polanski: The Truth About his Notorious Sex Crime. The Independent.co.uk. Available Online at: https://www.indepe ndent.co.uk/news/people/profiles/roman-polanski-the-truth-about-his-not orious-sex-crime-949106.html. Snuff. (1976). Film. Directed by Alan Shackleton. USA: August Films. Steinbuch, Y. (2017, April 18). Facebook Murder Suspect Kills Self During Police Chase. The New York Post 11:50 am, USA. Available online at: http:// nypost.com/2017/04/18/facebook-murder-suspect-found-dead-in-car/. Strossen, N. (1996). Defending Pornography––Free Speech, Sex and the Fight for Women’s Rights. Abacus, Great Britain. Von Stoetzel, P. (2008). Snuff: A Documentary About Killing on Camera. Produced by Paul von Stoetzel. USA. Available online at: https://archive.org/ details/SnuffADocumentaryAboutKillingOnCamera2008FULLYouTube. YouTube. (2015, May 29). Some of the DARKEST Most DISTURBING sites on the DEEP WEB. From the YouTube channel Takedownman. Posted [online]. USA. Available online at: https://www.youtube.com/watch?v=S7j d1gRPAG4. YouTube. (2016, March 7). The Hidden Internet––Red Rooms, Slave Sites and WTF Sites (NSFW). From the YouTube Channel Takedownman. Posted

Images of Violence and Atrocity in Modern Media

141

[online]. USA. Available online at: https://www.youtube.com/watch?v=qop GDkKOoEo. YouTube. (2020). Takedown man channel. YouTube. USA. Available online at: https://www.youtube.com/user/Takedownman/about.

Websites PornHub: https://www.porntube.com/tags. RiGoreMortis: https://www.rigoremortis.com/. TheYNC.com: https://theync.com/. Documenting Reality: https://www.documentingreality.com/forum/. Shock Gore: https://www.shockgore.com/. Best Gore: https://www.bestgore.com/.

Policy Implications

Can Risk Society and the Ideology of Motherhood Explain the Continued Hostility Towards the McCanns on Social Media? Jessica Louise Marshall

At approximately 10.00 pm on 3rd May 2007 Kate McCann went to check on her daughter Madeleine who was nine days from her fourth birthday and twins Sean and Amelie aged two. They were sleeping in a holiday apartment at Praia da Luz, a resort in the Algarve Portugal. Kate, her husband Gerry and a group of seven travelling companions were having dinner on the same complex. The friends took it in turn to check on the children throughout the evening.1 Kate recalls in her book Madeleine the panic that took hold when she learned that her daughter was missing; she recollects screaming ‘Madeleine’s gone! Someone’s taken her !’ (2011: 95). This chapter does not speculate on or make any judgements with regard to what has happened to Madeleine McCann or who 1 Refer

to Madeleine McCann (2017) by Danny Collins for an insight into some of the practicalities of the investigation. This includes the modification of a statement made to the police by Doctor Oldfield, one of those responsible for checking on the children.

J. L. Marshall (B) The University of Central Lancashire, Preston, England, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_8

145

146

J. L. Marshall

is responsible for her disappearance. The focus rather is on elucidating the rationale for the continued hostility towards the McCann’s on social media, over a decade after Madeleine’s disappearance. Whilst several theories have been presented regarding the reasons for this hostility, this chapter focuses exclusively on explanations relating to the management of risk and the ideology of motherhood. This encompasses an analysis of risk society, whereby individuals are judged as the executers of their own suffering when they make a ‘wrong’ choice; particularly in situations where they are considered to have the benefit of appropriate knowledge to avoid potential dangers. Moreover, it is argued that an ideology of motherhood not only persists in society but it thrives as motherhood continues to be an ‘institutionalised’ role (see Gatrell 2004) and ‘intensive mothering’ (Hays 1996) reigns supreme. The ‘feeling rules’ (Hoschild 1979) therefore that influence how people manage and display their feeling are variable towards Kate McCann. As Hoschild argues ‘feeling is a form of pre-action, a script or a moral stance, it is one of culture’s most powerful tools for directing action’ (2012: 56). Our emotions and subsequent actions are expected to meet with social norms: those that are considered appropriate for different social settings. Feeling rules tell us ‘what to feel, when to feel, where to feel, how long to feel, and how strong our emotions can be’ (1983: page 3 of 6). As the negative public backlash against the McCanns demonstrates, the feeling rules for parents with missing children are fluid and variable and are influenced by several factors. For example, questions have been asked regarding strategies that could or indeed should have been implemented by the McCanns to negate any risk to their children. Moreover, as Freeman (2017) argues: Kerry Needham was vilified by parts of the press for being working class, Gerry and Kate McCann for being too self-possessed and attractive. The parents of missing children are often demonised by a public that need to reassure themselves that this could never happen to them. Those parents were feckless, foolish, bad—not like us, the good parents. If anything, the relatability of the McCanns made them even more terrifying, and thus more necessary to condemn.

Can Risk Society and the Ideology of Motherhood …

147

There is considered to be a division between those who identify as proMcCann and those who identify as anti-McCann on social media (See Synott, Coulias and Ioannou 2017). Those who are anti-McCann draw on a host of issues,2 including but not limited to, the contravention of the ideology of motherhood and the perceived superficially groundless risk in leaving the children unattended. The McCanns are in point of fact the ‘ideological embodiment’ (Hier 2003: 6) of societal anxieties as this relates to the relative futility of keeping children ‘safe’. Other parents can feel fallaciously ‘safer’ that they will not elicit the same depressing outcome. Furthermore, the McCanns situation is emblematic of the potential consequences for mothers who do not comply with the culture of ‘total motherhood’ (Warner 2006) or ‘intensive mothering’ (Hays 1996). The message is conveyed to parents and specifically mothers that they must comply with the elusive gold standard of ‘good’ parenting or indeed ‘good’ mothering. There is a perception within society that we are aware of possible risks that can result from any action and can therefore adjust our behaviour to ensure the least risky outcome. Van Brunschot and Kennedy (2008) draw on what Lash and Wynne term a ‘reflexive process’ (Lash and Wynne 1992 cited in Van Brunschot and Kennedy 2008: 27), whereby ‘there is the possibility of a change in the relationship between social structure and social agents. Rather than being predetermined, outcomes can be influenced by individuals and institutions’ (Van Brunschot and Kennedy 2008: 27). What this means is that people are held accountable if they ‘fail to adequately anticipate the future’ (Van Brunschot and Kennedy 2008: 27). Hier argues that in contemporary society there is: a proliferation of moral panics as an exaggerated symptom of the heightened sense of uncertainty purported to accompany the ascendency of the risk society. (2003: 3)

2 Other

reasons include challenges to the McCanns account of Madeleine’s disappearance, the media attention that Madeleines disappearance has received in contrast to other missing children, the money that has been spent on the search for Madeleine and questions as to why the McCanns have not been prosecuted for child neglect.

148

J. L. Marshall

In relation to hostility directed towards the McCanns, ‘moral panics’ represent an ‘ordering practice in late modernity’ (ibid: 19). The amplification of fear brought on by the ‘heightened sense of uncertainty’ for children’s safety has seen them vilified and held accountable for their own suffering by some. They are considered to have displayed moral ineptitude and acted erroneously in assessing the attendant risks in leaving their children alone. German social theorist Nikolas Luhmann (1998) argues that there are believed to be dangers against which we can ‘insure’ ourselves, these are identified as risks; the risk he suggests ‘lies in the decision to insure or not to insure’ (73). Those who are critical of the McCanns contend that they chose not to insure their children against risk, because at minimum they neglected to entrust them to the care of a childminder when there was an on-site childminding service. In Madeleine Kate McCann states that she and Gerry did consider the safety of their children when exploring their options in the evenings. She explains that they knew their travelling companions personally, whilst the childminding service was comprised of strangers. In other words, the McCanns considered at the time that they did ‘insure’ their children against risk. However, children are explicitly and implicitly acknowledged to be innocent, pure and sacrosanct and the McCanns are considered to have taken an unnecessary risk that was in actual fact avoidable. Kate and Gerry McCann became the public’s scapegoat––the ‘ideological embodiment of deeper anxieties’ (Hier 6). Indeed ‘they had to be demonized so we could be distanced from their pain, there, don’t worry, see, they’re really not like us at all’ (Pearson 2011). As Furedi (2007: 2) argues fear is determined by the self, and the interaction of the self with others; it is also shaped by a cultural script that instructs people on how to respond to threats to their security.

Nicole Goc (2009) develops a convincing argument that media discourse on Kate McCann has positioned her within the ‘Medea news frame’3 3 Greek

playwright Euripides portrays Medusa as a woman scorned, who is willing to murder her sons as vengeance for being deserted by Jason.

Can Risk Society and the Ideology of Motherhood …

149

(24) that reinforces the ‘evil mother trope’. Goc also analyses the media representation of Lindy Chamberlain and Patsy Ramsey, who have been subjected to scrutiny by the media. These three women reasons Goc were: condemned by the media and the public for not fulfilling their maternal duty to keep their children safe while in their care, and then they were further condemned because they did not behave “appropriately” in the glare of the media spot. They were attacked because they failed to conform to society’s expectations of what it is to be a “good” mother. (34–35)

Indeed, women are still considered to be the primary caregivers contends Goc. Motherhood continues to be ‘inextricably linked with themes of sacrifice and dedication, and thus the good mother is one who endures’ (Forna 1999: 105 cited in Goc 2009: 43). Professor Caroline Gatrell (2004) makes the case that despite huge advances in women’s labour market participation ‘employers prefer to cling to the parsonian notion of the “institutionalized” family which constitutes a male economic provider and a female “domestic goddess”’ (203). The cultural ideal of the expressive, nurturing, self-sacrificing mother endures and dominates popular discourse on motherhood. Intensive motherhood (Hays 1996) consists of drawing on fundamental techniques and practices that are considered to be beneficial for maintaining the innocence, purity and virtuousness of children. For parents the reality is that this is ‘child-centered, expert-guided, emotionally absorbing, labor-intensive, and financially expensive’ (8). As Havrilesky (2014) asserts ‘the Mommy bow chafes’. Revealingly, following the publication of Madeleine in 2011, mainstream media attention became more favourable towards the couple, and discourse shifted from Kate McCann the ‘bad mother’ to Kate McCann the ‘good mother’. Kate demonstrates what some commentators considered to be her ‘very human face’ (Jones 2011) in Madeleine and explains that what some people considered to be a curious lack of emotion when her daughter went missing was ‘not indifference, as some cruelly interpreted, but shock’ (Jones 2011). Kate states that around the first

150

J. L. Marshall

anniversary of Madeleine’s disappearance she saw footage of a church service she had attended at Nossa Senhora da Luz and ‘I barely recognized myself ’ (155). She goes onto assert that as she grew a little stronger, she was ‘better able to control’ her grief in public and ‘was also terrified to show my emotions after the warnings I’d been given that this might influence Madeleine’s abductor. So If I seemed ‘poker-faced’ is it any wonder’ (McCann 2011: 155). In our voyeuristic age Madeleine gave people the opportunity to identify with Kate and her bewildering nightmare. In the absence of uncertainty, people turn to tradition for comfort and Kate was extolled in some sections of the media for fighting for the return of her daughter like a tigress. In her defence of Kate, Sandra Parsons emphasises the ‘sheer, visceral force’ of love she has demonstrated for her daughter through her actions. As Kate herself reports, ‘I couldn’t even sit down unless it was for a purpose, to eat or to work at the computer’ (McCann 2011). She is commended by Alison Pearson (2011) who refers to ‘the ferocity of maternal love’ as Kate prioritised the quest to find her daughter, ‘this remarkable woman has experienced her own personal cavalry- she has both suffered and been despised in her suffering- yet she has found the strength to write down the truth’. In a further show of solidarity with Kate some journalists were even prepared to truthfully acknowledge risks they have taken with their children. Sandra Parsons (2011) for example reported that ‘there are at least three occasions’ when her daughter could have died. Demonstrating the global reach of the case, Caroline Overington (2011) writing for The Australian admits that: every parent has a story of losing a child, even momentarily. Likewise every parent can recount a time when they put their own children at risk- popping out to the car, pay for petrol, nip to shops etc.- our fear is “there but for the grace of god go I”.

This repositioning of Kate McCann as a ‘good mother’ aligns with an ideology of motherhood. She was hailed by some journalists as a mother who fought for and prioritised the search for her daughter, despite her personal torment. Indeed, even in relation to running, an activity that is identified by many as ‘me time’ (Sharrratt n.d), Kate explains in her book that she felt that she needed to do this to bring Madeleine back.

Can Risk Society and the Ideology of Motherhood …

151

As she explains, ‘I can see now that this makes no rational sense, but at the time it was as if I had to push myself to the limit in every way in order to achieve my heart’s desire. My child had suffered and therefore so must I’ (McCann 2011: 167). The rationale for the repositioning of Kate as a ‘good’ mother by some following the publication of Madeleine raises questions about cultural and social expectations with regards to how mothers are expected to behave and indeed how the mothers of missing children are expected to behave. There is an unwritten cultural script that mothers are expected to follow if this happens, their fear and distress are emotions that are required to be visible; indeed failure to adhere to these expectations can have profound consequences. However, not everyone was convinced by the release of Madeleine as renowned criminal profiler Pat Brown considered it to be a ‘an incredible selfserving propaganda piece’ (Brown 2011). She argues that ‘as can happen to people who may have a narcissistic personality disorder, they just don’t know when to SHUT UP. For, in the book, Kate’s explanations further lead me to doubt the McCanns’ claims of innocence in the disappearance of their daughter’ (ibid.). With regard to social media, there continues to be a split between those who are sympathetic towards the McCanns and those who remain critical of them. Whilst people have been charged for making offensive comments about Madeleine McCann,4 no one has been charged for offensive comments directed at the parents on social media. Trolling ‘in general is the posting of messages via a communications network that are intended to be provocative, offensive or menacing’ (Bishop 2013: 29). A number of alleged trolls were identified in a dossier compiled by anti-abuse campaigners and submitted to Leicestershire police in 2014; reported comments included, ‘I hope that the McCanns are living in total misery’, and ‘I want to see them smashed up the back of a bus or trampled by horses’ (Press Association 2014). The media spotlight was cast on the holder of the @sweepyface account Brenda Leyland, who whilst not directly named had her face 4 Jamie

Milligan was sentenced for offensive comments he made on Facebook regarding Madeleine McCann and murdered toddler Mikael Kular. Whilst Matthew Woods was charged with making offensive comments against missing children, including Madeleine McCann on Facebook.

152

J. L. Marshall

and voice made public during a sky news segment (The Guardian 2015). Sky News reporter Martin Brunt was given access to the dossier by an undisclosed source in which it was divulged that Leyland had posted or reposted more than 400 tweets about the McCanns. It should be noted that questions were raised regarding the legitimacy of positioning Brenda Leyland’s behaviour in the ‘criminal offence’ bracket given that she did not directly send her posts to the McCanns who were not on Twitter at the time (See Smart 2017: 84). However, as Bishop (2013) illustrates in the case of DPP v Collins (2006) the target of the messages does not have to be in receipt of them. In the case of DPP v Collins the defendant reportedly made several phone calls and left voicemail messages at their member of parliaments office, whereby they ‘ranted and shouted’ (House of Lords 2006) and employed a number of racist terms to describe immigrants and people seeking asylum. The case found that the target of the messages would be grossly offended even if the recipient was not (Bishop 2013: 39). Specifically, in relation to Brenda Leyland, Hardaker (2014) suggests that her tweets demonstrate an ‘unsettling obsession’ with the couple but meaningfully asks, ‘did she incite others to harm the McCanns? Or threaten to abduct the McCanns’ other children? Or pose any clear menace?’; she purports that ‘on Twitter at least it doesn’t seem so’ (Ibid.). Brenda Leyland sadly took her own life two days after being approached by Blunt and her subsequent discussion with him.5 Hardaker (Ibid.) significantly proposes that ‘a news team with a highprofile journalist at the helm is not the way to bring about justice’. The police spent eight months investigating the dossier and did not consider the messages to constitute a ‘prosecutable offence’, despite finding them ‘extremely distasteful and unpleasant in nature’ (Sky News 2015). For the McCanns the hostility on social media continues and it was reported that following the release of the Netflix documentary The Disappearance of Madeleine McCann (2019), some people had attempted to post ‘hate mail’ on the official Find Madeleine website (Bell 2019). Last year, a Facebook troll shockingly took pictures of the McCanns at a restaurant in Scotland with the caption ‘mum and dad are closer than I 5The reporter Martin Brunt became the target of on-line abuse and a Facebook group was set up calling for him to be sacked.

Can Risk Society and the Ideology of Motherhood …

153

thought’ (Stephens 2019); reportedly leaving the couple, understandably ‘shocked and saddened’. The trolling of the McCanns continues more than a decade after their daughter’s disappearance, and it is therefore appropriate to give some thought to the relevant legislation. One relevant legislative act that could potentially be applied to address the trolling of the McCanns is Section 127 of the Communications Act, whereby a message sent via a communications device, which is ‘grossly offensive’ or of an ‘indecent, obscene or menacing character’ can potentially lead to a summary offence.6 The guidelines incorporate a higher threshold that is ‘necessary to protect freedom of expression, even unwelcome freedom of expression’ (Crown Prosecution Service 2018). There ‘has to be some proof of an intention that the message should be of a menacing character or alternatively, proof of awareness or recognition of a risk at the time of sending the message that it may create fear or apprehension in any reasonable member of the public who reads or sees it’ (Ibid.). These guidelines are essential, particularly as Bishop (2013) has identified cases where there has been an overreaction by ‘judges as administrators of the law’ based on ‘the perception of public interest created by the media and the people who consume it (38). However, several issues have arisen when it comes to charging people with sending ‘grossly offensive’ material, including queries relating to what constitutes ‘grossly offensive’ (See Bliss 2017 for a remarkable critique). Bishop expresses concern that the British justice system ‘could be seriously considered to be failing’ in ‘understanding the various complexities of internet trolling offences’ (2013: 40). With his considered and erudite Trolling Magnitude Scale, it is possible he argues to ‘gauge the severity of an act of flame trolling’ (ibid.). This is a sliding scale that moves from a Trolling Magnitude (TM) of 1 which is ‘done in the moment and quickly regret’ (42), TM 2 which is ‘done in the moment but don’t regret and continue’ (ibid.), TM 3 relates to ‘cyber-bullying’ whereby ‘a person targets an individual on an opportune basis without going out of their way to troll them’ (ibid. 43) and TM 4 which incorporates ‘cyber-stalking’, specifically ‘cyberhickery’, where ‘they purposely go out 6 CPS

guidelines on prosecuting cases involving communication sent via social media state that ‘for all allegations concerning a public electronic communications network’, ‘the starting point should be section 127’ (2018).

154

J. L. Marshall

of their way to target an individual or group’ (ibid.) (See Appendices 1 for Bishop’s Trolling Magnitude Scale). Drawing on the Trolling Magnitude Scale enables a rational consideration of the severity of the offences; providing an appropriate tool for dealing with cases fairly and justly. Following the disappearance of their daughter 13 years ago, there continues to be hostility towards the McCanns on social media, in fact ‘you cannot see it ever ending’ (Synott 2017). Consideration of prosecuting social media offences must be proportionate and considered as the law, its interpretation and application are multifaceted and complex. The application of Bishop’s Trolling Magnitude Scale is certainly a reasonable starting point when considering the severity of the trolling.

1

Small-scale Research: Analysis of an On-line Discussion Thread

An exchange of views featured on a publicly accessible social media discussion thread7 are analysed using thematic discourse analysis. The thread explores the loss of the McCann’s libel case against Goncalo

7The thread is archived and permissions were not sought from contributors. I was able to reconcile this as the thread is taken from a social media discussion site that is open and accessible to the general public. However, it is important to acknowledge the intrinsic value of undertaking a moral approach to any research ‘irrespective of the extent to which the context in which such communication takes place is public or private’ (Coughlan and Perryman 2015: 153). Sagiura encourages researchers to adopt the ‘golden rule’ and to consider how they would feel if the situation was reversed; accordingly ‘researchers can familiarise themselves with the place of study in order to ascertain whether it should be considered public from the perspective of those who occupy it’ (Ibid. 5). I adopted this position and continually reflected on the place of study, concluding that as it is a publicly accessible archived thread on a social media discussion site that has millions of visitors each month, it is ethically defensible. I have chosen to paraphrase the longer quotes made by members of the group so that people cannot do a search on-line for these as I do acknowledge that ‘negative consequences to participants could arise from disclosure that resulted in violation of privacy’ (Sagiura 2016: 7).

Can Risk Society and the Ideology of Motherhood …

155

Amaral.8 I wanted to explore whether the discussion featured the discursive themes of risk and the ideology of motherhood and to identify what other themes emerged from the discussion. I was also interested in examining whether there was the opportunity for a reasonable discussion of the issues or whether there were personal attacks towards pro-McCann users, as identified in an important study by Synnott, Coulias and Ioannou (2017). In relation to discourses it is argued that they: govern what it is possible to think. They produce knowledge which in turn functions to maintain certain power relationships within society and influences how individuals make sense of experience. A two directional process is involved: discourses exist out there, ready-made in society but are simultaneously actively engaged with and moulded by individuals who are more than passive recipients. (Miller & Hoogstra 1992 cited in Singer and Hunter 1999: 66)

As Rahm-Skageby (2011: 419) argues ‘thematic analysis refers to a careful reading and re-reading of the data in order to find recurrent themes across the data’. It is acknowledged that my ‘interpretation of data is inevitably subjective and can itself result in bias’ (Kaptchuk 2003: 1453). There are a number of different troller character types and techniques that have been identified in exceptional work by Jonathan Bishop (for example refer to Bishop 2014: 12). In relation to the discussion thread there were some posters who were looking to have a considered discussion; however, there was also some evidence of trolls who posted ‘unconstructive messages designed to provoke a reaction, to draw targets into fruitless arguments and to disrupt the avowed purpose of the group’ (Coles and West 2016: 1; Bishop 2012). Several discursive themes emerged from the discussion, these were: child neglect, an ideology of parenthood and classism. Whilst the majority of comments and commentators are critical of the McCanns, a minority of posters do 8 In

2008 Goncalo Amaral who was initially the lead investigator into Madeleines disappearance in Portugal had a book published The Truth of the Lie (this has not been published in the UK) and took part in a documentary that raises questions about the McCanns involvement in Madeleine’s disappearance. The McCanns took out a libel case against Amaral and won a payout. Amaral won on appeal against the payout. The McCanns then took the case to the Portuguese Supreme Court where the judge found against them.

156

J. L. Marshall

express compassion for them. What is interesting is that some contributors did not necessarily fit neatly into either the ‘Pro’ or the ‘Anti’ McCann camp. There were several offshoots to the originally proposed topic on the thread and the central overriding discursive theme was the parents perceived negligence in leaving Madeleine and her twin siblings alone in the hotel room. Indeed, this is a central tenet of the discussion and is utilised as a focal point to frequently redirect the conversation.9 During a discussion on whether the McCanns have benefited financially from Madeleines disappearance, a pro-McCann supporter raises several counter-arguments to anti-McCann posters who suggest that the couple are now ‘multimillionaires’ and have the opportunity to ‘fly around the world to the most exotic and luxurious countries’. However, following on from these objections another poster redirects the conversation by asserting that ‘they left their children unprotected whilst they went out to dinner. Who does that?’. This leads onto an exchange of views into alternative available options for the couple, in particular the on-site babysitting service. Some trolls posted profane language in relation to the McCanns perceived negligence of their children. One troll labels the McCanns ‘pieces of shit’, which they repeat at various intervals throughout the discussion; they also refer to the couple as ‘shitty people’, contending that they were ‘two wasted reckless parents’ when they left the children in the hotel room. This prompts a different troll to refer to the couple as ‘scumbags’. This discourse is employed as a trolling strategy to cause offence and to ostracise those who support the couple. Moreover, the McCanns are considered to have acted erroneously the night Madeleine went missing and the trolls are distancing themselves from the couples actions. These bite-size quotes are there to remind people in a quickfire way what ‘bad’ parents the McCanns are: ‘Those parents were feckless, foolish, bad – not like us, the good parents’ (Freeman 2017). Pro-McCann supporters rarely respond directly to the trolls who use offensive language in relation to the issue of child neglect; therefore, 9 Several

studies have identified digression from the topic of conversation as a trolling strategy (See for example the study by Synott, Coulias and Ioannou (2017).

Can Risk Society and the Ideology of Motherhood …

157

suggesting that they potentially interpreted this discourse as an intention to troll and were not provoked into a response. Some of the posters did not fall neatly into the ‘Pro’ or ‘Anti’ McCann camp. These contributors were looking to have a considered discussion and did not primarily criticise the parents or defend their actions. For example, in relation to social class, some posters considered there to be a disparity of treatment towards the McCanns and parents of missing children who are working class: one poster claimed that if the couple were working class, the tabloid press would have ‘thrown the book at them’, whilst another poster expresses concern that it is hard to get attention for your cause if you are ‘working-class’ and your ‘little boy’ goes missing. These contributors are not necessarily ‘Anti-Mcann’ or ‘Pro’ McCann as they do not level any personal accusations against the couple nor do they look to vindicate them from any potential transgression, rather they are just looking to flesh out and discuss the issues in relation to what they consider to be inequality of treatment based on social class. This mainly reasonable discussion is however shut down by a troll who intervenes and uses provocative discourse to label the McCanns ‘audacious media prostitutes’: this discourse is employed to move the conversation in a more accusatory direction. This is jumped on by other trolls who move onto amuse themselves and each other as they draw on conspiracy theories relating to Madeleines disappearance. There are occasions when the discussion involves conspiracy theories and accusations that her parents killed Madeleine. This discussion is disturbing in places, in particular when some trolls construct a narrative about how Madeleine’s death may have taken place, with each contributor adding to this account and developing it. The central premise leads on from one trolls reading of Amaral’s book, that Madeleine had an accident and then ‘her parents hid the body’. Other trolls develop this narrative, presuming this is the absolute truth, with one concluding, ‘surely they could say she had an accident, this would be better than saying she was kidnapped’. The conversation becomes darker when it is suggested that ‘your closest friend will help you move a body’ and there is speculation about whether it is Kate or Gerry McCann who made the decision to kill their daughter as ‘with some couples one person makes all the decisions and the other partner agrees’. Some of the trolls adding to

158

J. L. Marshall

this narrative are new contributors and appear therefore to be lurkers who are ‘convinced to take part if they feel persuaded their contributions will be welcomed among other factors’ (Bishop 2013: 39). There is the occasional interjection during this discussion from pro-McCann supporters who assert that there is ‘zero proof ’ to support the theory that her parents killed Madeline, but this intervention is minimal. Given the nature of the conversation it is sensible that they were not provoked into a protracted reaction. The trolls who participate in this post are curiously offensive and are attempting to complete the puzzle of a young girls disappearance, based on conjecture and speculation. Whilst the majority of these comments focus on the perceived guilt of the parents, ‘I hope somebody loves me that much one day that they would be willing to hide a body’, other contributors consider alternative reasons for Madeleine’s disappearance, including the possibility that she was kidnapped. However, when these alternative possibilities are raised the discussion is redirected again to the issue of child neglect, ‘even if they did not directly kill her, they are still to blame for what happened. They left their children alone so they could go out drinking. What the fuck were they thinking?’. The issue of child neglect is a central overriding discursive theme that is raised throughout the thread to remind people of the personal culpability that they believe the McCanns bear in relation to Madeline’s disappearance. Kate McCann’s disposition and actions are called into account on this thread. As one poster states ‘the behaviour of the mother was really strange’. However, it is parenthood which emerges as discursive theme. Both Kate and Gerry are challenged at various intervals on the thread for their perceived negligence; as one poster states they were ‘two drunk, negligent parents’ and there are comments pertaining to their perceived unconventional behaviour when Madeleine went missing. Thus, this raises an interesting and important consideration for the societal expectations of parents in relation to how they care for their children and how they are expected to react if they go missing. There is an intangible emotional script that parents are expected to follow if the worst happens and if they fail to adhere to this, they are susceptible to being judged ‘bad’ parents or worse.

Can Risk Society and the Ideology of Motherhood …

2

159

Reflections on the Thread

Although the original thread proposed a discussion of the McCanns losing their libel case against Amaral there were several offshoots that raised central discursive themes relating to the disappearance of Madeleine; these were child neglect, an ideology of parenthood and classism. In some instances, trolls used profane language and offensive discourse that interrupted some of the more reasonable discussions about some of the issues raised by the case; including what some posters considered to be class-based inequality against working-class parents of missing children. Sometimes the discourse from trolls was bite-sized, short, sharp and fired in rapid succession, giving the impression that they wanted to urgently demarcate themselves from the McCanns, who are identified as ‘bad’ parents. This served to remind people of the parents perceived neglect the night Madeline went missing and to ostracise supporters of the couple. Whilst there was some sympathy for the McCanns from a minority of people on the thread, it was normalised to question both their accountability for Madeleine’s disappearance due to their perceived negligence and to question whether they were personally involved in her disappearance. Whilst they are a minority, the proMcCann supporters do intervene to defend the couple at various intervals. For example, when one markedly offensive flame troll refers to Madeleine as a ‘superior snowflake’ they are brought to account by a pro-McCann contributor who states, ‘you sound heartless and inhuman’. Whilst those who are pro-McCann are not attacked on a personal level, the move towards debate that is dark in places suggests that some trolls were looking to post ‘unconstructive messages designed to provoke a reaction’ (Coles and West 2016: 1; Bishop 2012) and to entertain themselves. During the more disturbing discussion the pro-McCann supporters only intervened minimally, suggesting that they were not prepared to be provoked into a response.

3

Concluding Remarks

Over a decade after Madeleine’s disappearance the McCann’s continue to receive hostile comments online and in some areas of the mainstream press. There are a number of reasons for this. Two of these that have been explored in this chapter. These include moral judgements based on the

160

J. L. Marshall

‘risk’ that the McCanns took the night Madeleine went missing and the ideology of motherhood that dictates how mothers ought to behave with regard to caring for their children. This has led to fluidity in feeling rules towards the couple, with some in the pro-McCann camp highlighting the plight of the family and those in the anti-McCann camp drawing on issues of blame and accountability. Cultural and social ideals relating to motherhood have impacted on attitudes towards Kate McCann. Certainly, in some sections of the mainstream press, the shift in attitudes towards Kate was influenced by the publication of her book Madeleine and the demonstration of what Jones refers to as her more ‘human face’ (Jones 2011). Analysis of a social media discussion thread reveals the impact that trolls can have on debates relating to the McCanns; as they interject with inflammatory comments and can move the debate in a potentially troubling direction. The perceived neglect of the children is an overriding discursive theme on the thread. Whilst an ideology of motherhood came up on the thread a central discursive theme was an ideology of parenthood, with both Kate and Gerry perceived to be negligent parents. There are societal expectations regarding how parents are both expected to care for their children and how they are expected to conduct themselves if they go missing. The thread also illustrates that some contributors cannot be neatly delineated into the ‘Anti’ or ‘Pro’ McCann camp. Ultimately though and regrettably for the McCanns ‘you cannot see it ever ending’ (Synott 2017). Furthermore, it is unlikely given the finding by Leicestershire police in 2014 that the dossier submitted to them did not present evidence of a ‘prosecutable offence’, and given that no one has since been charged with trolling the couple, that anyone will be held accountable for this in the future. However, if consideration is given to the trolling of the McCanns, Bishops Trolling Magnitude Scale could be employed to ensure there is not an overreaction or indeed an underreaction and that decisions are made fairly and justly.

Appendices 1 See Table 1.

Description

In the moment and quickly regret

Type

Cyber-trolling (Cyber-bantering TM1 ––Playtime TM2––Cyber-trickery)

Table 1 The trolling magnitude scale with examples This type of classical trolling is often in the moment, or otherwise intended to give the troller and others a laugh as close to the point that the troller thought of their ‘gag’. Contemporary outlets for this type of cyberbantering include Yahoo Answers. Questions where the user protests they are not trolling usually are. The most prolific troller on Yahoo! Answers was known as ‘Phil J’ and always wound people up with his sick stories usually ending with “… it was a lot more erotic than I expected”

Classical trolling

(continued)

Reece Messer posted a tweet to Tom Daley, an Olympic diver, saying that he let his late father down by not getting a medal. When others attacked him following Tom Daley retweeting it, resulting in his followers setting upon Messer, he apologised, but this dignified and honest apology was not accepted, resulting in non-credible threats being made. Another example was that of Paul Chambers who posted a message on Twitter joking that if an airport did not open he would blow it up

Anonymous trolling

Can Risk Society and the Ideology of Motherhood …

161

Description

In the moment but don’t regret and continue

Go out of way to cause problems, but without a sustained and planned longterm campaign

Type

Cyber-trolling (Tactical 2)

Cyber-stalking (Cyber-bullying TM3 ––Strategic)

Table 1 (continued) Classical trolling

Jake Baker was a student at The University of Michigan. He was suspended following posting a story to alt.sex. stories, which had graphic depictions of rape and murder of a woman he said was his classmate. With a Canadian friend Arthur Gonda he would share abusive posts about women, which they never received. The person who was the ‘victim’ in the stories, Jane Doe, was only aware when charges were brought against Baker

Popular ‘subversive’ websites like ‘Temple of the Screaming Electron’ (www. totse.com) would often have people go on there to ask for ‘advice’. The typical response would be ‘m/s’ (i.e. murder/suicide). A discussion might ensue on how to do this

Liam Stacey posted a tweet mocking the fact that Fabrice Muamba, a premiership footballer, had collapsed with a cardiac arrest. When others challenged him over this he became abusive, posting racist comments. It is likely he knew he was being offensive, but did not stop doing so An unnamed troller was given a caution for abusing Bridget Agar, who was a mother of a child who died in a scooter accident. The youth posted messages on a fake Facebook page named after the child, such as ‘Mum, I’m not really dead. I’m sat at the computer, I just ran away’ and ‘I’ve gone to hell’. The troller was forced to accept a harassment warning, and their identity was not revealed to Mrs Agar

Anonymous trolling

162 J. L. Marshall

Goes out of the way to create rich media to target one or more specific individuals

Cyber-stalking (Cyber-hickery TM4 ––Domination)

Classical trolling The “case of the electronic lover” was one of the most documented forms of cyberhickery. Alexander was a psychiatrist from New York and posted to a chatroom under the name of Joan. He convinced women he was a woman and they opened up to him even having ‘lesbian’ cybersex. He portrayed Joan as having a disability, but was forced to come clean when others insisted on meeting him—as Joan, which he couldn’t do

Sean Duffy could be considered to be one of the most prolific of flame trollers in the world. Even though he is continually sentenced to jail, he goes out of his way to ‘vandalise’ the memorial pages of grieving families. In one instance he went to the effort of making a video, called ‘Tasha the Tank Engin’ to upset the family of the late teenager, Natasha MacBryde

Anonymous trolling

Source Bishop, J. (2013). The Effect of De-Individuation of the Internet Troller on Criminal Procedure Implementation: An Interview with a Hater. International Journal of Cyber Criminology, 7(1), 42–43

Description

Type

Can Risk Society and the Ideology of Motherhood …

163

164

J. L. Marshall

References Bell, R. (2019). McCanns Hit with Fresh Wave of Hate Mail following Netflix doc. At Entertainment Daily. Available at https://www.entertainmentda ily.co.uk/news/mccanns-hit-with-fresh-wave-of-hate-mail-following-netflixdoc/. Accessed on 20 February 2020. Bishop, J. (2012). The Psychology of Trolling and Lurking: The Role of Defriending and Gamification for Increasing Participation in Online Communities Using Seductive Narratives. In H. Li (Ed.), Virtual Community Participation and Motivation: Cross-Disciplinary Theories (pp. 160–176). Hershey, PA: Information Science. Bishop, J. (2013). The Effect of De-Individuation of the Internet Troller on Criminal Procedure Implementation: An Interview with a Hater. International Journal of Cyber Criminology, 7 (1), 28–48. Bishop, J. (2014). Representations of ‘Trolls’ in Mass Media Communication: A Review of Media-Texts and Moral Panics Relating to ‘Internet Trolling’. International Journal of Web Based Communities, 10 (1), 7–24. Bliss, L. (2017). The Crown Prosecution Guidelines and Grossly Offensive Comments: An Analysis. Journal of Media Law, 9 (2), 173–188. Brown, P. (2011). Criminal Profiling Topic of the Day: Did Kate McCann Read my Letter to Her? at The Daily Profiler Hosted by the Pat Brown Criminal Profiling Agency. Available at https://patbrownprofiling.blogspot.com/ 2011/05/criminal-profiling-topic-of-day-did.html. Accessed on 19 August 2019. Brunt, M. (2017). McCanns Still Trolled Online 10 years after Madeleine Disappeared. Sky News online. Available at https://news.sky.com/story/mcc anns-still-trolled-online-10-years-after-madeleine-disappeared-10861082. Accessed on 09 September 2019. Coles, B. A., & West, M. (2016). Trolling the Trolls: Online Forum Users Constructions of the Nature and Properties of Trolling. Computers in Human Behaviour, 60, 233–244. Collins, D. (2006). Madeleine McCann. John Blake: UK. Coughlan, T., & Perryman, L. -A. (2015). A Murky Business: Navigating the Ethics of Educational Research in Facebook Groups. European Journal of Open, Distance and e-Learning (pp. 146–169). Available at http://oro. open.ac.uk/43343/1/EURODLCoughlan_Perryman.pdf. Accessed on 07 July 2016.

Can Risk Society and the Ideology of Motherhood …

165

Crown Prosecution Service. (2018). Social Media––Guidelines on Prosecuting Cases Involving Communications Sent Via Social Media. Available at https://www.cps.gov.uk/legal-guidance/social-media-guidelines-pro secuting-cases-involving-communications-sent-social-media. Accessed on 6 February 2020. Forna, A. (1999). Mother of All Myths: How Society Moulds and Constrains Mothers. London: Harper Collins. Freeman, H. (2017). From Nick Cave to Kate McCann, it’s Time We Judged Parents a Little Less. The Guardian online. Available at https://www.theguardian.com/commentisfree/2017/may/06/nick-cave-tokate-mccann-time-judged-parents-less. Accessed 14 September 2019. Furedi, F. (2007). The Only Thing we Have to Fear is the ‘Culture of Fear’ Itself. Spiked . Available at http://frankfuredi.com/pdf/fearessay-20070404. pdf. Accessed 23 October 2019. Gatrell, C. (2004). Hard Labour: The Sociology of Parenthood . UK: Open University Press. Goc, N. (2009). Framing the News: ‘Bad’ Mothers and the ‘Medea’ News Frame. Australian Journalism Review, 31(1), 33–47. Hardaker, C. (2014). Was Brenda Leyland Really a Troll?. The Guardian online. Available at https://www.theguardian.com/commentisfree/2014/oct/06/wasbrenda-leyland-really-a-troll-mccanns. Accessed on 20 February 2020. Havrilesky, H. (2014). Our ‘Mommy’ Problem. The New York Times online. Available at https://www.nytimes.com/2014/11/09/opinion/sunday/ our-mommy-problem.html. Accessed on 14 September 2019. Hays, S. (1996). The Cultural Contradictions of Motherhood . New Haven: Yale University Press. Hier, S. P. (2003). Risk and Panic in Late Modernity: Implications of the Converging Sites of Social Anxiety. British Journal of Sociology, 54 (1), 3–20. Hochschild, Arlie Russell. (1979). Emotion Work, Feeling Rules, and Social Structure. American Journal of Sociology, 85, 551–575. Hoschild, A. (1983). The Presentation of Emotion. Sage. Available at http:// www.corwin.com/sites/default/files/upm-binaries/13293_Chapter4_Web_ Byte_Arlie_Russell_Hochschild.pdf. Accessed on 20 February 2020. Hoschild, A. (2012). The Managed Heart: Commercialization of Human Feeling, 3rd ed. Berkeley and Los Angeles, CA: University of California Press. House of Lords. (2006). Opinions of The Lords of Appeal For Judgment In the Cause Director of Public Prosecutions (Appellant) v. Collins (Respondent). UKHL SESSION 2005–06 40. Online. Available at https://publicati

166

J. L. Marshall

ons.parliament.uk/pa/ld200506/ldjudgmt/jd060719/collin.pdf. Accessed 12 February 2020. Jones, D. (2011). Kate McCann’s Haunting Account Makes Me Rue the Day I Doubted Them. Daily Mail . Available at https://www.dailymail.co.uk/deb ate/article-1384977/Kate-McCanns-haunting-account-makes-rue-day-I-dou bted-them.html. Accessed 17 February 2020. Kaptchuk, T. J. (2003). Effect of Interpretive Bias on Research Evidence. British Medical Journal, 326, 1453–1455. Lash, S., & Wynne, B. (1992). Introduction. In U. Beck (Ed.), Risk Society: Towards a New Modernity (pp. 1–8). London: SAGE. Luhmann, N. (1998). Observations on Modernity. Stanford: Stanford University Press. McCann, K. (2011). Madeleine: Our Daughters Disappearance and the Continuing Search for Her. UK: Bantam Press. No Name. (2015). McCann Trolls: Police Won’t Take Action Sky News. Available at https://news.sky.com/story/mccann-trolls-police-wont-take-act ion-10361261. Accessed on 19 August 2019. Overington, C. (2011). A Family’s Never-Ending Ordeal, The Australian. Parsons, S. (2011). I’m In Awe of the McCanns’ Enduring Marriage. Available at https://www.dailymail.co.uk/femail/article-1385769/Kate-Gerry-McCannIm-awe-enduring-marriage.html. Accessed 21 February 2020. Pearson, A. (2011). Kate McCann and the Ferocity of Maternal Love. The Telegraph online. Available at: http://www.telegraph.co.uk/comment/column ists/allison-pearson/8508204/Kate-McCann-and-the-ferocity-of-maternallove.html. Accessed 12 August 2013. Press Association. (2014). Online Abuse Dossier Directed at Kate and Gerry McCann is Handed to Police. The Guardian. Available at https://www.theguardian.com/uk-news/2014/oct/02/abuse-dossierkate-gerry-mccann-police-madeleine. Accessed on 19 August 2019. Rahm-Skageby, J. (2011). Online Ethnographic Methods: Towards a Qualitative Understanding of Virtual Community Practices. In H. Ben Kei Daniel (Ed.), Handbook of Research on Methods and Techniques for Studying Virtual Communities: Paradigms and Phenomena (pp. 410–428). IGI Global. Sagiura, L. (2016). Researching Online Forums. BSA Ethics Case Study 1. Available at https://www.britsoc.co.uk/media/24834/j000208_researc hing_online_forums_-cs1-_v3.pdf. Sharrratt, A. (n.d). Time for Running: Yes, You Deserve The Run And The MeTime. Available at https://www.besthealthmag.ca/best-you/running/timefor-running/. Accessed on 1 April 2020.

Can Risk Society and the Ideology of Motherhood …

167

Singer, D., & Hunter, M. (1999). The Experience of Premature Menopause: A Thematic Discourse Analysis. Journal of Reproductive and Infant Psychology., 17 (1), 63–81. Sky News. (2015). McCann Trolls: Police Won’t Take Action. Available at https://news.sky.com/story/mccann-trolls-police-wont-take-action10361261. Accessed on 18 February 2020. Smart, U. (2017). Media and Entertainment Law. London and New York: Routledge. Stephens, G. (2019). Sick Troll Posed As Missing Madeleine Mcann on Facebook. At EuroWeekly. Available at https://www.euroweeklynews.com/2019/11/12/ sick-troll-posed-as-missing-madeleine-mcann-on-facebook/. Accessed on 18 February 2020. Synnott, J., Coulias, A., & Ioannou, M. (2017). Online Trolling: The Case of Madeleine McCann. Computers in Human Behavior, 71, 70–78. Synott, J. (2017). Cited in Trolls Post abuse to McCanns 150 Times Every Day. The Herald online. Available at https://www.pressreader.com/. Accessed on 09 September 2019. The Disappearance of Madeleine McCann. (2019). online. Directed by Chris Smith. UK. Netflix. Available from Netflix. The Guardian. (2015). Woman Killed Herself After Being Doorstepped over McCann Trolling. Available at https://www.theguardian.com/media/2015/ mar/20/sky-news-mccann-brenda-leyland. Accessed on 18 February 2020. Van Brunschot, E. G., & Kennedy, L. W. (2008). Risk, Balance and Security, 1st ed. US: Sage. Warner, J. (2006). Perfect Madness: Motherhood in the Age of Anxiety. US: Riverhead Books.

‘In and Out, On and Off: LGBT+ Online Experiences’ Megan Todd

1

Introduction

Our lives have become increasingly interwoven with online technologies. They have the potential to impact on almost every aspect of our daily lives; we use them to shop, study, work, network, monitor our sleep, bank, find love, ‘find ourselves’ and find out about the world. Such a rapid, and relatively recent, change in our lives doesn’t come without its risks. Indeed, an aspect of modern power–knowledge relations is ‘risk taking’ and the notion of ‘harm’ (Beck 1992). We are frequently warned of the risks of living online. Reports indicate that cyberabuse has increased exponentially as technologies have become more available and as new and advanced technologies continue to be developed (Hinduja and Patchin 2010). Barely a day goes by when we don’t see a news story about an event of online abuse, stalking or harassment. Revenge pornography, unwanted ‘sexting’, child pornography, death threats, blackmail M. Todd (B) University of Central Lancashire, Preston, England, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_9

169

170

M. Todd

and rape threats have all been enabled by digital technologies. Of course, most of these forms of abuse are an extension of the everyday abuses (mainly) women and children experience offline (Todd 2017). Yet, paradoxically, there are also risks involved in avoiding cyberspace. Here, Beckmann’s (2009) concept of ‘civilization’ versus ‘wilderness’ is useful. If you are a ‘civilized’ member of society, you are supposed to embrace all the technologies available to you. Failure to do so leaves you out in the ‘wilderness’ an atavistic product of disengagement. By engaging with such a world, we are required to acknowledge the potential risks involved and face the consequences. One of the risks at play on the internet involves ownership of space—who is deemed as having a legitimate right to use and claim cyberspace? Again, this is not a new problem. In Ancient Greek society, the forebear of so-called modern Western civilization, there was hostility and violence to those constructed as ‘Other’. Perhaps in more modern times, a search for ‘Truth’ has led to the violent exclusion of difference. Such conditions of domination potentially have a significance for LGBT+ users, who arguably are viewed as ‘Other’ both online and offline (Dubois and Meon 2013). As Marcuse stated, ‘technology as such cannot be isolated from the use to which it is put; the technological society is a system of domination which…results from the play of the dominant interests’; destruction, he argued, is frequently the ‘price of progress’ (1964: xvi). Of course, this leads to bigger questions about the relative merits of technology and its uses, which we do not have time for here. Save to ponder whether that which has so much promise is causing us to be distracted, as Bruce Sterling (2000) has suggested, from what really matters. From research into people’s experience of online spaces, we know that sexual harassment is very common (Powell and Henry 2017). In particular, it affects women—especially young women. To date, less research has looked specifically at LGBT+ experiences, particularly older people’s use and experience of the internet. This chapter, therefore, will be looking at the intersections of gender, sexuality and age in experiences of online spaces. In part, this will make reference to my own research into global lesbian communities (Todd 2013), and my research into LGBT+ lives in North West England. The chapter begins with a consideration of LGBT+ experiences offline. In particular, it will look at the lack of

‘In and Out, On and Off: LGBT+ Online Experiences’

171

information available for many LGBT+ youths, which frequently serves to act as a pull factor to internet usage. It will also focus on the ways in which living through moments of homophobia impact on older LGBT+ people’s trust and confidence in local communities, service providers and how this, combined with experiences of ageism on the gay scene, drives many to seek solace online. The chapter then moves on to younger and older LGBT+ people’s experiences of online spaces, before finishing with some recommendations for changes in policy and practice; changes which would ensure online spaces are safer and more inclusive for its LGBT+ users.

2

Off Limits? LGBT+ Lives Offline

2.1

Living on the Edge? Young LGBT+ Lives Offline

In general, adolescence is conceptualized as a difficult and sensitive period in which many young people begin to explore their sexuality and engage in romantic relationships. For young LGBT+ people, this period can present some particularly problematic challenges. When exploring their sexual identity, LGBT+ youth may fear being judged, secluded or victimized due to their sexual orientations (Mustanski et al. 2011). For instance, many studies show that victimization by their peers and coerced or unwanted sexual experiences are more frequently reported by LGBT+ youth than non-LGBT+ youth. Gallopin and Leigh (2009) also stated that LGBT+ youth victims of such abuse found that existing (offline) social assistance systems were not helpful to youth of their sexual orientation. LGBT+ young people also frequently receive formal sex education which is silent about anything other than a restricted representation of heterosexual dynamics. UK Conservative minister, and ex-cabinet member, Andrea Leadsom got herself into political hot water in early 2019 when debating new legislation on mandatory sex education in primary schools. The new material includes information on the rights of LGBT+ people; in reference to this she argued that parents should be able to choose when children are ‘exposed to that kind of information’. Many

172

M. Todd

conservative Christian, Muslim and Jewish parents have demonstrated outside schools in protest, often bearing homophobic slogans. As LGBT+ rights activist Peter Tatchell has noted, what is currently happening, is very reminiscent of events in the 1980s (Ferguson 2019). Under Conservative Prime Minister Margaret Thatcher’s leadership, Section 28, of the Local Government Act 1988, prohibited Local Authorities (LA) in England and Wales from ‘promoting homosexuality’ (Todd 2013). The impact of such high-profile anti-LGBT+ sentiment can be significant. Over 60% of LGBT+ youth surveyed by the Gay, Lesbian and Straight Education Network reported feeling unsafe at school because of their sexual identity, and many showed increased levels of depression, truanted from school and performed less-well academically than their heterosexual peers (Kosciw et al. 2013). Informal sex education or discussions at home are also often unrepresentative. For instance, Karin Martin (2009) studied what parents say to their children about sexuality and reproduction, discovering that even with children as young as three years old, parents routinely assumed their children were heterosexual, told them they would get (heterosexually) married, and interpreted cross-gender interactions between children as ‘signs’ of heterosexuality. With this kind of socialization is an additional element of normative sexuality—the idea of compulsory monogamy, where exclusive romantic and sexual relationships and marriage are expected and valued over other kinds of relationship (Willey 2016). Studies also reveal that up to half of LGBT+ teens experience a negative reaction from their parents when they ‘come out’, including being kicked out of the family home (26%) and or being physically assaulted by family members (33%) (Ray 2006). For many young LGBT+ people, the cumulative impact of such prejudice will lead them to go to great lengths to try and conceal their sexual identity, thus limiting their offline opportunities for support (Detrie and Lease 2007). In turn, this lack of support, along with the limited availability of sex education and information, and relatively small numbers of ‘out’ LGBT+ peers and potential romantic partners, may lead LGBT+ youth to seek online relationships.

‘In and Out, On and Off: LGBT+ Online Experiences’

2.2

173

Invisible Attraction: Older LGBT+ Lives Offline

Although the twenty first century has been a time of potentially progressive legislative and social change for LGBT+ people [the UK alone has seen The Civil Partnership Act (December 2004), Equality Act (Sexual Orientation) Regulations 2007, Same-Sex Marriage Act (which came into force in 2014)], many older LGBT+ people have lived through less liberal times, experiencing both informal and formal discrimination. On one hand, this might mean older LGBT+ people find ageing less problematic than their heterosexual counterparts; living in a hostile, homophobic society can provide skills in ‘crisis competence’ (see Balsam and D’Augelli 2006). However, it can have a profound effect both on their preparedness to ‘come out’ as LGBT+, and impact on their use, and experience, of a range of services, including health and criminal justice services (Fredriksen-Goldsen 2011). In fact, older LGBT+ people are five time less likely to access services for older people than is the case in the wider older population‚ because they fear discrimination and homophobia (Todd 2011). Older LGBT+ people may have lived through times when making themselves invisible, and ‘passing’ as heterosexual was a deliberate and necessary coping strategy; the alternative might have meant losing children, friends or employment (Barrett 2008). Living through times when their sexuality was a criminal offence, feeling the ramification of Section 28, or experiencing the homophobic campaigns around AIDS/HIV and living through devastating and cumulative effects of grief for friends and lovers who died can have a significant impact on willingness to come ‘out’ (Todd 2013). This can lead to what’s referred to as a fracturing of relationships (Barrett et al. 2017). Many will also have experienced levels of discrimination to the point of violence in their earlier lives (DeLamater et al. 2017). The ongoing effects of homophobia are closely linked to participants’ relationship with ‘the closet’. Being recognisable as LGBT+ was, in effect, a marker of difference which might incite violence and abuse. This is an example of what Ann Cvetkovitch terms ‘insidious trauma’; she argues that ‘trauma becomes the hinge between systemic structures of exploitation and oppression and the felt experience of them’ (2003: 12). Cronin and King (2014) argue

174

M. Todd

that fear of discrimination prevents many older LGBT+ people from making friends in the wider ‘heterosexual’ community. Such social isolation perhaps puts them at risk of abuse, in addition to preventing them from seeking support. Intimate relationships for older LGBT+ are often viewed as a safe space (Smalley 1987), making it even more dangerous when things go wrong (Todd 2013). Weeks (2007) argues that society has recently undergone a transformation, from being a place where same-sex desire is seen as an aberration, a sin or sickness, to becoming a culture where LGBT+ lives are perhaps ‘respectable’. The potential to age as an ‘out’ lesbian or gay man, in a comparatively tolerant society is a relatively recent phenomenon and is itself a consequence of social change, (Weeks 1986). Paradoxically, these older LGBT+ people now often find themselves viewed as asexual—deemed physically unattractive in a youth-orientated society, uninterested in, or incapable of, having sex (Heidari 2016). In much the same way as their younger LGBT+ counterparts, older LGBT+ people may well be drawn to online spaces because of the anonymity it offers, as well as the potential for reaching a like-minded community or a romantic/sexual partner.

2.3

The Cyberqueer: LGBT+ Lives Online

The internet, therefore, is of interest when studying sexuality, in particular LGBT+ lives. Much literature has emphasized the possibilities offered by cyberspace for experiences of sexuality, often constructing it as a safer place offering ‘sex without secretions’ (Kroker et al. 1989). The digital queer who has access to a (utopian) global community, a community which offers chat rooms or websites dedicated to a range of subcultures, emphasizes the importance of the internet (O’Riordan 2018). Michael Brown (2005) highlighted the need for cyberspace, for instance, as a means of accessing education around issues relating to HIV; the anonymity and confidentiality provided by the internet were significant.

‘In and Out, On and Off: LGBT+ Online Experiences’

175

However, a dose of cyber-scepticism might not go amiss. What are the costs of an insistence on the cyberworld? Does it lead to a loss of realtime/offline spaces? Whose sexual stories go unheard? The internet, of course, is a resource still not available to all—we need to be mindful of the intersections of poverty along lines of class, age, gender and ethnicity. What risks are there in the virtual world? As early as 1996, Hall pointed out the prevalence of anti-LGBT+ flaming (abusive messages) on general websites.

2.4

Online and in Trouble? LGBT+ Youth Online

Young people are, arguably, ‘digital natives’ (Palfrey and Gasser 2008). The ways in which they interact, work, study and play are very different ways to previous generations (of course, as digital natives, they have much more access to sexual imagery/spaces than preceding generations, the implications of which need to be considered more fully). Amongst the general youth population, the internet has become a mainstream mode of access to information about aspects of health and sexuality, as well as anonymous support for personal issues such as drug use, depression and relationship problems (Borzekowski et al. 2006). The internet is a useful way for youth to access sensitive health information, gather the courage to access offline resources, and find available information on offline services (Gray et al. 2005). Youth have also begun to search online for relationships that may not be available to them offline. Comparatively little research in the UK has focused specifically on the experiences of LGBT+ youth online, who certainly have differing offline experiences and, it would seem, have differing online experiences too. Whilst we are often told that cyberspace is a dangerous place for young people, this is not always the case for young LGBT+ people. We know, for instance, that LGBT+ youth are more likely than heterosexual youth to have online friends. They are also more likely to view these as better than their offline friends for giving emotional support. Research with young LGBT+ people between the ages of 12 and 18 suggests that social media can also be a useful tool (Naezer 2019). They used the internet in four key ways: to build sexual knowledge; develop and play with

176

M. Todd

their identities; engage in romantic intimacies and also to gain a sense of adventure. These young people were very aware of the consequences of online behaviours and the potential risks. Rather than being reckless, they were actually very cautious. Other research supports this view. For instance, looking into the ways in which young LGBT+ people use the internet, Hillier and Harrison (2007) found that it provided a space for young people to develop their sense of identity and ‘come out’, enhance a sense of community and make friends, in addition to meeting potential sexual partners. Such relationships can be an important source of support, empathy and understanding, leading to close friendships with heterosexual and LGBT+ peers, social support and feelings of group membership (Bargh et al. 2002), thus having a positive effect on selfesteem and identity. By minimizing loneliness and social rejection, it is suggested that they can also increase social skills and help young people create relationships that occasionally move to being offline (Bargh et al. 2002). Despite these positive benefits, research suggests that LGBT+ youths’ use of the internet can simultaneously have negative consequences. For instance, social media spaces produce particular values and norms about sexuality which arguably reflect a conservatism that impacts on young people’s perceptions of sexuality. The result is a hierarchy of supposed ‘good’ and ‘bad’ sexual practices, with LGBT+ experiences falling very clearly into the ‘bad’ category (De Ridder 2017). There is also evidence to suggest that increased online participation brings with it a very real risk of decreased offline community participation. Heavy internet usage can lead to young people feeling isolated from society and engaging less with family and friends (Nie and Hillygus 2002). A large amount of time spent in cyberspace is also linked with increased feelings of depression (Carden and Rettew 2006), as is meeting people online (Boneva et al. 2006). In recent years, the media and academic research have rightly drawn attention to the violence, such as hate crimes and bullying, experienced by LGBT+ youth but have tended to ignore the fact that vulnerable LGBT+ youth may also be at increased risk of violence in their intimate relationships. Irrespective of whether online internet usage impacts either negatively or positively on mental health and sociability or does both,

‘In and Out, On and Off: LGBT+ Online Experiences’

177

there are clear suggestions that high levels of internet usage for young LGBT+ places them at risk of intimate partner abuse. Studies indicate that young LGBT+ people experience higher counts of cyberabuse, as a dynamic of intimate online relationships, than their heterosexual peers. It is argued that the levels of depression and suicidal thoughts, familial rejection and abuse, lack of peer/social acceptance, relative poor school performance and higher levels of substance abuse experienced by LGBT+ youth, make them more vulnerable to violence in their online dating relationships (Vézina and Hébert 2007). My own research into LGBT+ people’s live in the North West of England found young people, often in their first relationship, experienced pressure from partners to send sexual pictures of themselves, and also threats to ‘out’ them online (Todd 2008). Other studies reveal that abuse often consists of young LGBT+ people receiving unwanted sexual pictures of themselves, being sent threatening text messages by their partners, and having their social networking account used by partners without permission (Messinger 2017). Whilst there are similarities between offline abuse and that experienced online (both are about power and control for instance), there are several important differences (Todd 2017). For instance, online abuse does not simply involve those who abuse and those who are abused but rather involves a potentially high number of actors. There is also the ‘online disinhibition effect’ (Suler 2004), whereby users of technology do things in cyberspace that they would not normally do offline as a result of the anonymity afforded by the internet. Arguably, online abuse is more invisible to family and friends than offline abuse. Crucially, because the internet is seen as a vital source of support and a means of accessing information, various surveys, including my own, have revealed that a significant majority of those who experience abuse online would not tell parents about it because they fear it would curtail their use of the internet, or they fear it will lead to retribution. And here they would not be wrong—evidence suggests that online hate crimes can also lead to offline violence and abuse (Tsesis 2002). Thus, our LGBT+ youth are learning that online abuse is a rite of passage but they continue to use the internet because they don’t want their virtual window on the world closed down.

178

2.5

M. Todd

Sharks and Silver Surfers: LGBT+ Older People Online

The Global Information Society Watch (GISWatch 2015) argues that the internet plays a significant role in promoting sexual rights as both a source of sexual health information and as a place where people can explore and express their identities. But to what extent are older people, in particular older lesbians, included in this? For instance, certain online dating sites have excluded LGBT+ people—eHarmony, for instance, had to create a specific site (called Compatible) for LGBT+ singles in 2008, following a public court case about the exclusion of LGBT+ people from their existing website (Coleman 2012). We need to explore the experience of older LGBT+ people online and consider the impact a growth of online dating has, for instance, on more traditional, offline social spaces. The baby boomer generation, in many ways, was the generation that steered the digital age and quickly embraced what it has to offer (Athique 2013). The LGBT+ community, too, was quick to explore what cyberspace had to give. Early lesbian spaces on the internet were often mail discussion groups, which tended to be more hidden and ‘private’, thus seemingly offering a safe space for women (Wincapaw 2000). However, it is imperative that we locate these spaces within the wider social, political and economic context. As Kaplan and Moss (2003) have shown, the internet is a major site for the commission of hate crime. In particular, it is a place where LGBT+ communities are targeted (Gerstenfeld et al. 2003). The internet clearly offers the potential to access to important information about changing bodies and shifting health needs (Berdychevsky and Nimrod 2015). Scaunich (2014) argues that for older people, the internet becomes the preferred source because it avoids potentially awkward and embarrassing face to face situations with health professionals who may hold stereotypes about older people’s, especially LGBT+ people’s, health requirements. Some studies have suggested that older LGBT+ people are more likely to experience depression and loneliness compared to their heterosexual peers (Shiu et al. 2017), whilst at the same time, they are much less likely to access services designed to offer

‘In and Out, On and Off: LGBT+ Online Experiences’

179

support. In many cases, this is a direct result of homophobic discrimination either experienced or anticipated. However, much online material remains directed at younger people and is heteronormative (Riggs 2013; Bauer et al. 2015). Lesbians, for instance, have been told, erroneously, that they don’t need cervical screening and older lesbians and bisexual women remain at high risk of breast cancer (Todd 2011). As such, at best older LGBT+ people’s access to health information is restrictive and at worst, it reifies harmful stereotypes. How do older LGBT+ people fare in matters of the heart? There is no doubt that online dating is now a global phenomenon, with a significant number of people finding their partners through the internet (Hogan et al. 2011). There is also some convincing research to suggest that older people are more likely to use the internet for these purposes than their younger counterparts (Hogan et al. 2011), also evidenced by the growing number of websites targeted specifically at this age group such as Our Time® and Singles Over Sixty® , or Scruff for older gay, bisexual and trans men. Older people, it seems, constitute the fastest growing group of internet users (Perrin and Duggan 2015). A survey conducted by Match.com showed that large numbers of LGBT+ people from 18–70+ were using the internet for online dating. Before the advent of the internet, the LGBT+ ‘community’ relied on bars, clubs and social spaces (many of which were political) in order to make friends and find love or sex (Todd 2013). However, ‘the internet is displacing those classic venues’ (Rosenfeld and Thomas 2010). The relative ease with which it is possible to find online materials about LGBT+ sexual health, history or life more generally, means that traditional gay or queer spaces perhaps have less meaning for younger LGBT+ people or those coming out in later life. It also means that those who remain in the closet can still explore sex and identity in the virtual world (Usher and Morrison 2010). Many older people are pushed into online dating; it is seen as a better option than the youth-orientated bar and club scenes, where many older LGBT+ feel unwelcome (Rosenfeld and Thomas 2012; Todd 2013). Rosenfeld and Thomas (2012) claim that since 2000, for instance, 60% of LGBT+ people meet their partners online. This has prompted some to ask whether gay communities are dying, leading to a ‘diaspora of gays from traditional urban enclaves’ (Rosser et al. 2008:

180

M. Todd

588). It also means that older people are facing similar risks of online abuse, as their younger counterparts. Older lesbians I spoke to believed threats of being outed online, for instance, were ‘part of everyday life’ . A loss of LGBT+ spaces offline also means they have less access to social support if they are experiencing domestic abuse (Todd forthcoming). We also need to consider the impact of living online for older people’s sexual health in relation to this. Rates of STIs, and also HIV/AIDS, are growing amongst older people across the globe. In part, this is because sexual health education prior to the 1960s was restrictive and contemporary sexual health campaigns frequently ignore older people (Sherrard and Wainwright 2013). There have been limited studies looking at older people, STIs and online dating but studies focusing on younger people, suggest that online dating may lead to more STIs due to the relative increase in offline sexual encounters (Couch and Liamputtong 2008). Online daters, it would seem, are less likely to think about the risks of offline sexual encounters, and the growing numbers of older people using the internet to meet sexual partners, means potential exposure is greater. Also, there are greater levels of sexual risk-taking in this age group (Amin 2016). In part, this might be because the baby boomer generation have always been risk-takers and are familiar with challenging traditional norms and values (Twenge et al. 2015). However, there is also evidence to suggest that ageist, sexist and heteronormative values proliferate in the sexual health advice available on the internet (Gewirtz-Meydan et al. 2018).

2.6

Thinking Through the Matrix

Judith Butler’s (1990) notion of the hegemonic heterosexual matrix is useful here. Her conceptualization is based on Monique Wittig’s (1980) assertion that the social contract is a heterosexual one. She also uses Adrienne Rich’s (1980) idea of ‘compulsory heterosexuality’. Witttig, drawing on the work of the likes of Locke, Hobbes and Rousseau, argues that the assumptions of heterosexuality are absolutely fundamental—to live in society is to live in heterosexuality. Issues of sexual citizenship come into play here; what are the consequences for those people who are not treated

‘In and Out, On and Off: LGBT+ Online Experiences’

181

as fully part of civil society? Women, historically, have effectively been written out of the social contract, a contract presumed to be between two adult males, due to their assumed inability to transcend their bodies and live rationally (Lister 2007). In effect, LGBT+ people are also outside of the social contract. Discourses in such a society serve to erase nonheterosexuals. Through social constructions of gender, sex and sexuality, a dominant notion of heterosexuality is positioned as the benchmark norm, against which individuals both perform their own gender and sexuality but crucially, also police that of others, in accordance with social expectations and norms. LGBT+ people, young and old, are susceptible to such policing on the internet. In some ways, it might be possible for older people to exist outside of the heterosexual matrix, to be shielded from its hegemony. Older people’s bodies, for instance, are arguably not understood primarily as gendered or sexualized bodies—their intelligibility comes from their status as belonging to old bodies—a post-sexualized body, much as children have been constructed as pre-sexual beings (Renold 2006). Older people are often excluded from economic and social participation (Todd 2013). Whilst this, in many respects, is problematic (see Todd 2013), it also offers up a discursive, potentially transformative, space. The internet becomes the preferred space to get information (Adams et al. 2003), presenting older LGBT+ people with the opportunity to meet others and to explore their sexuality (Malta and Farquharson 2014). It provides a sometimes comfortable, sometimes exciting and dangerous, alternative to the club and pub scene where they don’t feel welcome (Todd 2013). In addition, the internet offers a much larger pool from which to meet new people, the lesbian dating scene, in particular, being notoriously ‘incestuous’ (Pritchard et al. 2002). Whitehead (2003) argued that there has been a dramatic rise in the numbers of older people in the dating ‘pool’—where once this was limited to younger unmarried people, more recently, with people getting married later, divorcing and wanting to remarry increasingly and living longer, there are more in the ‘market for love’. In addition, the growing legitimacy of LGBT+ relationships, has meant that older people, who may not have sought same-sex relationships as their younger selves, may now feel more comfortable seeking a partner, and are able to do so using

182

M. Todd

the ever more conventional and accepted method of online dating sites. It is important to consider, however, the extent to which LGBT+ relationships are marketed in such a way as to co-opt or assimilate them into a hegemonic model of heterosexual intimacy, ignoring the rich history of LGBT+ sexual subcultures (see Ng 2013).

3

Conclusion

Whilst in many respects, this ‘matrix’ is the basis of, and excuse for, much of the online abuse experienced by members of the LGBT+ population, it is important to recognize the ways in which, through these very discourses of normative heterosexuality, LGBT+ people, especially young people, are furnished with a language that enables them to express their sexuality and to achieve agency. Identification against the matrix provides LGBT+ people with the opportunity to experience the power of naming in the social world. In this way, we can perhaps see potentiality beyond Butler’s presentation of the heterosexual matrix as universal. LGBT+ people, young and old, are potentially finding ways to resist the heterosexual matrix online and make it less powerful. The internet is undoubtedly a valuable space for the sexually marginalized (Tsang 2002). Thus, we are entering what Plummer (1995) describes as a new telling of sex; what was once perhaps experienced as private and hidden, is now potentially open to any number of people. Cyberspace has transformed how and what we learn about sex and sexualities. It has presented the possibility of making friends or romantic partnerships on a global scale. The internet has also made it possible to explore a range of sexual identities and fetishes. In many ways, such transformation of time, space, knowledge and identity is to be welcomed. But we must not be complacent, we also need to acknowledge the potential for the sharpening of new social inequalities which the internet brings. LGBT+ people clearly constitute a minority group at risk of cyberabuse, harassment and related offline risks. For many older lesbians, for instance, being in an intimate relationship is their only form of social support (Barrett et al. 2017). Often, the initial hidden nature of relationships formed online is a pull factor but one which can create social

‘In and Out, On and Off: LGBT+ Online Experiences’

183

isolation (see Smalley 1987). This is placing older LGBT+ people in a potentially risky position; they are feeling a need to seek relationships online for affirmation and support but, paradoxically, shunning traditional, offline spaces means they are losing other avenues for support. Key structural changes are required; we need deliberate strategies to combat ageism online and offline. There needs to be more provision of sexual health material targeted specifically at older people, better access to communities offering support in a range of areas related to their health more generally. Crucially, we need to recognize older people’s sexuality in order to allow them their sexual rights, Similarly, given the ubiquity of the internet in the lives of youth today (Madden et al. 2013), we need to better understand the relationships youths form online and consider whether these relationships confer protective benefits or something more sinister. This chapter has shown that almost twice as many LGBT+ youth experience cyberbullying compared to their heterosexual peers. In particular, LGBT+ youth show significantly higher rates of all types of cyber dating abuse and sexual coercion than heterosexual youth. Much more research is needed into cyberabuse but the data available suggests it is a serious problem; the consequences are real and should not be dismissed as a ‘virtual’ byproduct of an increasingly digitalized childhood and adolescence. There is a real need for further prevention and intervention efforts specifically designed to address the needs and vulnerabilities of LGBT+ youth online. Birkett et al. (2009) have shown that when a school’s climate is perceived to be positive, it can serve as a buffer against the bullying of LGBT+ youth. In their study, counsellors at schools were trained to spot the signs of domestic abuse—an equivalent is needed to combat the abuse these young people experience online. There remain significant gaps in our knowledge. Few studies consider the experiences of transgender people online. They constitute a particularly marginalized group within the LGBT+ ‘community’. Of the limited evidence we have, it seems clear that transgender youth report the highest rates of victimization with regard to all forms of interpersonal abuse, including cyber abuse. The push and pull factors for life off and online are complicated and overlapping. Abuse can occur at any time and in any place. Home never

184

M. Todd

was a ‘haven in a heartless world’ for those experiencing interpersonal abuse but it is clear that cyberspace is also no longer (if it ever was) a refuge for those who are abused.

References Adams, M., Oye, J., & Parker, T. (2003). Sexuality of Older Adults and the Internet: From Sex Education to Cybersex. Sexual Relationship Therapy, 18(3), 405–415. Amin, I. (2016). Social Capital and Sexual Risk-Taking Behaviours Among Older Adults in the United States. Journal of Applied Gerontology, 35 (9), 982–999. Athique, A. (2013). Digital Media and Society: An Introduction. Cambridge: Polity Press. Barrett, C. (2008). My People: Exploring The Experiences of Gay, Lesbian, Bisexual, Transgender and Intersex Seniors in Aged Care Services. Melbourne: Matrix Guild Victoria and Vintage Men. Barrett, C., Whyte, C., Comfort, J., Lyons, A., & Crameri, P. (2017). Social Connection, Relationships and Older Lesbian and Gay People. In W. Bouman & P. Kleinplattz (Eds.), Sexuality and Ageing. London: Routledge. Balsam, K., & D’Augelli, A. (2006). The Victimization of Older LGBT Adults: Patterns, Impact and Implications for Intervention. In D. Kimmel, T. Rose, & S. David (Eds.), Lesbian, Gay, Bisexual and Transgender Aging: Research and Clinical Perspectives. New York, NY: Columbia University Press. Bargh, J., McKenna, K., & Fitzsimons, G. (2002). Can You See the Real Me? Activation and Expression of the “True Self ” on the Internet. Journal of Social Issues, 58(1), 33–48. Bauer, M., Haesler, E., & Fetherstonhaugh, D. (2015). Let’s Talk about Sex: Older People’s Views on the Recognition of Sexuality and Sexual Health in the Health-Care Setting. Health Expectations, 19 (6), 1237–1250. Beck, U. (1992). Risk Society: Towards a New Modernity. London: Sage. Beckmann, A. (2009). The Social Construction of Sexuality and Perversion: Deconstructing Sadomasochism. Basingstoke: Palgrave Macmillan. Berdychevsky, L., & Nimrod, G. (2015). “Let’s Talk about Sex”: Discussions in Seniors’ Online Communities. Journal of Leisure Research, 47 (4), 467–484.

‘In and Out, On and Off: LGBT+ Online Experiences’

185

Birkett, M., Koenig, B., & Espelage, D. (2009). LGB and Questioning Students in Schools: The Moderating Effects of Homophobic Bullying and School Climate on Negative Outcomes. Journal of Youth and Adolescence, 38(7), 989–1000. Boneva, B., Quinn, A., Kraut, R., Kiesler, S., & Shklovski, I. (2006). Teenage Communication in the Instant Messaging Arena. In R. Kraut, M. Brynin, & S. Kiesler (Eds.), Computers, Phones and the Internet: Domesticating Information Technology. New York: Oxford University Press. Borzekowski, L., Fobil, J., & Asante, K. (2006). Online Access by Adolescents in Accra: Ghanaian Teens’ Use of the Internet for Health Information. Developmental Psychology, 42(3), 450–458. Brown, M. (2005). Sex, Scale and the ‘New Urban Politics’. In D. Bell & G. Valentine (Eds.), Mapping Desire. London: Routledge. Butler, J. (1990). Gender Trouble: Feminism and the Subversion of Identity. London: Routledge. Carden, R., & Rettew, S. (2006). Internet Chat Room Use, Satisfaction with Life and Loneliness. Psychological Reports, 98(1), 121–122. Coleman, P. (2012). eHarmony and Homosexuals: A Match Not Made in Heaven. Quinnipiac Law Review, 30, 727–766. Cronin, A., & King, A. (2014). Only Connect? Older Lesbian, Gay and Bisexual (LGB) Adults and Social Capital. Ageing & Society, 34, 258–279. Couch, D., & Liamputtong, P. (2008). Online Dating and Mating: The Use of the Internet to Meet Sexual Partners. Qualitative Health Research, 18(2), 268–279. Cvetkovich, A. (2003). An Archive of Feelings. Durham, NC: Duke University Press. DeLamater, J., Koepsel, E., & Johnson, T. (2017). Changes, Changes? Women’s Experience of Sexuality in Later Life. Sexual and Relationship Therapy, 34 (2), 211–227. Detrie, P., & Lease, S. (2007). The Relation of Social Support, Connectedness, and Collective Self-Esteem to the Psychological Well-Being of Lesbian, Gay, and Bisexual Youth. Journal of Homosexuality, 53(4), 173–199. De Ridder, S. (2017). Social Media and Young People’s Sexualities: Values, Norms, and Battlegrounds. Social Media and Society, 3(4), 1–11. Drushel, B. (2010). Virtually Supportive: Self-Disclosure of Minority Sexualities through Online Social Networking Sites. In C. Pullen & M. Copper (Eds.), LGBT Identity and Online New Media. London: Routledge.

186

M. Todd

Dubois, V., & Meon, J.-M. (2013). The Social Conditions of Cultural Domination: Field, Sub-field and Local Spaces of Wind Music in France. Cultural Sociology, 7 (2), 127–144. Ferguson, D. (2019, Tuesday May 28). Fear of LGBT-Inclusive Lessons Harks Back to 80s, Says Peter Tatchell. The Guardian. Fredriksen-Goldsen, K. (2011). Resilience and Disparities among Lesbian, Gay, Bisexual, and Transgender Older Adults. Public Policy Aging, 21(3), 3–7. Gallopin and Leigh. (2009). Teen Perceptions of Dating Violence, HelpSeeking, and the Role of Schools. Prevention Researcher, 16 (1), 17–20. Gerstenfeld, P., Grant, D., & Chiang, C.-P. (2003). Hate Online: A Content Anlysis of Extremeist Internet Sites. Analyses of Social Issues and Public Policy, 3(1), 29–44. Global Information Society Watch. (2015). Sexual Rights and the Internet. Association for Progressive Communications. https://www.apc.org/en/pubs/ global-information-society-watch-2015-sexual-right. Accessed 12 November 2019. Gray, N., Klein, J., Noyce, P., Sesselberg, T., & Cantrill, J. (2005). Health Information-Seeking Behaviour in Adolescence: The Place of the Internet. Social Science and Medicine, 60 (7), 1467–1478. Green, M., Bobrowicz, A., & Ang, C. S. (2015). The Lesbian, Gay, Bisexual and Transgender Community Online: Discussions of Bullying and SelfDisclosure in YouTube Videos. Behaviour and Information Technology, 34 (7), 1–9. Gewirtz-Meydan, A., Hafford-Letchfield, T., Benyamini, Y., Phelan, A., Jackson, J., & Ayalon, L. (2018). Ageism and Sexuality. In L. Ayalon & C. Tesch-Römer (Eds.), Contemporary Perspectives on Ageism. Springer Open: Gewerbestrasse, Switzerland. Heidari, S. (2016). Sexuality and Older People: A Neglected Issue. Reproductive Health Matters, 24 (48), 1–5. Hillier, L., & Harrison, L. (2007). Building Realities Less Limited Than Their Own: Young People Practising Same-Sex Attraction on the Internet. Sexualities, 10 (1), 82–100. Hinduja, S., & Patchin, J. (2010). Bullying, Cyberbullying, and Suicide. Archives of Suicide Research: Official Journal of the International Academy for Suicide Research, 14 (3), 206–221. Hogan, B., Dutton, W., & Li, N. (2011). A Global Shift in The Social Relationships of Networked Individuals: Meeting and Dating Online Comes of Age. University of Oxford: Oxford Internet Institute.

‘In and Out, On and Off: LGBT+ Online Experiences’

187

Kaplan, J., & Moss, M. (2003). Investigating Hate Crimes on the Internet. Wshington, DC: Partners Against Hate. Kosciw, J., Greytak, E., Palmer, N., & Boesen, M. (2013). The 2013 National School Climate Survey: The Experiences of Lesbian, Gay, Bisexual and Transgender Youth in Our Nation’s Schools. New York: GLSEN. Kroker, M., Kroker, A., & Cook, D. (1989). Panic Encyclodeia. Basingstoke: Macmillan. Lister, R. (2007). Why citizenship: where, when and how children? Theoretical Inquiries in Law, 8(2), 693–718. Madden, M., Lenhart, A., Cortesi, S., Gasser, U., Duggan, M., Smith, A., & Beaton, M. (2013). Teens, Social Media, and Privacy. Washington, DC: Pew Internet and American Life Project. Malta, S., & Faruharson, K. (2014). The Intitiation and Progression of LateLife Romantic Relationships’. Journal of Sociology, 50 (3), 237–251. Marcuse, H. (1964). One-Dimensional Man: Studies in the Ideology of Advanced Industrial Society. Boston: Beacon Press. Martin, K. (2009). Normalizing Heterosexuality: Mothers’ Assumptions, Talk, and Strategies with Young Children. American Sociological Review, 74 (2): 190–207. Messinger, A. (2017). LGBTQ Intimate Partner Violence: Lessons for Policy, Practice and Research. Oakland, CA: University of California Pres. Mustanski, B., Newcomb, M., & Garofalo, R. (2011). Mental health of Lesbian, Gay, and Bisexual Youth: A Developmental Resiliency Perspective. Journal of Gay and Lesbian Social Services, 23(2), 204–225. Naezer, M. (2019). Adventure, Intimacy, Identity and Knowledge: Exploring How Social Media are Shaping and Transforming Youth Sexuality. Cambridge: Cambridge University Press. Nie, N., & Hillygus, D. (2002). The Impact of Internet Use on Sociability: Time-Diary Findings. IT & Society, 1(1), 1–20. Ng, E. (2013). A “Post-Gay” Era? Media Gaystreaming, Homonormativity, and the Politics of LGBT Integration. Communication, Culture and Critique, 6 (2), 258–283. O’Riordan, K. (2018). Queer digital cultures. In S. Somerville (Ed.), The Cambridge Companion to Queer Studies. Cambridge: Cambridge University Press. Palfrey, J., & Gasser, U. (2008). Born Digital: Understanding the First Generation of Digital Natives. New York: Basic Books. Perrin, A., & Duggan, M. (2015). Americans’ Internet Access: 2000–2015. Pew Research Center.

188

M. Todd

Plummer, K. (1995). Telling Sexual Stories: Power, Change and Social Worlds. London: Routledge. Powell, A., & Henry, N. (2017). Sexual Violence in a Digital Age. London: Palgrave Macmillan. Pritchard, A., Morgan, N., & Sedgley, D. (2002). In Search of Lesbian Space? The Experience of Manchester’s Gay Village. Leisure Studies, 21(2), 105– 123. Renold, E. (2006). They Won’t Let Us Play … Unless You’re Going Out With One of Them: Girls, Boys and Butler ‘s’ Heterosexual Matrix in the Primary Years. British Journal of Sociology of Education, 27(4), 489–509. Rich, A. (1980). Compulsory Heterosexuality and Lesbian Existence. Signs, 5 (4), 631–660. Riggs, D. (2013). Heteronormativity in Online Information about Sex: A South Australian Case Study. Contempory Issues in Early Childhood, 14 (1), 72–80. Rosenfeld, M., & Thomas, R. (2010). How Couples Meet and Stay Together. Stanford, CA: Stanford University Libraries. http://data.stanford.edu/hcmst. Rosenfeld, M., & Thomas, R. (2012). Searching for a Mate: The Rise of the Internet as a Social Intermediary. American Sociological Review, 77 (4), 523– 547. Rosser, S., West, W., & Weinmeyer, R. (2008). Are Gay Communities Dying or Just in Transition? Results from an International Consultation Examining Possible Structural Change in Gay Communities. AIDS Care, 20 (5), 588– 595. Scaunich, S. (2014). The Sexual Health of Women Aged 50 and Over: A Literature Review. Dandenong, Australia: Women’s Health in the South East. Sherrard, J., & Wainwright, E. (2013). Sexually Transmitted Infections in Older Men. Maturitas, 74 (3), 203–205. Shiu, C., Kim, H. J., & Fredriksen-Goldsen, K. (2017). Health Care Engagement Among LGBT Older Adults: The Role of Depression Diagnosis and Symptomatology. The Gerontologist, 57 (1), 105–114. Smalley. (1987). Dependency Issues in Lesbian Relationships. Journal of Homosexuality, 14 (1–2), 125–135. Sterling, B. (2000). Distraction. London: Millenium. Suler, J. (2004). The Online Disinhibition Effect. CyberPsychology & Behaviour, 7 (3), 321–326. Todd, M. (2008). Troubling Tales: Exploring Responses to Lesbian Domestic Violence. Unpublished thesis: Newcastle University.

‘In and Out, On and Off: LGBT+ Online Experiences’

189

Todd, M. (2011). Sexuality and Health. In A. Barry & C. Yuill (Eds.), Understanding the Sociology of Health. London: Sage. Todd, M. (2013). Blue Rinse Blues? Older Lesbians’ Experiences of Domestic Violence. In T. Sanger & Y. Taylor (Eds.), Mapping Intimacies: Relations, Exchanges, Affects. London: Palgrave Macmillan. Todd, M. (2017). Virtual Violence: cyberspace, misogyny and online abuse. In T. Owen, W. Noble, & F. Speed (Eds.), New Perspectives on Cybercrime. London: Palgrave Macmillan. Todd, M. (forthcoming). Thinking the Unthinkable: Older Lesbians, Sex and Violence. In P. Simpson, P. Reynolds & T. Hafford-Letchfield (Eds.), Sex and Diversity in Later Life. Bristol: Policy Press. Tsesis, A. (2002). Destructive Messages: How Hate Speech Paves the Way for Harmful Social Movements. New York: New York University Press. Tsang, D. (2002). Notes on Queer ‘n’ Asian Virtual Sex. In D. Bell & B. Kennedy (Eds.), The Cybercultures Reader. London: Routledge. Twenge, J., Sherman, R., & Wells, B. (2015). Changes in American Adults Sexual Behavior and Attitudes, 1972–2012. Archives of Sexual Behaviour, 44, 2273–2285. Usher, N., & Morrison, E. (2010). The Demise of the Gay Enclave: Communication and Infrastructure Theory and and the Transformation of Gay Public Space. In C. Pullen & M. Cooper (Eds.), LGBT Identity and Online New Media. New York: Routledge. Vézina, J., & Hébert, M. (2007). Risk Factors for Victimization in Romantic Relationships of Young Women: A Review of Empirical Studies and Implications for Prevention. Trauma, Violence & Abuse, 8(1), 33–66. Weeks, J. (2007). The World We Have Won: The Remaking of Erotic and Intimate Life. London: Routledge. Whitehead, B. (2003). Why There Are No Good Men Left: The Romantic Plight of the New Single Woman. New York: Broadway Books. Willey, A. (2016). Undoing Monogamy: The Politics of Science and the Possibilities of Biology. Durham, NC: Duke University Press. Wincapaw, C. (2000). The Virtual Spaces of Lesbian and Bisexual Women’s Electronic Mailing Lists. Journal of Lesbian Studies, 4 (1), 45–59. Wittig, M. (1980/1992). The Straight Mind. In M. Wittig (Ed.), The Straight Mind and Other Essays. Boston, MA: Beacon Press.

The Internet-of-Things: A Surveillance Wonderland Tine Munk

1

Introduction

The Internet-of-Things (IoT) has obtained an integrated position in everyday life. The use of various smart devices in IoTs makes everyday life easier and more efficient. IoTs are extending the Internet connectivity beyond standard devices, such as laptops, mobile phones and tablets, by turning traditional physical objects into Internet-connected devices communicating and interacting in a networked formation— as well as enabling the devices to be controlled and monitored from a distance (Rouse 2018). Technological developments enable manufacturers to design and produce devices at an unprecedented pace. New IoT devices are developed continuously, and new smart areas added to the existing market. Moreover, existing devices and networks are upgraded, and their ability to perform is extended to become more useful and efficient. There is a constant race to fulfil the global demand for T. Munk (B) Middlesex University, London, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_10

191

192

T. Munk

IoT and smart devices. This demand makes IoT devices inexpensive, unremarkable and omnipresent (Rosner and Kennealy 2018: 13–14). The use of IoT devices with inbuilt network access, sensors, storage, reduction, location tracking are undoubtedly beneficial to users. However, the cheap devices and the increasing use have a negative sideeffect. The data generated by these devices becomes a commodity and the lack of regulation and security creates a grey-zone for monitoring and tracking online users. Data collection constitutes a particular security concern as IoT devices do not have the necessary security protection embedded, which opens up for surveillance and data collection on an unprecedented scale. This chapter investigates the growing use of IoT devices and the different issues with a lack of a comprehensive legislative framework. The vulnerabilities that enable them to be turned into spying objects. This chapter will predominately focus on the European General Data Protection Regulation (GDPR) implemented in 2018, and it covers an essential area, ‘privacy by design and by default’, central to managing privacy vulnerabilities in IoT devices. Currently, the GDPR is only a regional data protection legislation developed to cover the European Union (EU) Member States (European Union 2016). The research is centred around data collection from smart TVs and the risk associated with these IoT devices; spanning from hackers to state security actors and businesses who want access to the insecure devices to directly or indirectly gather data. The justification for the security lack needs to be seen in conjunction with the interests of these actors and how they benefit from this largely unregulated area to collect data.

2

Defining the Internet-of-Things (IoT)

In 1999, Ashton introduced the concept of Internet-of-Things (IoT) conceptualising the system of objects connected to the Internet through sensors. Over time, the IoT has become ‘a popular term for describing scenarios in which internet connectivity and computing capability extend to a variety of objects, devices, sensors, and everyday items’ (Weber and Studer 2016: 718). The International Telecommunication

The Internet-of-Things: A Surveillance Wonderland

193

Union (ITU) defines IoT as ‘a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies’ (Weber and Studer 2016: 718; ITU 2019). Whereas the European Union Agency for Cyber Security (ENISA) defines IoT as ‘a cyber-physical ecosystem of interconnected sensors and actuators, which enables intelligent decision making’ (ENISA 2017). IoT adds a new dimension to information and communication technologies where the interconnectedness transforms the physical devices into smart objects (Weber and Studer 2016: 718; Holt et al. 2018: 144; Yar and Steinmetz 2019: 59). The networking, communication and connectivity protocols used with IoT devices are dependent on the specific IoT application deployed and linked to numerous different everyday processes and practices, i.e. thermostats, refrigerators, lighting, security systems, manufacturing processes, sensors, health monitors, roads, cars and cameras, etc. (Yar and Steinmetz 2019: 255; Bradley 2018; Rosner and Kennealy 2018: 56; Rouse 2018). Forecasts from cyber-security companies propose that there will be approximately 20 billion IoT devices worldwide by 2020 (DDCMS 2018: 6; Gartner 2017; Rouse 2018).

2.1

IoT Vulnerabilities

The increase in cyber-security incidents requires all actors involved in IoT processes to strengthening cyber resilience; especially those industrial operators who are designing and operate IoT devices (ENISA 2018: 7; PCAST 2014: 41). According to ENISA (2019), actors involved in the manufacturing structure often fails developing an appropriate security framework for securing new technologies as well as maintaining existing structures. Manufacturers and businesses are rarely considering security and safety together at the design stage, and this creates unnecessary security flaws (ENISA 2019: 4). The security gap makes IoT devices more vulnerable compared to traditional IT endpoints. The IoT devices are not designed to have the same level of processing power and security protection compared with

194

T. Munk

traditional computer devices, such as the ability to install protective security software, firewalls or antivirus software. The IoT devices have inbuilt ‘backdoors’ for maintenance, but these are not accessible by the actual online users. Nevertheless, these vulnerabilities make the devices more vulnerable to unauthorised access exploiting computer systems or networks (Towers-Clark 2019). Another security issue is the missing ability for configuring and updating devices to patch known vulnerabilities. Pathways to repair security flaws are not always recognised by manufactures (CSA 2018: 4). As a result, these IoT devices are being used as an entry point for cybercriminals to access the whole system and network through nonprotected devices. There are numerous risks to the users, and these can be linked to the more traditional types of crimes for financial, political or personal gain. However, they can also cover more specific privacy violations. For example, invade private communications; violate privacy in an online user’s virtual home; public disclosure private data; trace and disclose private location data; foreclosure of individual autonomy or selfdetermination; loss of anonymity and private associations (PCAST 2014: 7–8).

2.2

The Legislative Framework

Initiatives have been launched in a global environment to increase the protection of data and IoT devices. For example, the US aimed to improve IoT security by adopting the US IoT Cybersecurity Improvement Act 2017. Likewise, the Governor of California signed the first IoT cybersecurity law that will be implemented in 2020 (CNet 2018). This act requires manufacturers to include reasonable security feature in Internet-connected devices (ENISA 2018: 9). The US Department of Homeland Security, NIST and other entities have addressed the gowning security problem by producing and publishing guidelines, frameworks and other non-binding documents. These initiatives are similar to those promoted by the EU. However, a central feature is that these attempts

The Internet-of-Things: A Surveillance Wonderland

195

to regulate the area are based on best practices, guidelines and selfregulation (Stouffer et al. 2017; The US Department of Homeland Security 2016; ENISA 2018: 8). In 2019, the European Telecommunication Standards Institute (ETSI) launched the first international set of standards covering Internetconnected consumer devices with a Code of Practices to cover the current needs for security (DDCMS 2019b). Additionally, the UK government developed in 2019 a Code of Practice for Consumer IoT Security (DDCMS 2019a). The UK also aims to introduce new legislation for other Internet-connected devices. This legislative framework should ensure that the IoT devices connected to the Internet are better protected from cyber-attacks. However, this initiative only covers one minor aspect of the IoT. Therefore, security gaps remain in other equally important IoT areas (Towers-Clark 2019).

2.3

European Initiatives: Privacy by Design and Default

In 2015, The EU introduced the Digital Single Market Strategy, which also covers IoT. The strategy is aiming to address the concerns regarding insecure IoT devices and the open accesses to devices and networks (ENISA 2018: 7; European Commission 2019). Following the same regulatory framework, the European General Data Protection Regulation from 2018 (GDPR) has inbuilt privacy by design and by default deriving from the security-by-design guidelines developed by ENISA (ENISA 2017; EU GDPR 2019; European Union 2016). The GDPR addresses the legislative data protection gap in IoT devices by creating a legal obligation for data controllers and processors (Art. 24) (ENISA 2019; EU GDPR 2019; European Union 2016) The data controller decides the purposes for how and why the personal data is processed, and data processors only process the personal data on behalf of the data controller (Art. 24–43). The regulation explicitly references purpose limitations [Art. 5(1)(b)] and data minimisation [Art. 5(1)(c)] (ICO 2020). Sometimes data collection would not raise any concerns about the process and

196

T. Munk

the use. New information from data sets might benefit society. Nevertheless, the same data set have the potential to cause harms if the databases are linked together across domains or if the data is not protected during the process (ENISA 2014: 6; PCAST 2014: 13). The GDPR outlines obligations concerning data protection by design and by default [Art. 25(1) and (2)], based on two fundamental principles: privacy-by-design and security-by-design (ICO 2020). Firstly, all data are protected by design and data controllers should be restricted to only storing the data as long as necessary. Moreover, data controllers are restricted to only process personal data related to explicitly defined tasks based on user consent (Art. 7). Secondly, the data collected should implement pseudonymisation and other safeguards from the actual data collection point (Art. 25) (Raja 2019; ENISA 2019; European Union 2016). Thirdly, there is a transparency requirement. All information and communication that is related to the personal data process should be easily accessible and easy to understand (Recital 39). By using this concept, data processing practices would place privacy, data protection and security checkpoints central throughout the entire process from the concept stage, development, testing, go-live, production to the end-of-life stage (Simberkoff 2016).

2.3.1 Privacy-by-Design The GDPR defines personal data as all information, which can be used on its own—or in conjunction with other data sets to identify an individual, such as IP addresses, mobile device identifiers, geolocation and biometric data related to an individual’s physical, psychological, genetic, mental, economic, cultural or social identity (Art. 4) (PrivSec Report 2018; European Union 2016). The GDPR is posing responsibilities on the data controllers and processors by including privacy-by-design as a legal requirement throughout the whole life cycle of the device (EU GDPR 2019; European Union 2016). Due to the lack of transparency about data collection, the online IoT users are often unable to identify the countless number of actors involved in the data collecting and processing procedures despite the

The Internet-of-Things: A Surveillance Wonderland

197

transparency requirement in the GDPR. These processes do not only include advertisers and publishers, but also advert networks, advert exchanges, analytics services, affiliate marketers, market researchers and search engine optimisers. Tech businesses and manufacturers also collect data about the devices and app uses and user behaviours. On the state level, security actors collect metadata, create profiles, access and process information about individual behaviour and locations. As a result, behavioural targeting challenges EU GDPR’s principles of transparency and consent (Tene 2011; Rosner and Kennealy 2018). Privacy online is problematic. Online users are involuntary giving up their privacy when they are using various online platforms and applications— and through their use of social media, they surrender a large amount of private information (Yar and Steinmetz 2019: 260–261). However, there is a distinction between what willingly are being uploaded and the data is collected unknowingly to the users. Online surveillance is rising, and online users are losing the battles to gain control over their private data despite the introduction of the GDPR.

2.3.2 Security-by-Design To improve the security framework and protect privacy, security-bydesign needs to be developed in synergy with the other initiative to reduce the opportunities for illegal intrusion. It is imperative that the security systems are accessible, straightforward, and they have an adequate level of defence. Security-by-design is based on a set of principles within hardware and software developments to reduce the risk of illegal access and data compromises. Within the EU, security-by-design needs to comply with the GDPR, such as limiting the data collection to what is necessary and pseudonymise the data generated (Art. 4) (Raja 2019). Security-by-design practices incorporate essential security elements to perform routine updates, control access, turn off the universal plug and play, improve authentication and password protection, and secure connections and networks. Moreover, security-by-design includes regular system testing to seek out security vulnerabilities (Raja 2019; DDCMS 2018).

198

3

T. Munk

A Hacking Wonderland

The lack of security-by-design creates a route for cybercriminals to alter computer hardware or software to access and control computer systems. Hacks can circumvent security protocols, obtain information or access information on computer systems and protected resources (Holt et al. 2018: 49–51; Yar and Steinmetz 2019: 58). The frequency of these illegal intrusions is on the rise in conjunction with technological developments. Often IoT devices are linked to an app on a smartphone which becomes the connecting hub to other IoT devices and systems—as well as data stored on the devices (Yar and Steinmetz 2019: 59). This makes smartphones an entry point for hackers into the entire network. The sky is the limit for the hackers as there are very few security obstacles inbuilt in these devices which they cannot easily circumvent. It is not only about securing the hardware and the software; users need to understand the different security measures introduced (DDCMS 2018). Most online users tend to forget that IoT devices are small computer systems with direct links to Wi-Fi systems and networks. This link constitutes a significant problem due to the interconnectivity and the data processes. While it is correct to secure the hardware and improve the actual knowledge about security-by-design, the networking part is largely overlooked from a regulatory perspective. It creates a false sense of security if the focus is only on endpoint vulnerabilities (TowersClark 2019). It does not matter how secure the actual hardware is if the network related to IoT devices, such as Wi-Fi routers, are liable to attacks or hijacking. Often the understanding of network security is limited, and the overall focus is on the devices. IoT devices are designed to blend into the environment by taking the form of familiar objects upgraded with networking, sensors and other new functions, i.e. smart wearables. Moreover, devices are designed to mirrors something users already know, and they forget that these items are small computer devices which also require security. The Amazon Echoes look like speakers; Hello Barbie looks like a traditional Barbie doll; smart televisions look like a conventional television (Rosner and Kennealy 2018: 55).

The Internet-of-Things: A Surveillance Wonderland

199

Hackers are actively using online botnets based on unprotected IoT devices server capacities to launch Dos and DDoS attack by overflooding websites and servers with internet traffic. In 2016, the Mirai botnet consisted of 100.000 insecure IoT devices infected with the Mirai malware. The insecure IoT devices were used to attacking the Internet performance management and application security company Dyn. By launching an attack against Dyn, hackers were able to shut down all Dyn’s customers at the same time (Munk 2018: 235; Kan 2016; Holt et al. 2018: 144; Yar and Steinmetz 2019: 63). The important lesson to be learned from this attack was that a large number of IoT users had not changed from factory settings to a personal password. This created an opportunity for hackers to interlink IoT devices to generate enough server capacity to carry out the attack. Despite the impact of this large-scale attack and the use of IoT devices, it has not prompted new legislations, processes and practices to enhance cyber-resilience.

4

The Increasing Surveillance Culture

IoT devices have a significant potential to improve lives and behaviours, procedures and practices, save resources and lowering costs; it is crucial that online users are considering how much personal autonomy and privacy they can accept to lose (Dennis 2014). Online surveillance is enhanced using IoT devices to collect information about online users. Surveillance can be defined as any systematic and routine attention to personal details for a specific or aggregated purpose (Lyon 2015: 3). Several actors are involved in direct or indirect surveillance using the IoT devices for data collection or spying of the users.

4.1

Governmental Actors and Surveillance

Similar to manufactures and tech businesses, governmental security actors are not pushing for more security and privacy protection of IoT devices. By improving the legislative foundation, governmental actors could potentially remove a gateway into IoT devices and networks useful

200

T. Munk

for constant monitoring of possible security threat to the state. IoT data can be used to detect, monitor and profile the behaviour of a person. For example, data can reveal the actual use of the device; smart thermostats and lightning can reveal the owner’s location; devices that are biometrically triggered can identify the user. The IoT market is rapidly increasing, and the use generates a vast amount of data, which can be intercepted. Moreover, a large number of devices are designed with cameras and microphones that create pathways for direct surveillance. Of course, there can be legitimate and warranted reasons for law enforcement and security actors to carry out surveillance and intercept information on a broader scale compared with traditional surveillance means and methods (Thielman 2016; PCAST 2014: 41; Dennis 2014). Governmental security actors’ data collection differs from businesses. Governments worldwide are not driven by market competition, and the actual surveillance is, therefore, subject to different rules and accountability. Exemptions are included in various legislations, which give law enforcement and national security actors’ more extensive surveillance powers. Nevertheless, Snowden’s revelations in 2013 questioned security actors means and methods to collect metadata as well as the inadequate oversight mechanisms (Harding 2014; Lyon 2015). The revelations exposed the lack of transparency and accountability regarding the actual data collection process, which remains unsolved about surveillance using IoT devices (The Guardian 2013). However, the idea of transparency is desirable but not something that is easily obtained as security actors protect their secret data collection.

4.1.1 A Governmental IoT Surveillance IoT packed with sensors, and wireless connectivity is the foundation for future data collection allowing security actors to analyse fine gained information about the surrounding environment as a part of surveillance practices (Storm 2016b; BCIS 2016: 13). In 2016, Clapper, the former US Director of National Intelligence, argued that due to the online risks and the constantly changing threats, intelligence services might use ‘the IoT devices for identification, surveillance, monitoring, location

The Internet-of-Things: A Surveillance Wonderland

201

tracking, and targeting for recruitment or gain access to networks or user credentials’ (Storm 2016a; SASC 2016; Thielman 2016). The privacy issues related to the security practices will only improve if there is a global consensus to harmonises ‘privacy by design and by default’. Although the GDPR offers extensive protection for EU citizens (Art. 3), the regulation does not provide an absolute right (Art. 2). The Member States can legally restrict certain obligations and rights, if they deem it necessary and proportional to safeguard specific interests—and if it is done by law; for example, national security, defence and public security [Art. 23(1)] (Art. 90) (European Union 2016). The GDPR clearly states that exceptions can include ‘competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security’ [Art. 2(2)(d)]. Therefore, the surveillance practices, highlighted by Clapper, could also be used in the EU despite the GDPR. Clapper’s argument raises important questions regarding the use of IoT devices embedded in everyday objects. These IoT objects would become prime mechanisms for future surveillance: Alternative intelligence-gathering IoT pathways could potentially fill in gaps in traditionally intelligence gathering (BCIS 2016: 13). This development should trouble everyone if access to a vast amount of data from a large group of online users is only a warrant away (Zittrain 2016). For example, the UK Investigatory Powers Act 2016 allows state actors to hack into computers, tablets and phones and collect the content of personal digital communication (Liberty 2020; Gov.UK 2016). The IoT devices are continuously transmitting data into servers through insecure processes, which makes interception of data easily accessible for security actors (Thielman 2016). There is currently no incitement for governments to remove the practice. Especially if the security actors argue that it is vital for state-security to be able to monitor suspects. Moreover, it would be difficult for governments to block this practice if the security actors are using the ‘preventing terrorism’ argument to justify the data collection.

202

T. Munk

4.1.2 Smart TV Surveillance Due to the IoT devices, it is possible to obtain data legally as well as illegally using insecure gateways into the system, i.e. microphones and cameras. These devices can be used for monitoring purposes by cybercriminals, businesses and manufacture and governmental security actors. This ability to use these smart devices as surveillance tools increase the need to enhance ‘privacy by design and by default’. In 2017, Wikileak uploaded several documents regarding the CIA’s digital specialists IoT hacking practices. The documents disclosed a surveillance tool called ‘Weeping Angel’, which could turn a Samsung F8000 smart TV set into a live microphone (Brandom 2017). The tools used to attack Samsung smart TV was developed in 2014 by US security actors and the UK’s MI5/BTSS (MacAskill et al. 2017; Hollister 2017; Brandom 2017). When using this programme, the TV set appears to be switched off, but it is still operating on a ‘fake off ’ mode transmitting conversations directly to a covert server. The original version of ‘Weeping Angel’ would only work with the Samsung’s F-Serie models and there was a limitation regarding how to infect the devices as a physical USB device needed to be plugged into the smart TV (Brandom 2017; Hollister 2017; Cimpanu 2017). Clearly, the ‘Weeping Angel’ has future potentials to activate the TV camera remotely similar to microphones (Costello 2019; MacAskill et al. 2017). With the technological development and the regulatory standstill, it is likely that security actors and hackers have overcome this issue and is now able to access the data directly without the USB device. If the US/UK security actors are using technologies and practices like the ‘Weeping Angel’ and other more advanced tools, other actors would have adopted similar surveillance tools and practices. Notably, the security agencies are not likely to argue for more protection on these devices as they would lose an important gateway into smart IoT devices (Brandom 2017).

The Internet-of-Things: A Surveillance Wonderland

4.2

203

Private Data Surveillance

It is not only governmental security actors who can see the benefits of keeping the IoT ecosystem unprotected. Data trade and profiling of costumers are just new terms for surveillance. Private companies are developing surveillance practices; although, they are branding it differently by calling it data trade. Predominately, the justification for this practice is that there is a need for remote access to systems for maintenance as well as being able to monitor the use of the devices, the behaviour of the customers and gather information to improve the IoT products. Surveillance, profiling of costumers and data trade has become a significant commodity. The differences between public and private data controllers and processors are visible as the private companies need to adhere to the GDPR. Data controllers and data processors are facing some restrictions as they are required to inform their users about the practices and gain consent. However, technological development operates in their favour. The online users do not have an option to choose a traditional TV set without these smart devices as these are no longer a part of the product line.

4.2.1 Businesses’ IoT Surveillance Smart TVs are a central feature in most private homes, and they are creating several types of data sets. Data from Samsung TVs have for years transmitted data back to the company and third parties. The practice is vaguely described in Samsung’s privacy policy (Samsung 2019). The Samsung privacy policy attempts to remove its liability for third-parties use of data related to voice recognition, gesture control and facial recognition which are all features that can be included in surveillance, i.e. businesses and states (BCIS 2016; Samsung 2019). Other IoT devices have similar features inbuilt in their TVs, which can enable surveillance and data trade by collecting information about the use of the TV and the users’ habits, behaviour and preferences. It is worrying that the IoT devices collect data beyond the actual purpose—and the data collection

204

T. Munk

is linked to the default settings, which often cannot be changed (Rosner and Kennealy 2018: 87; PCAST 2014). Smart TVs can transmit important information about the actual use of the devices as well as the users’ streaming habit and app use (Willcox 2019; Ng 2019; Costello 2019; Montalbano 2019). It is a standard practice to collect data on viewers using the Automatic Content Recognition (ACR) software. This software gathers information about every aspect of the actual use, which later is shared with the manufacturers, various businesses, advertisers and other third-parties. A large number of these smart TV devices transmit personal data about the use to companies beyond the device manufacturers. Smart TV manufacturers are often bound by a contract to include Google, Akamai and Microsoft on their devices to be able to use the cloud and networking services provided for smart-device operations (Montalbano 2019; Ng 2019).

4.2.2 Smart TV Surveillance The Amazon Fire TV Edition platform is incorporated in several models from Insignia and Toshiba sold through Amazon and Best Buy. Amazon is claiming that it does not use the ACR software, cable set-top boxes or any other non-Amazon devices that are interlinked to their smart TVs. However, the company fails to outline the process of collecting information through streaming apps available on the Fire TV platform, such as Netflix. The company is already collecting data about live streaming on Amazon Prime, which can be merged with the data set from the smart TV. The devices and incorporated apps can collect and share a significant amount of sensitive data about the use of the platform (Willcox 2019; Murgia 2019). Additionally, Amazon’s Fire TV Edition is now capable of powering soundbars and smart TV products that are integrated into vehicles. These screens offer hands-free Alexa, touch-screen interfaces and offline playback capabilities. These new additions are allowing customers to stream, Prime Video, Amazon FreeTime or Netflix by using the WiFi or LTE connection in the vehicle. This new development transmits even more data back to the company about the users and their behaviour (Perez 2020).

The Internet-of-Things: A Surveillance Wonderland

205

Manufacturers and businesses developing and selling these products want to increase their revenue, and the data trade is a lucrative sideeffect of technological developments. Therefore, surveillance has become an acceptable pathway to collect data despite the possible violation of privacy (Ng 2019; Costello 2019). These companies have no reason to enhance ‘privacy by design and by default’, which might limit the constant flow of data. However, some obstacles have been created by the introduction of the GDPR in the European context, but not beyond the territorial scope of the legislation (Art. 3). Moreover, there are still a large amount of older IoT devices in use from before the GDPR was introduced. These devices are, leaving the security gap wide open until they are no longer in use. It is a clear violation of the GDPR if the companies are using this practice in Europe without the users’ consent (Art. 7). However, consent is often inbuilt as a part of the companies’ terms and conditions. In practice, most online users are unaware of the practices of harvesting data from their use. Nor are they aware of the data trade to third-parties or the profiling based on the use of these devices. Often the terms and conditions are drafted using a legal and complicated language which violates the GDPR provisions, or the consent is requested at a time where the individual users are focusing on setting up their devices. Therefore, the IoT users do not pay enough attention to the actual terms and conditions (EU GDPR 2019; European Union 2016; ENISA 2014). Additionally, the companies should give the users an option to opt-out from the data collection practice by installing a button to turn off the TV’s connectivity. This would provide IoT users with an opportunity for keeping their data secure and private by opting out from having the TV linked to the network (Ng 2019).

5

Conclusion

There are significant problems related to insecure IoT devices, which jeopardises the online users’ security and privacy. The IoT environments are expanding rapidly because of new computer technologies, but IoT architecture and smart devices are designed and used without adequate

206

T. Munk

considerations of the users’ security and privacy. Legislative initiatives are adopted inconsistently, and it is not likely to improve quickly enough to keep pace with the IoT development. It should be in everyone’s interest that the online users are protected, and devices are regularly updated and secure as one tunnel into the system can affect the rest of the interlinked devices and networks. Initiatives have been launched, and other states are slowly introducing some legislations and practices that mirror these initiatives. The GDPR has made a difference in terms of introducing ‘privacy by design and by default’ to enhance the users’ privacy protection. This is undoubtedly useful for future developments within the EU. However, initiatives introduced are predominately based on self-regulation, and that does not encourage to improve security and privacy beyond the selfinterest of the actors. As long as governmental actors, manufactures and tech businesses are benefitting from the constant data flow and device access, it is not likely that anything will change. The data bi-product of IoT use has caught the attention of intelligence and security actors as well as manufactures and tech businesses. These actors will not willingly give up their access to harvest data on an unprecedented scale, despite jeopardising the privacy and security of online users. It is, therefore, essential to change these emerging surveillance practices. Therefore, it is essential to hold the data controllers and processors accountable for their activities to encourage them to change practices and reduce the surveillance gap. However, unless the different actors begin to value online users’ security and privacy and advocates for creating a secure IoT network in a wider context, the legislative lacuna will persist.

The Internet-of-Things: A Surveillance Wonderland

207

References Berkman Centre for Internet and Society (BCIS). (2016). Don’t Panic. Making Progress on the “Going Dark” Debate [Online] Available at: https://cyber.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_ Progress_on_Going_Dark_Debate.pdf [Accessed 12 October 2019]. Bradley, T. (2018, March 3). Security Experts Weigh in on Massive Data Breach of 150 Million MyFitnessPal Accounts [Online] Available at: https://www. forbes.com/sites/tonybradley/2018/03/30/security-experts-weigh-in-onmassive-data-breach-of-150-million-myfitnesspal-accounts/#7f9968cd3bba [Accessed 15 August 2019]. Brandom, R. (2017, April 24). Here’s How to Use the CIA’s ‘weeping angel’ Smart TV Hack [Online] Available at: https://www.theverge.com/2017/4/25/154 21326/smart-tv-hacking-cia-samsung-weeping-angel-vulnerability [Accessed 12 October 2019]. Cimpanu, C. (2017, March 29). About 90% of Smart TVs Vulnerable to Remote Hacking via Rogue TV Signals [Online] Available at: https://www.bleepingcomputer.com/news/security/about-90-percent-ofsmart-tvs-vulnerable-to-remote-hacking-via-rogue-tv-signals/ [Accessed 13 October 2019]. CNet. (2018, September 28). California Governor Signs Country’s First IoT Security Law [Online] Available at: https://www.cnet.com/news/california-gov ernor-signs-countrys-first-iot-security-law/ [Accessed 15 August 2019]. Costello, S. (2019, September 7). Smart TV Security: What You Need to Know [Online] Available at: https://www.lifewire.com/what-you-need-toknow-about-smart-tv-security-4768087 [Accessed 13 October 2019]. CSA. (2018). Recommendations for IoT Firmware Update Processes [Online] Available at: https://downloads.cloudsecurityalliance.org/assets/research/ internet-of-things/recommendations-for-iot-firmware-update-processes.pdf [Accessed 10 November 2019]. Dennis, J. (2014, August 14). The Internet of Things: Highlighting the Legal Issues [Online] Available at: http://www.gordondadds.com/insights/the-int ernet-of-things-highlighting-the-legal-issues/ [Accessed 14 August 2019]. Department for Digital, Culture, Media & Sport (DDCMS). (2018). Secure by Design: Improving the Cyber Security of Consumer Internet of Things Report [Online] Available at: https://assets.publishing.service.gov.uk/government/

208

T. Munk

uploads/system/uploads/attachment_data/file/775559/Secure_by_Design_ Report_.pdf [Accessed 9 November 2019]. Department for Digital, Culture, Media & Sport (DDCMS). (2019a, June 6). Secure by Design [Online] Available at: https://www.gov.uk/government/col lections/secure-by-design [Accessed 15 August 2019]. Department for Digital, Culture, Media & Sport (DDCMS) (2019b, June 4). ETSI Industry Standard Based on the Code of Practice [Online] Available at: https://www.gov.uk/government/publications/etsi-industry-sta ndard-based-on-the-code-of-practice [Accessed 16 August 2019]. ENISA. (2014). Privacy and Data Protection by Design—From Policy to Engineering [Online] Available at: https://www.enisa.europa.eu/publications/pri vacy-and-data-protection-by-design [Accessed 9 November 2019]. ENISA. (2017). Defining and Securing the Internet of Things: ENISA Publishes a Study on How to Face Cyber Threats in Critical Information Infrastructures [Online] Available at: https://www.enisa.europa.eu/news/enisa-news/ defining-and-securing-the-internet-of-things [Accessed 9 November 2019]. ENISA. (2018). Good Practices for Security of Internet of Things in the Context of Smart Manufacturing [Online] Available at: https://www.enisa.europa.eu/ publications/good-practices-for-security-of-iot [Accessed 16 August 2019]. ENISA. (2019). Industry 4.0 Cybersecurity [Online] Available at: https://www. enisa.europa.eu/publications/industry-4-0-cybersecurity-challenges-and-rec ommendations [Accessed 16 August 2019]. EU GDPR. (2019). GDPR Key Changes [Online] Available at: https://eugdpr. org/the-regulation/ [Accessed 9 November 2019]. European Commission. (2019). Digital Single Market [Online] Available at: https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot [Accessed 18 August 2019]. European Union. (2016). Regulation (EU) 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of such Data, and Repealing Directive 95/46/EC (Data Protection Directive) [Online] Available at: https://eur-lex.europa.eu/legalcontent/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN [Accessed 9 November 2019]. Gartner. (2017, February 7). Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016 [Online] Available at: https:// www.gartner.com/newsroom/id/3598917 [Accessed 16 March 2018]. Gov.UK. (2016). Investigatory Powers Act [Online] Available at: https:// www.gov.uk/government/collections/investigatory-powers-bill [Accessed 8 February 2020].

The Internet-of-Things: A Surveillance Wonderland

209

Harding, L. (2014). The Snowden Files. London: The Guardian Books, Faber & Faber. Hollister, S. (2017, March 8). Weeping Angel: Did the CIA Really Hack into TVs? [Online] Available at: https://www.cnet.com/news/weeping-angel-hack-sam sung-smart-tv-cia-wikileaks/ [Accessed 13 October 2019]. Holt, T. J., Bossler, A. M., & Siegfried-Spellar, K. C. (2018). Cybercrime and Digital Forensics: An Introduction. Abingdon: Routledge. Information Commissioner’s Office (ICO). (2020). Data Protection by Design and Default [Online] Available at: https://ico.org.uk/for-organisations/ guide-to-data-protection/guide-to-the-general-data-protection-regulationgdpr/accountability-and-governance/data-protection-by-design-and-default/ [Accessed 9 February 2020]. ITU, 2019. Internet of Things Global Standards Initiative. [Online] Available at: https://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx [Accessed 09 11 2019]. Kan, M. (2016, October 26). DDoS Attack on Dyn Came from 100,000 Infected Devices [Online] Available at: https://www.computerworld.com/art icle/3135434/security/ddos-attack-on-dyn-came-from-100000-infected-dev ices.html [Accessed 9 June 2019]. Liberty. (2020). The Snooper’s Charter [Online] Available at: https://www.lib ertyhumanrights.org.uk/human-rights/privacy/snoopers-charter [Accessed 8 February 2020]. Lyon, D. (2015). Surveillance after Snowden. Cambridge, UK: Polity Press. MacAskill, E., Thielman, S., & Oltermann, P. (2017, March 7). WikiLeaks Publishes ‘Biggest Ever Leak of Secret CIA Documents’ [Online] Available at: https://www.theguardian.com/media/2017/mar/07/wikileaks-publishesbiggest-ever-leak-of-secret-cia-documents-hacking-surveillance [Accessed 13 October 2019]. Montalbano, E. (2019, September 19). Smart TVs, Subscription Services Leak Data to Facebook, Google [Online] Available at: https://threatpost.com/ smart-tvs-leak-data/148482/ [Accessed 12 October 2019]. Munk, T. (2018). Policing Virtual Spaces: Public and Private Online Challenges in a Legal Perspective Den Boer. In Monica (Ed.), Comparative Policing from a Leal Perspective. Cheltenham: Edward Elgar. Murgia, M. (2019, September 18). Smart TVs Sending Private Data to Netflix and Facebook [Online] Available at: https://www.ft.com/content/23ab2f68d957-11e9-8f9b-77216ebe1f17 [Accessed 8 February 2020]. Ng, A. (2019, October 12). As Smart TVs Become the Only Option, Your Privacy Choices Fizzle Out [Online] Available at: https://www.cnet.com/

210

T. Munk

news/as-smart-tvs-become-the-only-option-your-privacy-choices-fizzle-out/ [Accessed 12 October 2019]. President Committee Advisor for Science and Technology (PCAST). (2014). Report to the President Big Data and Privacy: A Technological Perspective [Online] Available at: https://bigdatawg.nist.gov/pdf/pcast_big_data_and_ privacy_-_may_2014.pdf [Accessed 16 August 2019]. PrivSec Report. (2018, March 6). The Data Protection Directive Versus the GDPR: Understanding Key Changes [Online] Available at: https://gdpr.rep ort/news/2018/03/06/data-protection-directive-versus-gdpr-understandingkey-changes/ [Accessed 9 November 2019]. Perez, S. (2020, January 6). Fire TV Edition Expands to More Soundbars, Plus Cars, Cable Boxes and More [Online] Available at: https://techcrunch.com/ 2020/01/06/fire-tv-edition-expands-to-more-soundbars-plus-cars-cableboxes-and-more/ [Accessed 8 February 2020]. Raja, A. (2019, March 6). IoT Security by Design [Online] Available at: https:// www.iotforall.com/iot-security-by-design/ [Accessed 15 August 2019]. Rosner, G., & Kennealy, E. (2018). Clearly Opaque: Privacy Risks of the Internet of Things [Online] Available at: https://www.iotprivacyforum.org/wp-con tent/uploads/2018/06/Clearly-Opaque-Privacy-Risks-of-the-Internet-of-Thi ngs.pdf?d8bd54&d8bd54 [Accessed 14 August 2019]. Rouse, M. (2018). IoT Devices (Internet of Things Devices) [Online] Available at: https://internetofthingsagenda.techtarget.com/definition/IoT-device [Accessed 7 February 2020]. Samsung (2019). Samsung Global Privacy Policy - SmartTV Supplement [Online] Available at: https://www.samsung.com/uk/info/privacy-SmartTV/ [Accessed 8 November 2019]. Senate Armed Service Committee (SASC). (2016). Statement for the Record. Worldwide Threat Assessment of the US Intelligence Community [Online] Available at: https://www.armed-services.senate.gov/imo/media/ doc/Clapper_02-09-16.pdf [Accessed 12 October 2019]. Simberkoff, D. L. (2016, August 17). Privacy and Security by Design: The New Default under GDPR [Online] Available at: https://www.avepoint.com/blog/ protect/privacy-and-security-by-design-gdpr/ [Accessed 9 November 2019]. Storm, D. (2016a, February 10). Government May Tap into Your IoT Gadgets and Use Your Smart Devices to Spy on You [Online] Available at: https:// www.computerworld.com/article/3032172/government-may-tap-into-youriot-gadgets-and-use-your-smart-devices-to-spy-on-you.html [Accessed 13 October 2019].

The Internet-of-Things: A Surveillance Wonderland

211

Storm, D. (2016b, February 1). Going Dark Debunked: Boundless Surveillance Opportunities via the Internet of Things [Online] Available at: https:// www.computerworld.com/article/3028077/going-dark-debunked-boundl ess-surveillance-opportunities-via-the-internet-of-things.html [Accessed 13 October 2019]. Stouffer, K. et al. (2017). Cybersecurity Framework Manufacturing Profile [Online] Available at: https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR. 8183.pdf [Accessed 15 August 2019]. Tene, O. (2011, February 1). Privacy: The New Generations [Online] Available at: https://doi.org/10.1093/idpl/ipq003 [Accessed 14 August 2019]. The Guardian. (2013). NSA Files: Decoded [Online] Available at: https://www. theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveilla nce-revelations-decoded#section/1 [Accessed 8 November 2019]. The US Department of Homeland Security. (2016). Strategic Principles for Securing the Internet of Things [Online] Available at: https://www.dhs.gov/ sites/default/files/publications/Strategic_Principles_for_Securing_the_Int ernet_of_Things-2016-1115-FINAL….pdf [Accessed 14 August 2019]. Thielman, S. (2016, February 10). The Internet of Things: How Your TV, Car and Toys Could Spy on You [Online] Available at: https://www.theguardian. com/world/2016/feb/10/internet-of-things-surveillance-smart-tv-cars-toys [Accessed 12 October 2019]. Towers-Clark, C. (2019, May 2). Forbes [Online] Available at: https://www. forbes.com/sites/charlestowersclark/2019/05/02/uk-to-introduce-new-lawfor-iot-device-security/#f8f37c3579dd [Accessed 16 August 2019]. Weber, R. H., & Studer, E. (2016). Cybersecurity in the Internet of Things: Legal Aspects. Computer Law and Security Review, 32, 715–728. Willcox, J. K. (2019, September 27). How to Turn Off Smart TV Snooping Features [Online] Available at: https://www.consumerreports.org/privacy/ how-to-turn-off-smart-tv-snooping-features/ [Accessed 13 October 2019]. Yar, M., & Steinmetz, K. F. (2019). Cybercrime and Society (3rd ed.). London: Sage. Zittrain, J. (2016, February 1). The Good News and the Troubling News: We Are Not Going Dark [Online] Available at: https://www.lawfareblog.com/goodnews-and-troubling-news-were-not-going-dark [Accessed 12 October 2019].

Routine Activity Theory and Cybercrime Investigation in Nigeria: How Capable Are Law Enforcement Agencies? Muktar Bello and Marie Griffiths

1

Introduction

According to the UNODC (2013), as the usage of the internet increases globally, especially in developing countries, the number of targets and offenders increases daily. Also, it is difficult to estimate how many users of the internet are using it for illegal activities. Cybercrime, according to Wall (2007) cannot be eradicated and there is no way to ‘turn these technologies off ’. He further argued that more laws to address the issue of cybercrime is not the answers as most existing computer misuse laws in all jurisdictions are not properly enforced. Alternatively, using technology as a counter-measure is not the appropriate response as it is sometimes used to restrict the freedom of others. However, cybercrime could only M. Bello (B) Economic and Financial Crimes Commission, Abuja, Nigeria e-mail: [email protected] M. Griffiths University of Salford, Salford Business School, Greater Manchester, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_11

213

214

M. Bello and M. Griffiths

be managed in a way the risks and harm are reduced to the barest minimum. In order to tackle cybercrime, law enforcement, government and the private sector as the ‘capable guardians’ would need to collectively respond adequately to the ever-evolving nature of technology based crimes (Wall 2007).

2

Problem Statement

Undeniably, the policing of crime using the traditional Nigerian police has many limitations (Owen 2014), and the integrity of the Nigerian police force has been eroded by its failure to perform its constitutional responsibilities to the society (Nwachukwu 2012). Due to that, cybercrime has had a negative impact to the economy and reputation of the country as a haven of criminals. The problem of cybercrime in Nigeria is further compounded by the increased usage of the internet for fraudulent activities (UNODC 2013) and the lack of cyber user awareness, which makes internet users vulnerable to be exploited by criminals online (Kortjan and Solms 2014). Even though, the Nigerian government have developed appropriate legal and institutional frameworks in securing the Nigerian cyberspace (Adomi and Igun 2008), policing the cyberspace would require governments and legal systems to continuously adapt to new technologies and strategies in tackling cybercrime (Grabosky 2001). Currently, there is a need for the Nigerian government to work together in strengthening the legal frameworks for cybersecurity, and also enforcing existing laws in order to reduce the impact of cybercrime in the society (Olusola et al. 2013; Hassan et al. 2012).

3

Research Objective

1. To examine the current measures used by Law Enforcement Agencies in Nigeria in tackling cybercrime through review of relevant literature and interview of members of the Cybercrime Advisory Council in Nigeria.

Routine Activity Theory and Cybercrime Investigation …

4

215

Research Question

1. Are Law Enforcement Agencies (LEA) in Nigeria capable guardians in tackling cybercrime explored in relation to Routine Activity Theory?

5

Literature Review

5.1

Cybercrime in Nigeria

The arrival of the internet and computers has opened many opportunities for the young and old in the global community to have access to the world from their homes, offices and cyber cafes. The coming of smart phones has made internet access easier and faster (Saulawa and Abubakar 2014; Clough 2010). Unlike in the past when the ability to commit computer-related crimes was largely limited to those with the access and skill sets; nowadays, technology is easily accessible, thus, making it available to both offenders and victims (Clough 2010). Sub-Saharan African (SSA) is the last continent to embrace the internet and mobile technologies. Internet penetration in Sub-Saharan Africa has been on the increase with most countries depending on privately owned internet access points such as cybercafés’ for their daily internet activities (Longe et al. 2009). Cybercrime has been one of the eluding issues in the online global transactions in Nigeria because of the endemic nature of computerrelated frauds and crimes. Due to the integration of digital technology across the globe, the economy of most nations across the globe is accessible through the use of information and communication technology (Abubakar and Saulawa 2014). Cybercrime has been a key agenda for the Nigerian Government for many decades. Investigations that are fraud related have been carried out by the Economic and Financial Crimes Commission (EFCC). Though the admissibility of electronic evidence was amended in the Evidence Act 2011 through the parliament, the lack of a proper legal framework on cybercrime has made criminal justice measures ineffective until 2015 when the Government adopted the National Cybersecurity Policy and

216

M. Bello and M. Griffiths

Strategy through an inter-ministerial committee headed by the Office of the National Security Adviser (Council of Europe 2017).

5.2

Cybercrime Advisory Council (CAC)

The Cybercrime Act (2015) establishes the Cybercrime Advisory Council which is referred to as the ‘Council’. The Council shall consist of a representative each of the ministries and agencies listed under the First Schedule of this Act.

5.2.1 Functions and Powers of the Council The functions and powers of the Cybercrime Advisory Council are contained in Section 43 (1) of the Cybercrime Act (2015). The functions are as follows: a. To create an enabling environment for members to share knowledge, experience, intelligence and information on a regular basis and shall provide recommendations on issues relating to the prevention and combating of cybercrimes and promotion of cyber security in Nigeria; b. To formulate and provide general policy guidelines for the implementation of the provision of this Act; c. To advise on measures to prevent and combat computer-related offences, cybercrimes, threats to national cyberspace and other cyber security-related issues; d. To establish a programme to award grants to institutions of higher education to establish cyber security research centres to support the development of new cyber security defence, techniques and processes in the real-world environment and; e. To promote Graduate Traineeships in cyber security and computer and network security research and development (Cybercrimes Act 2015).

Routine Activity Theory and Cybercrime Investigation …

5.3

217

Limitations to Tackling Cybercrime

Cybercrime has evolved over the years with recent development in ICT resulting in newer cybercrime methods. However, advances in ICT have greatly expanded the capabilities of law enforcement agencies in adopting new methods of investigating cybercrime. Even though criminals may use new tools to prevent LEAs from conducting their work, it is important for police to expand their technical capabilities (ITU 2012).

5.3.1 Technology and Training Chukkol (cited in Barnard 2014) states that Nigeria has seen a transition in how crimes are evolving at a greater speed with criminals embracing ICT to commit crimes. Smith (2003) argues that the investigation of cross-border cybercrime requires the adequate technical and forensic skills and knowledge. Other areas enumerated by Smith (2003) that need improving include: a. Formulation of training programmes and the development of investigative software tools. b. International training programmes should be developed and expertise shared between different nations. c. The level of funding required for training and upgrading Equipments is inadequate. d. Need for greater information sharing between investigators both within the public and private sectors.

5.3.2 Laws and Jurisdiction Adequate and proper legislation is the bedrock for the investigation and prosecution of cybercrime. However, law-makers must continuously respond to ICT and internet development so as to measure the effectiveness of existing laws and provisions (ITU 2012). With the exception of

218

M. Bello and M. Griffiths

Europe and America that have sufficient investigative powers to prosecute cybercrime, the rest of the world has insufficient investigative powers (UNODC 2013). According to the ITU Report (2012), challenges in drafting national criminal laws to prosecute new forms of cybercrime takes time and some countries are yet to make the necessary adjustments. Smith (2003) states that the harmonisation of laws and the adoption of international conventions on cybercrime will make prosecution easier and will greatly improve the mutual assistance and extradition of criminals between countries.

5.3.3 Education and Awareness Dix (2017) argued it is important for all digital users to practice basic cybersecurity hygiene to improve their own protection. He states that, about 80% of exploitable vulnerabilities online are due to ‘poor or nonexistent cyber hygiene. Odumesi (2015) maintains, cyber risk increases without the proper precautions to protect personally identifiable information on the cyberspace. He further stated that, Nigerian online users are highly vulnerable to cyber-attacks because the lack of cybersecurity awareness had made it easy for cybercriminals to operate.

6

Theoretical Framework

6.1

Routine Activity Theory

Within the scope of classical and choice theory, the perception of the available opportunities to commit crime was considered as an essential element (McQuade 2006). Cohen and Felson (1979) argued that for crime to take place, three requirements needed to be present namely, a motivated offender, a suitable target and an absence of a capable guardian. The RAT approach to crime causation is ecological and the accessibility, location and presence or absence of certain characteristics

Routine Activity Theory and Cybercrime Investigation …

219

or people is what proves to be predictive of criminal behaviour (Kigerl 2012; Cohen and Felson 1979). Akers and Sellers (2004) stated that a motivated offender must be someone who is willing to commit a crime and for whom the opportunity was present to allow the crime to be committed. A suitable target is the one the motivated offender values such as credit card information and that target also be visible, accessible and able to be illegally obtained by the offender (Clarke and Felson 1998). Finally, the capable guardian must be absent; a capable guardian such as encryption, anti-virus or law enforcement officer is any person or thing that obstructs the motivated offender from acquiring the target (Cohen and Felson 1979).

6.2

Absence of a Capable Guardian

Over the years, capable guardianship has evolved from knights of feudalism to the private security services of modern times which vastly outnumber sworn police officers in many developed economies (Grabosky 2001: 248). Guardianship refers to ‘the capability of persons and objects to prevent crime from occurring’ (Tseloni et al. 2004). Routine activity theorists argue that the mere presence of a guardian in proximity to the suitable target is a crucial deterrent. Where the capable guardian is a person, he/she acts as someone ‘whose mere presence serves as a gentle reminder that someone is looking’ (Yar 2005). The policing of crime in both terrestrial and cyberspace has become a ‘pluralistic endeavour’ as responsibilities for the control of cybercrime will be similarly shared between law enforcement officers, information security specialists and individual users. The first line of defence as it has always been with the terrestrial space is self-defence (Grabosky 2001). A guardian can be anyone or anything that creates a protection on the target victim. The motivated offender is discouraged from committing an offence when they know that the target has a guardian. Therefore, capable guardians as elements of crime can be controlled, modelled or changed to prevent crime (Lopez 2014). Also, Tseloni et al. (2004) referred to guardianship as ‘the capability of persons and objects to

220

M. Bello and M. Griffiths

prevent crime from occurring’. However, Cohen and Felson (1979: 3) stated that the capable guardian ‘was not to seen to be a policemen or security guard in most cases’. This was a deliberate attempt to distance routine activity theory from the rest of criminology because it is entrenched to the criminal justice system as central to crime explanation. Cohen and Felson (1979) further argued that the most likely persons to prevent a crime is not a police officer but rather friends, neighbours and owners of a targeted property. They state that the absence of a suitable guardian is important, as an offender must find a suitable target in the absence of a guardian before a crime can occur. Although there may be direct intervention, Yar (2005) argued that routine activity theorist view ‘the simple presence of a guardian in proximity to the potential target as a crucial deterrent’. In understanding the concept of guardianship in the cyber world, Yar (2005) contended that it depends on the guardians presence together with the suitable target at the time when the ‘motivated offender converges upon it’. However, Felson (1998: 53) stated that the problem faced by guardianship is more intensified in the cyberspace than in the terrestrial world because in the terrestrial space, the police ‘are very unlikely to be on the spot when a crime occurs’ while in the cyberspace it is only when informal guardianship has failed that a formal assistance of LEAs are sought. In summary, RAT concept of guardianship as argued by Yar (2005) is applicable to cyberspace even when the ‘structural properties of the environment amplifies the limitations upon a establishing’ a cyberspace guardianship. This theory is considered appropriate when applied to cybercrime in Nigeria, because it extends the criminological understanding of deviant behaviours and the applicability of motivated offenders, suitable target and guardianship with the scope of the research.

7

Methodology

The research has been framed on an interpretivist paradigm and relativist philosophical stand, with focus on an inductive qualitative approach involving semi-structured interviews and documentation. These involved

Routine Activity Theory and Cybercrime Investigation …

221

Table 1 Research participants Org

Name of Organisation

Sector

No

Role

A

Economic and Financial Crimes Commission

Law Enforcement

28

B

Office of the National Security Adviser

Presidency

1

C

National Assembly— Senate Committee on ICT & Cybercrime Nigerian Communications Commission National Information Technology Development Agency

Parliament

1

Enforcement of EFCC; AFF & Cybercrimes Act. Member of CAC National Coordinator of Cybercrimes Act. Member of CAC Making Laws—Oversight of all MDAs

Telecommunication

1

Information Comm. Technology

1

D

E

Telecoms Regulator. Member of CAC ICT Regulator. Member of CAC

Source Created by Author

policy makers, members of parliament, telecommunications and ICT regulators on one hand; and investigators, prosecutors, forensic analyst and media practitioners particularly from the Economic and Financial Crimes Commission (EFCC), which is a leading law enforcement agency in the fight against cybercrime. The multi-dimensional evidence explains the role played by each of the stakeholders, the measures and partnership deployed in tackling cybercrime, and the challenges and recommendations needed in the international effort to tackle cybercrime globally. Table 1 showing demographics of the Research Participants.

222

M. Bello and M. Griffiths

7.1

Research Participants

Organisation A—Economic and Financial Crimes Commission (EFCC) Organisation A is the leading law enforcement agency in the investigation of economic and financial crimes in Nigeria. The organisation has the powers to investigate advance fee fraud, a variant of cybercrime through the Advance Fee Fraud and Other Related Offences Act 2006 and investigate other forms of cybercrime through the Cybercrimes (Prohibition, Prevention) Act 2015. It is a key member of the Cybercrime Advisory Council in Nigeria. Organisation B—Office of the National Security Advisor (ONSA) Organisation B is the Office of the National Security Advisor under the National Security Advisor and acts as the overall coordinator of the Cybercrime Advisory Council. The ONSA is also the designated Nigerian Computer Emergency Response Team (ngCERT). The ONSA also serves as the National Forensic Lab of Nigeria. It initiated and coordinated the development of the National Cybersecurity Policy and Strategy of Nigeria. Organisation C—National Assembly (Senate) Organisation C is the National Assembly which houses the Senate and the House of Representatives. The National Assembly is one of the three arms of the Nigerian Government and it is solely responsible for making and amending laws. It also provides oversight functions of all Ministries, Departments and Agencies (MDAs) through its committee functions. The Senate Committee on ICT & Cybercrime are responsible for making input into ICT and Cybercrime Laws and provides oversight duties to MDAs that are mandated to tackle cybercrime in Nigeria. Organisation D—Nigerian Communications Commission (NCC) Organisation D regulates all mobile network operators (MNO) and internet service providers (ISPs) in Nigeria. It is responsible for providing guidelines, framework and enforcement of policies in the communications sector. It plays a key role in addressing the issue of cybercrime in Nigeria as it regulates all the ISPs and MNOs that manage all the communication platforms that are frequently used by criminals

Routine Activity Theory and Cybercrime Investigation …

223

to commit crime online. It is a member of the Cybercrime Advisory Council (CAC). Organisation E—National Information Technology Development Agency (NITDA) Organisation E provides regulation, framework and guidelines for all Ministries, Department and Agencies (MDA) in the implementation of ICT in Nigeria. It is a member of the Cybercrime Advisory Council (CAC).

8

Findings

The theme, ‘Measure and Benefits of Measures by Law Enforcement and Members of the Cybercrime Advisory Council (CAC)’, was analysed within the scope of what measures the organisations were using in tackling the issue of cybercrime. Also, participants were asked how beneficial the measures were in tackling cybercrime. Thirty-two (32) responded by mentioning different measures and approaches they were using to mitigate the activities of cybercriminals. Also, the benefits of the measures were analysed in order to understand how suitable the measures were in tackling cybercrime. Eight (8) sub-themes emerged from the main themes. The emergent themes are: 1. 2. 3. 4. 5. 6. 7.

Awareness Campaigns Best Practices Enforcement Funding & Logistics Partnership Training and Manpower Benefits of Measure Figure 1 shows the theme and the emergent outcomes.

224

M. Bello and M. Griffiths

AWARENESS CAMPAIGN BEST PRACTICES ENFORCEMENT THEME: MEASURES & BENEFITS OF MEASURES

FUNDING & LOGISTICS PARTNERSHIP TRAINING & MANPOWER IC BENEFITS OF MEASURES IC

Fig. 1 Theme: Measures, benefits of measures by LEAs, CAC & Sub-themes (Source Created by Author)

8.1

Awareness Campaign

Fourteen (14) participants stated that raising awareness of the general public about the dangers of cybercrime was one of the measures they were using to tackle the activities of cybercriminals. Participant 27 argued that: The measures that are being taken right now in order to address the issue of cybercrime in Nigeria primarily are on awareness, sensitization campaign, re-orientation. Nigerians need to know more on how those internet fraudsters operate. (Participant 27, Cybercrime Prosecutor)

8.2

Best Practices

Only one participant from the forensics unit stated that the measures they were using to curtail the activities of cybercrime was by adhering to international best practices in retrieving evidence from digital devices which was vital for a successful investigation of cybercrime. The participant stated that:

Routine Activity Theory and Cybercrime Investigation …

225

We adhere to the international best practice such as ACPO guideline, we ensure that we maintain the integrity of every evidence we are working on. Chain of custody, we ensure that we properly establish a chain of custody and we don’t temper with the integrity of any evidence because this evidence has to be presented in the court of law the way it is. (Participant 11, Forensic Examiner).

8.3

Enforcement

The enforcement of cybercrime laws and other laws that criminalised the illegal use of computers to commit crime was one of the measures used by seven (7) participants in deterring criminals in committing crime. Participant 25, a lawyer with one of the organisations argued that: We are enforcing the provision of the law, enforcing the provision of the Cybercrimes Prevention and Prohibition Act 2015. (Participant 25, Cybercrime Prosecutor)

The Cybercrime Act 2015 was an important legal instrument that when properly enforced would assist in addressing the activities of cybercriminals. However, another participant argued that by opening up more offices and having a dedicated forensic unit in each of these new offices, it had reduced the backlog of cases.

8.4

Funding and Logistics

The provision of funds and tools to conduct proper cybercrime investigation was a measure used for the successful investigation of cybercriminals. Three (3) interviewees stated that funding and logistical support of tools was a major way they were able to counter the activities of cybercrime. One of the participants stated that: We do some intelligence, social media. We try to source information from social media because some of these fraudsters and trace emails as well. We are using of email and domain tracing tools to help us as well. (Participant 4, Cybercrime Investigator)

226

8.5

M. Bello and M. Griffiths

Partnership

The partnership between organisations in investigating cybercrime was one of the measures used in tackling cybercrime. Seven (7) interviewees agreed that, having partnerships with relevant stakeholders had been beneficial in investigating cybercrime. The participant argued that: The cybercrime unit has been holding a lot of meetings with different agencies like Microsoft. Recently we had some people from Facebook that were here to enlighten us on new trends of the offences that are being conducted through Facebook. Some like Facebook lottery. And some other agencies too. (Participant 21, ICT Team Lead)

Another participant made similar arguments by stating that due to the global nature of cybercrime, they collaborated with key stakeholders in proffering solutions to tackle cybercrime.

8.6

Training and Manpower

The training of staff and the recruitment of new staff was identified as one of the measures being undertaken to address cybercrime in Nigeria. These sub-themes were coded eight (8) times by different participants from different organisations. According to participant 10: The Commission is making attempts to train more and more officers because the demand for digital forensic which provides digital evidence from cybercrime is huge. So the commission is currently training more and more people to increase the human capacity in investigating cybercrime. There is also an attempt to educate more and more officers on issues relating to cybercrime as well as also most judges are not well acquainted with cyber related crimes since they are intangible crimes so to speak, so the commission is making attempt to make sure more and more legal officers are educated. (Participant 10, Forensic Examiner)

Participants 10 s argument was centred on the training of staff in digital forensics and the education of judges to be able to understand cyber

Routine Activity Theory and Cybercrime Investigation …

227

related crimes. Also, another participant argued that because of their experience in retrieving evidence from digital devices, they acted as training facilitators in educating staff from other departments and other organisations as well.

8.7

Benefits of Measures

The benefits of the measures used in tackling cybercrime varied from participant to participant. While some argued that it was effective, others said they could not know the benefits of the measures. However, in general thirty-two (32) responded stating that there was some form of benefit in deploying certain measures to investigate cybercrime. One of the participants argued that having more offices and more staff across the country had made the workload less, thus, reducing delays in investigating cybercrime. However, another participant from the Media department argued that they would not be able to know how beneficial the measures were until they got feedback from the public. Also, one of the participants argued that no matter what measures were used against the cybercriminals, it was very difficult to keep up with the criminals because of the evolution of ICT.

9

Discussions

Are Law Enforcement Agencies in Nigeria capable guardians in tackling cybercrime and explored in relation to Routine Activity Theory? In order to discuss whether LEAs were capable guardians in preventing and investigating cybercrime, it was necessary to discuss the RAT element of absence of a capable guardian. Finally, the challenges facing LEAs and the measures used by LEAs in tackling cybercrime was discussed in relation to the literature review.

228

M. Bello and M. Griffiths

BUREAUCRACY INADEQUATE FUNDING & TOOLS

CHALLENGES

LAWS & JURISDICTION TECHNOLOGY INADEQAUTE TRANING & EDUCATION

Fig. 2 Challenges of Tackling cybercrime (capable guardianship) (Source Created by Author)

9.1

Absence of a Capable Guardian

A guardian refers to anyone or anything that creates a protection for the target victim. The motivated offender is discouraged from committing an offence when they know that the target has a guardian. Therefore, capable guardians as elements of crime can be controlled, modelled or changed to prevent crime (Lopez 2014). This research question is discussed from the viewpoint of stakeholders’ role in tackling cybercrime and how the routine challenges they faced in the discharge of their duties limited them in being capable guardians in cyberspace. Figure 2 shows the challenges faced by LEAs and other stakeholders in tackling cybercrime.

9.2

Bureaucracy

As shown in the research findings, bureaucratic bottlenecks within LEAs and other organisations hindered capable guardians such as the police in their endeavours for crime detection or prevention. Participants argued that bureaucracies in their organisation and other external large IT firms such as Google and Facebook made them incapable of protecting victims from cybercrime. This argument contradicts Yahaya’s (2009) position that shows the Nigerian government as having a robust partnership especially with Microsoft with the aim of tackling cybercrime and software

Routine Activity Theory and Cybercrime Investigation …

229

piracy in Nigeria. The findings also show that there is an issue in coordinating policies and practices in mitigating the activities of cybercrime. This finding contradicts Owens (2014) argument that places the blame on the traditional Nigerian police as having structural constraints which rendered it vulnerable to interference by the political elite, thus, limiting the police in effectively enforcing the law.

9.3

Laws and Jurisdiction

As shown by the research findings, the multiplicity of laws and different jurisdictions is a major challenge to stakeholders especially LEAs in tackling cybercrime globally. Participants argued that due to the transnational nature of cybercrime, it made it difficult to conduct a proper investigation without an existing legal instrument and agreement with other countries to back it up. This finding aligns with the UNODC (2013) argument that with the exception of Europe and America, most developing countries had insufficient powers to investigate and prosecute cybercrime. Furthermore, the finding aligns with Yar’s (2006) argument of ‘jurisdictional disparities’ which could be problematic especially with policing or prosecuting deviant behaviours. The finding also shows that cooperation and collaboration between different countries on cybercrime issues is very challenging. The finding confirms Smith’s (2003) argument that the harmonisation of laws and adoption of international conventions on cybercrime would make prosecution easier and improve the mutual assistance and extradition of criminals between countries. These findings also support Cohen and Felson’s (1979) argument that lack of a capable guardian was a necessary condition for crime to take place. Yar’s (2005) argument that where the capable guardian was a person, their mere presence served as a gentle reminder that someone was looking. This aligns with the findings of the current study because the jurisdictional limitation of conventional police to deter crime from taking place was much more evident in cyberspace than in terrestrial space.

230

9.4

M. Bello and M. Griffiths

Technology

The finding from the research shows that the evolution of technology and the adoption of new technology to facilitate the commission of cybercrime by the criminals is a major challenge for stakeholders responsible for preventing, investigating or prosecuting cybercrime. This finding resonates with Barnard (2014) who pointed out that Nigeria had witnessed the acceleration of crimes at a faster rate due to criminals embracing ICT to commit crimes. The finding also shows that some of the cybercrime investigators are playing ‘catch up’ in terms of their skillsets and training for investigating cybercrime. This finding aligns with Smith’s (2003) argument that the investigation of cross-border cybercrime required adequate technical and forensic skills and knowledge. Also the finding aligns with Tive’s (2006) observation that the investigation of advance fee fraud required some computer knowledge which the criminals knew were beyond the skills of the traditional Nigerian Police Force. However, some of the findings especially from the ‘Forensic Analyst’ show that the affordability of storage devices makes the acquisition of evidence from a digital artefact more difficult and time consuming because of low levels of qualified staff available to extract the information. This finding contradicts the ITU (2012) position which stated that even though the low cost of digital storage had increased, the number of digital sources of evidence, the digitisation and the use of such technologies had a great impact on procedures related to the collection of evidence and its use in court. The finding aligns with Cohen and Felson’s (1979) argument that lack of a capable guardian was a necessary condition for crime to take place.

9.5

Inadequate Funding and Tools

The findings from the research show that inadequate funding for the procurement of tools and other logistical equipment needed to prevent and investigate cybercrime is a major challenge in fighting cybercrime. Some of the findings showed that the tools were either outdated or non-existent for investigating the ever-evolving nature of cybercrime.

Routine Activity Theory and Cybercrime Investigation …

231

This finding is in alignment with Smith (2003) who pointed out that the level of funding required for training and upgrading of equipment was inadequate. The finding also agrees with Dalton’s (2012) assertions that cyber investigations were costly and that consequently, governments were reluctant to free up the funds. Also, the finding is in alignment with Cohen and Felson (1979) who pointed out that the lack of capable guardianship was a necessary condition for crime to take place in addition to the presence of a suitable target and a motivated offender.

9.6

Inadequate Training and Education

The findings of the research show that inadequate training on the part of the investigators and lack of awareness on the part of the general public is a major challenge in tackling cybercrime. This aligns with Odumesi (2015) who pointed out that lack of cybersecurity training especially among LEAs had made it easy for fraudsters to operate in Nigeria leading to huge financial losses. The finding also aligns with Wall (1998) that public policing practices have been shaped by the time honoured tradition of policing and could not respond to such rapid changes of ICT. The finding also shows that some of the lawyers and judges have inadequate knowledge about cybercrime, thus, making prosecution of cybercrime very difficult. This aligns with Buono’s (2010) assertion that the current lack of adequate training on cybercrime for judges and prosecutors does not afford them the level of training required to deal with cybercrime and electronic evidence.

10

Conclusion

The policing of crime in both terrestrial and cyberspace has become a ‘pluralistic endeavour’ as responsibilities are shared between law enforcement officers, information security specialists and individual users (Grabosky 2001). This study contributes to RAT, but expands the understanding of a capable guardian by including issues such as that inadequate funding and tools, training and education of law enforcement

232

M. Bello and M. Griffiths

officers in Nigeria as rendering them unable to be capable guardians of potential victims of cybercriminal. Furthermore, the study contributes to RAT, by adding that the continuous evolution of technology has made law enforcement officers play ‘catch up’ to the criminals, while the borderless nature of cybercrime has made the application of laws and jurisdictions a cumbersome issue for policing cybercrime in Nigeria. New insights from the current study regarding policy were raised in the research. The evidence suggested that the arrest and prosecution of criminals was not enough to serve as a deterrent to criminals. The issue of provision of education through specialised training of stakeholders involved in investigation, prosecution and prevention of cybercrime was greatly emphasised by the findings of the research. The improvement of the awareness level of individuals and the general public in protecting themselves was recommended.

References Abubakar, A. S. (2009). Investigating Fraud Schemes in Nigeria. Paper presented at International Conference on Cooperation against Cybercrime. Retrieved from https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDC TMContent?documentId=09000016802f2643. Adesina, O. S. (2017). Cybercrime and Poverty in Nigeria. Canadian Social Science, 13(4), 19–29. Adesulu, D. (2017). Greed, Cause of Cybercrime—Don. Vanguard News. Retrieved 30 November 2017 from https://www.vanguardngr.com/2017/06/ greed-cause-cyber-crime-don/. Adomi, E., & Igun, S. (2008). Combating Cybercrime in Nigeria. The Electronic Library, 26 (5), 716–725. Akers, R. L., & Sellers, C. S. (2004). Criminological Theories: Introduction, Evaluation, and Application (4th ed.). Los Angeles: Roxbury Publishing. Alkaabi, A. O. S. (2010). Combating Computer Crime: An International Perspective. PhD thesis, Queensland University of Technology, Queensland. Retrieved from http://eprints.qut.edu.au/43400/. Barnard, J. (2014, November 12). Global Economy Loses $445 to Cybercriminals a Year; Now They Are Gunning for Africa’s Easy Money. Mail &

Routine Activity Theory and Cybercrime Investigation …

233

Guardian. Retrieved from http://mgafrica.com/article/2014-11-12-globaleconomy-loses-445bn-to-cyber-criminals-a-year-now-they-are-gunning-forafricas-easy-money. Buono, L. (2010). Investigating and Prosecuting Crimes in Cyberspace: European Training Schemes for Judges and Prosecutors. ERA Forum, 11, 207–218. Clarke, R. V. (2004). Technology, Criminology and Crime Science. European Journal on Criminal Policy and Research, 10, 55–63. Clarke, R. V., & Felson, M. (1998). Opportunity Makes the Thief: Practical Theory for Crime Prevention. Policing and Reducing Crime Unit: Research, Development and Statistics Directorate, 98, 1–36. Clough, J. (2010). Principles of Cybercrime. Cambridge: Cambridge University Press. Cohen, L. E., & Felson, M. K. (1979). Social Change and Crime Rate Trends: A Routine Activity Approach. American Sociological Review, 44 (4), 588– 608. Council of Europe. (2017). Nigeria: Cybercrime Policies and Strategies. Retrieved from https://www.coe.int/en/web/octopus/country-wiki/-/asset_ publisher/hFPA5fbKjyCJ/content/nigeria/pop_up?_101_INSTANCE_hFP A5fbKjyCJ_viewMode=print&_101_INSTANCE_hFPA5fbKjyCJ_langua geId=hu_HU. Cybercrime Prohibition, Prevention Act. (2015). Dalton, W. (2012). Cyber-crime Policing Completely Inadequate, Says Ex-Scotland Yard Detective. IT Propotal . Retrieved 15 November 2017 from https://www.itproportal.com/2012/11/22/cyber-crime-policingcompletely-inadequate-says-ex-scotland-yard-detective/. Dix, R. B. (2017). 5 Strategies for Addressing Cybercrime. GCN . Retrieved 10 March 2017 from https://gcn.com/articles/2017/01/11/strategies-addres sing-cybercrime.aspx. Felson, M. (1998). Crime and Everyday Life (2nd ed.). Thousand Oaks, CA: Pine Forge Press. Grabosky, P. (2001). Virtual Criminality: Old Wine in New Bottle. Social and Legal Studies, 10 (2), 243–249. Hassan, A. B., Lass, F. D., & Makinde, J. (2012). Cybercrime in Nigeria: Causes, Effects and the Way Out. ARPN Journal of Science and Technology, 2(7), 626–631. ITU. (2012). Understanding Cybercrime: Phenomena, Challenges and Legal Response. Retrieved 20 July 2016 from http://www.itu.int/ITU-D/cyb/cyb ersecurity/docs/Cybercrime%20legislation%20EV6.pdf.

234

M. Bello and M. Griffiths

Kigerl, A. (2012). Routine Activity Theory and the Determinants of High Cybercrime Countries. Social Science Computer Review, 30 (4), 470–486. Kortjan, N., & Solms, R. V. (2014). A Conceptual Framework for Cybersecurity Awareness and Education in Nigeria. South African Computer Journal, 52, 29–41. Longe, O., Mbarika, V., Ngwa, O., & Wada, F. (2009). Crimincal Uses of Information and Communications Technologies in Sub-Saharan Africa: Trends, Concerns and Perspectives. Journal of Information Technology Impact, 9 (3), 155–172. Lopez, A. (2014). Routine Activity Theory of Crime. Retrieved 30 November 2017 from http://lemoncenter.com/routine-activity-theory-elements-crime. Maghaireh, A. M. S. (2009). Jordanian Cybercrime Investigations: A Comparative Analysis of Search for and Seizure of Digital Evidence. PhD thesis, University of Wollongong. Retrieved from http://ro.uow.edu.au/cgi/viewcontent.cgi?art icle=4404&context=theses. McQuade, S. C. (2006). Understanding and Managing Cybercrime. New York: Allyn and Bacon. Nwachukwu, E. (2012). Security Challenges and the Reform of Nigerian Police, File 11H: The Police 7 . Ltn: An International Publication. Odumesi, J. O. (2015). Approaches to Increase Public Awareness on Cybersecurity. African Journal on Computing and ICT, 8(4). Olusola, M., Samson, O., Semiu, A., & Yinka, A. (2013). Cyber Crimes and Cyber Laws in Nigeria. The International Journal of Engineering and Science, 2(4), 19–25. Owen, O. (2014). The Nigerian Police Force: Predicaments and Possibilities. Retrieved 30 December 2017 from http://www.qeh.ox.ac.uk/sites/www. odid.ox.ac.uk/files/nrn-wp15.pdf. Saulawa, M. A., & Abubakar, M. K. (2014). Cybercrime in Nigeria: An Overview of Cybercrime Act 2013. Journal of Law, Policy and Globalization, 32, 23–33. Sesan, G., Soremi, B., & Oluwafemi, B. (2013). Economic Cost of Cybercrime in Nigeria. Retrieved 10 June 2015 from https://pinigeria.org/downloads/ research-reports/. Smith, R. G. (2003). Investigating Cybercrime: Barriers and Solutions. Paper Presented at the Association of Certified Fraud Examiners, Pacific Rim Fraud Conference, Sydney. Tive, C. (2006). 419 Scam: Exploits of the Nigerian Con Man. New York: iUniverse Inc.

Routine Activity Theory and Cybercrime Investigation …

235

Tseloni, A., Wittebrood, K., Farrell, G., & Pease, K. (2004). Burglary Victimization in England and Wales, the United States and the Netherlands: A Cross-national Comparative Test of Routine Activities and Lifestyle Theories. British Journal of Criminology, 44, 66–91. UNODC. (2013). Comprehensive Study on Cybercrime. Retrieved from https:// www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2 013/CYBERCRIME_STUDY_210213.pdf. Wall, D. S. (1998). Catching Cybercriminals: Policing the Internet. International Review of Law, Computers and Technology, 12(2), 201–218. Wall, D. S. (2007). Policing Cybercrimes: Situating the Public Police in Networks of Security within Cyberspace. Police Practice and Research, 8(2), 183–205. World Information Technology Forum WITFOR. (2005a). Social, Ethical and Legal Aspects. Retrieved 10 July 2015 from http://www.witfor.org/2005/the mes/social-projrct3.htm. World Information Technology Forum (WITFOR). (2005b). Social, Ethical and Legal Aspects. Retrieved 13 June 2015 from http://www.witfor.org.bw/ themes/social-projrct3.htm. Yahaya, F. (2009). EFCC, Microsoft Tackle Scammers, Signs MoU . Retrieved 10 June 2015 from http://thenationonlineng.net/web2/articles/2031/1/EFCCMicrosoft-tackles-scammers-signs-MoU-/Page1.html. Yar, M. (2005). The Novelty of Cybercrime: An Assessment in Light of Routine Activity Theory. European Journal of Criminology, 2(4), 407–427. Yar, M. (2006). Cybercrime and Society. London: Sage.

Online Grooming: An Exploration into the Genetic-Social Variables Which Enable Victimisation Faye Christabel Speed

1

Introduction

The first products of long-distance communication consisted of the telegraph (invented in the 1830s by Samuel Morse), the telephone (invented by Alexander Graham Bell in 1876), and the radio (invented by Guglielmo Marconi in 1895). Through the principle and objective of creating a facility for long-distance communication, these methods of technology have paved the way for the development of the internet within modern society. The Office for National Statistics (ONS) found that ‘almost nine in ten adults in the UK have recently (from January 2017 to March 2017) used the internet (89%)’ (ONS 2017). Within a ‘Brief History of the Internet’, Leiner (2009) identified the internet as a ‘worldwide broadcasting capability, a mechanism for information dissemination and a medium for collaboration and interaction between individuals and their F. C. Speed (B) Blackpool Teaching Hospital NHS Foundation Trust, Blackpool, UK e-mail: [email protected] © The Author(s) 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3_12

237

238

F. C. Speed

computers without regard for geographic location’ (Leiner 2009: 22). In modern society, this statement is perhaps a snapshot of the capabilities of the internet. For instance, technology allows contemporary society to use the internet in multiple forms ranging from a computer, laptop, tablet, mobile phone, television, to a smartwatch. Modern society also uses the internet for a variety of reasons such as online shopping, research, health tracking, streaming, documenting, education, real-time updates, financial transactions, communication and social media engagement, etc. (Hargittai 2010). It is apparent that British society is becoming increasingly reliant on cyberspace. The Communications Act 2003 placed a responsibility on Ofcom to investigate and research the use of technology among children. In 2016, Ofcom found that smartphone and tablet ownership were the most popular forms of digital access. ‘The increases in smartphone ownership from 2015 to 2016 are particularly evident for 8–11s (32% vs 24%) and for 12–15s (79% vs 69%)’ (Ofcom 2016: 7). Within a year, these statistics show the increasing engagement children have in the online world. It is conceivable that the increased access to the internet arguably increases the facility and opportunity for cybercrime. Moreover, within the past 20 years, it is apparent that there has been a surge in the creation and abilities of communication platforms. ‘Collectively these social technologies have enabled a revolution in usergenerated content, global community and the publishing of consumer opinion, now uniformly tagged as social media’ (Smith 2009: 1). It could be argued that this revolution is dominating the way we use the internet and is now embedded into mainstream society. It could be suggested that some of the most current and popular social media platforms are Facebook, Twitter, Instagram, Snapchat, and YouTube. Each of these social media platforms has a variety of features that equally develop and transform over time. For instance, some social media platforms now facilitate group chats to allow communication between multiple users (such as Facebook, WhatsApp, and Snapchat). However, the qualitative research conducted by Ofcom found that ‘often the functionality of group chats is now to indirectly facilitate bullying acts, as children are exploiting the ability to add or delete people from these groups in order to exclude or hurt people’ (Ofcom 2016: 11). It is apparent that new features

Online Grooming: An Exploration into the Genetic-Social …

239

of social media are being used to victimise users. For instance, with regards to online grooming, several social media platforms now enable the user to live stream. ‘Live streaming is the broadcasting of real-time, live video to an audience over the internet’ (Think U Know 2018). Such features create new and intensifying risks on the internet, especially with regards to paedophilia. For instance, when concerning live streaming, the user is unaware of who is watching and the probability of exposing intimate information and the user’s geographical location is often used without consent. It is plausible that these features enable a new and more intensified level of victimisation. It is arguable that such online access, technological advances, and increased reliance on social media platforms have expanded and enabled grooming within contemporary society. Due to continuous advancements in technology, it is foreseeable that online grooming requires further research to enable a more efficient prevention system. The following piece of research, which was conducted through a literature review, attempts to evaluate numerous findings and perspectives, divided into two themes, in order to suggest further preventative means. The first theme discusses how there are numerous variables that enable victimisation. Some of these consist of access and supervision, shifting patterns of perception, and the variables that enable child victimisation within the processes of policing and criminalisation. It could be proposed that a deeper understanding of child victimisation would enable society to create or develop existing ideologies in the prevention of child victimisation. Conversely, the second theme of this piece of work is to consider the overall limitations of existing research. This perspective attempts to consider how existing research is discussing the issues of online grooming through a single perspective. Therefore, existing research is analysed to identify how their perspectives could be considered from a wider, multifactorial analysis. This will include underpinning Owen’s (2012) Genetic-Social framework within the research and examine online grooming as caused by several contributing factors through a metatheoretical approach (Owen 2012). A multifactorial formation will attempt to consider numerous factors that enable online grooming, rather than examining grooming from a unitary perspective.

240

1.1

F. C. Speed

Perceptions of Paedophilia

The perception of paedophilia, in which child sexual exploitation is wrong, was socially constructed within British society in the late nineteenth century when the concept of a child within youth justice emerged. Throughout history, children have been presented as sexual objects. Essentially, this can be identified in the naked presentation or alluring intent of children in artwork, for instance through the depiction of cherubs. Additionally, this can also be recognised in the proposed sexual actions of children or derogatory descriptions of youths within poems and literature, and the perception of the class divide of children when examining the presentation of the rich and poor. These children were often identified as evangelical or romanticist (Fletcher 2010) in nature. Within contemporary society, it is a common misconception that paedophilia is illegal. There are numerous definitions of paedophilia but arguably all consist of the understanding that paedophilia is a ‘sexual interest in children for six months or more’ (Critcher 2002: 521). Although, it could be argued that there should not necessarily be a time constraint to be deemed paedophilia, the ideology of the paedophile is identified as a psychiatric disorder that disregards the norms of society. The perception and admittance of being a paedophile and having a sexual attraction to children are not illegal. However, acting on this could arguably lead to prosecution. The Sex Offenders Act 1997 lists all people convicted of acts ‘of a sexual nature involving an abuse of power, where the victim is unable to give informed or true consent’ (Greater Manchester Probation Service 1994, cited in Davidson 2002: 26). This refers to several offences including child abuse. With regards to the offence of grooming, Craven et al. (2006: 63) describe it as: a process by which a person prepares a child, significant adults and the environment for the abuse of the child. Specific goals include gaining access to the child, gaining the child’s compliance and maintaining the child’s secrecy to avoid disclosure. This process serves to strengthen the offender’s abusive pattern, as it may be used as a means of justifying or denying their actions.

Online Grooming: An Exploration into the Genetic-Social …

241

It could be suggested that the perception of child grooming is also a fairly new concept due to the change and advancement of how children are viewed in society. The opinion and purpose of children in society debatably began to change in the late nineteenth century when the 1870 Education Act came into provision and represented the first interest of children by implementing education on a national scale. However, for many years, this made little difference to the representation of youth as there was a silence of youth sexual solicitation until the 1980s when there was a rapid change in Western society (Smart 1998). In the 1980s the perception of gender roles was re-challenged and there were questions over the labelling and liberation of homosexuality, the rise of secondwave feminism, and questions over child sexual abuse. It could be argued that this was the first standpoint in which children were deemed as sexually vulnerable and in need of further protection. Fundamentally, it can be proposed that from the 1970s, the concept of paedophilia was caused by a culture shift in British society. Smart (1989) identified the end of the sexual silence on paedophilia in the 1980s during the Thatcher era. It could be suggested that this silence has now shifted towards the online realm and online paedophilia through the normalisation of digital relationships. Within modern society, predators have used the development of the digital age to enhance their grooming practices. The online world has given the predator a level of ‘safety’ in which they can hide behind a smokescreen of technology through a perspective of ‘Cyber Stature’ (Owen et al. 2017: 34). The ‘Cyber Stature conglomerate comprises of the numerous realms of the private sphere acting as a platform to “give” a cybercriminal status and power through the means of online social networking sites’ (Owen et al. 2017: 34). The digital sphere has also enabled predators to access children with little parental/guardian visibility, in which they can prey on numerous victims.

242

F. C. Speed

2

The Variables that Enable Child Victimisation

2.1

Access and Supervision

Within contemporary society, it is clear that the development of technology is at the forefront of public interest due to the re-innovation of digital capabilities. It could be suggested that the motivating factor behind innovation is to improve current technology and to create technological advances that simplify or improve everyday life and also aim to increase the efficiency of current processes. Consequently, due to the continuous advancements in technology, it could be argued that society has become reliant upon the technology that provides such ease and efficiency. For instance, from an educational standpoint, numerous classrooms are increasing their uses of tablets and apps. According to the British Educational Suppliers Association (BESA 2018: 2) ‘around three quarters of schools were using tablets in 2015, for over half of lesson time’. This first decreases the amount of marking a teacher may have to do when compared with writing on an answer sheet and it also makes an activity more interactive and appealing for children. However, this has perhaps changed the perspectives of children. Arguably, within the past ten years, the increased reliance on technology has further enabled the access children may have to the online world. Perhaps the idea of playtime now involves the use of a digital device and the norms of physical play and interaction have arguably been affected by the increase in and attraction to digital innovation. Accordingly, the increased presence of children in the online world increases the probability and opportunity for a child to become victimised online. Consequently, due to the increased access to the online world, it can be suggested that children are now more digitally savvy. It could be proposed that modern-day children are now developing their primary and secondary socialisation through online access. It is plausible that children are becoming increasingly digitally savvy due to their ability to retain more information and learn at a quicker speed. This is similar

Online Grooming: An Exploration into the Genetic-Social …

243

to Prensky’s (2001: 2) notion that ‘as a result of this ubiquitous environment and the sheer volume of their interaction with it, today’s students think and process information fundamentally differently from their predecessors’. It could be suggested that as children are more proficient with technology, it is perhaps foreseeable that there is a decreased degree of supervision of children as they have surpassed the knowledge and capabilities of a large degree of adults. For instance, it could be identified that a large degree of the ageing population does not access or understand how to use the online world. According to the Office of National Statistics (ONS 2017: 5), in 2017 only ‘four in ten adults aged seventy-five and over, have used the internet in the last 3 months’ (ONS 2017). Therefore, it is perhaps probable that adults do not know how to properly supervise their children when they are using the internet as these adults are unaware of how to use a large degree of the internet. This is especially relevant when considering grandparents and their knowledge of technology. Similarly, another factor that could contribute to the lack of supervision could be the increase in full-time working parents. ‘Parental supervision is seen in each of these jurisdictions (roles of the individual, society and state), as an essential element of protecting young people from online dangers’ (Steeves and Webster 2008: 5). As contemporary society has changed, the number of nuclear families has decreased and the variation in types of families has increased; this includes samesex couples, single-parent families, and stepfamilies, etc. It could be suggested that as the institution of the family has changed, the roles within the family have diverged in which there is no longer the cultural norm of the homemaker. For instance, it could be identified that within previous generations, children would be supervised to a higher degree as they would have the stereotypical mother running the household. However, as there have been economic shifts in the current economic climate, there has been an increase in the need for working parents. For instance, in 1975 ‘the female employment rate (aged 16 to 64) was at 55%, however in 2018 the female employment rate (aged 16 to 64) had increased to 71%’ (ONS 2017: 7). Therefore, this may alter the type of supervision a child may receive.

244

F. C. Speed

In addition, access to the online world has also diverged and multiplied. Children can now access the online world from multiple devices that can be used in numerous geographical locations. Therefore, compared to the original digital device, the computer, which could be kept in a central point within the home where the supervision of online use could be monitored, now digital devices do not have a single geographical standpoint that would limit the degree of unsupervised access. Therefore, children usually can access their digital device with little or no supervision when they please.

3

Shifting Patterns of Perception

It could be suggested that as technology develops, terminology and norms diversify. For instance, in Cybercrime and Society, Majid Yar (2013: 128), a Professor of Criminology at Lancaster University highlights the link between cyberstalking and cyber grooming, in which ‘cyberstalking can be understood as an online variant of similar behaviours that take place in other non-virtual contexts and environments’. Within contemporary society, it is perceivable that the norms of cyberstalking are becoming unconstrained and conversely enable cyber grooming. Within our digital society, cyberstalking ‘is less likely to entail direct, face to face harassment in which the perpetrator and victim are physically co-present’ (Yar 2013: 134). It is conceivable that due to the developments in online technology, such behaviours have become normalised and are a reflection of contemporary society. For example, it could be suggested that the notion of a Facebook stalker has become an increasingly used outlook on the personal use of social networking sites. Such concepts could be linked to the norms of online cultures in which there is a perceived benchmark of engagement. Essentially, this could be identified by the digital pressures of the younger generation to create as many online connections as possible. It is debatable that such tendencies and online habits are then reflected and supported within the strategies of online paedophiles due to the increase in the ease of connection. Such norms and concepts could be identified as enabling child victimisation.

Online Grooming: An Exploration into the Genetic-Social …

245

Yar (2013) also expands his discussion by contemplating the links between online paedophilia and fear-inducing moral panic. Principally, it could be suggested that the media have presented numerous youth orientated moral panics that have heightened the identification of child vulnerability in society. Such examples include the recent culture of celebrity paedophiles. Similarly, another paedophilic epidemic could be identified as the paedophile sex rings that have become widespread across the nation. Lord Macdonald, a former Director of Public Prosecutions for England and Wales argued that there was ‘a major problem in particular communities of men viewing young white girls as “trash” and available for sex’ (Sharman 2017: 4). It has been suggested that there has been little movement in the identification of paedophile sex rings due to the misconception that such rings are often only within the Muslim community due to the connection with the Rotherham paedophile ring. Consequently, it could also be proposed that such moral panics within public sphere paedophilia have preoccupied the awareness needed for online paedophilia. This, therefore, affects society’s awareness of online grooming. With regards to social norms, many individuals are often more vulnerable to the dangers online as there is increased social mobility and communication. Perhaps, the sense of risk is compromised when considering the effect of the ‘Bedroom Culture’ (McRobbie and Garber 1975: 9) and their perception of the online and offline world. This is apparent in several situations, where the individual is unable to identify or comprehend the same presence, abilities, risks, and dangers in the online world, in comparison to the offline world. This is perhaps due to the lack of physical presence and is apparent when a child is transgressing between the online and offline world. For example, if they are in the process of public sphere communication, but are simultaneously active on a social networking site through a digital device, they perhaps characteristically prioritise their abilities, risks and dangers in the offline world due to the physical presence. Speed identifies this perception as a camouflage affect due to the hidden presence of dangers online. Overall, it could be argued that the individual (especially a child) is unable to identify the merge within the public and private sphere due to an inability to be equally present in both spheres.

246

F. C. Speed

Moreover, Yee and Bailenson (2007: 271) similarly discussed that individual actions are instead affected by the ‘Proteus Effect’. This effect ‘demonstrates that as we change our self-representations online, our behaviour changes’ (Whittle et al. 2012: 67). For instance, within social networking sites, there are numerous variations in which individual physical, emotional, and social norms expand and diversify online. When discussing the physical elements, it could be proposed that the selfimagery varies in the representation used. For instance, arguably, for a large degree of society, one’s profile picture often does not express a realistic portrayal of the individual. Within contemporary society, this could be identified when children post photos online that are arguably too provocative or not age-appropriate, which consequently could make them more vulnerable. This has been expanded through the progression of filters within digital applications such as Snapchat, which often encourages digital natives (Prensky 2001) to alter their digital perception. Equally, regarding the differences in emotional norms, it could be suggested that the online sphere gives the individual the opportunity to enhance their characteristics through a different facility, for instance, ‘the fragmentation hypothesis states that the ease with which possible identities can be crafted online may fragment personalities’ (Valkenburg and Peter 2010: 121). Within contemporary society, there is an everincreasing digital presence of communication that has vastly affected the physical public sphere presence of dialogue. It could be suggested that there is a subconscious difference in online and offline communication. Typically, it could be proposed that the public sphere presence of dialogue gives a filter to our actions and outcomes by increasing our sense of consciousness and self-awareness. Arguably, this characteristically alters within the online world due to a diminishing quality of authentic communication, clear content, and palpable situations online. An example of this would be the use of digital emojis in comparison to real-world facial expressions. It is apparent within modern society that digital culture often encourages the use of emojis, ‘which are small digital images of icons used to express ideas or emotions in electronic communication’ (Donovan 2016: 23). However, it is plausible, that in the public sphere such extension or representation of ideas or feelings do not exist beyond the normality of facial expressions. Therefore, it

Online Grooming: An Exploration into the Genetic-Social …

247

could be suggested that due to the change in communication between the online and offline world, the change in risk or cues of danger are also otherwise identified. This could consequently make children more vulnerable.

4

Policing and Criminalisation

It could be suggested that a degree of individual policing, criminalisation, and legal stances enable the victimisation of children. For instance, research conducted by Savirimuthu (2012: 68) recognises that ‘sexual grooming laws not only delineate the standards of behaviour expected from individuals towards children but its provisions also identify the types of conduct, which if entered will give rise to criminal liability’. When considering the types of conduct that could be recognised as a criminal offence, it is possible that many individuals fail to distinguish between the lines of acceptable actions and risk provoking behaviour. For instance, it could be proposed that as cultural norms and social values are continuously being re-challenged, a portion of society is unable to recognise the different categorisations of age. Consequently, this could affect their ability to recognise an act that may be criminally liable. An example of this could be the integrating merge between childhood and adult life. The blurred lines or absence of distinction are apparent when considering the legal standards of behaviour. For instance, the legal age of marriage is 16 years old, which could be compared to the legal age to purchase alcohol at 18 years old. This can similarly be highlighted through the facility to join the army at 16 years old, compared to the legal capacity to buy a DVD or violent game that has been given a certificate of 18 years old. It could be maintained that the legal confusion of age combined with the sexualisation of childhood within the media could potentially evoke further paedophilic behaviour. For instance, it could be suggested that a large degree of society does not recognise that a 17-year-old person as legally a minor. Therefore, this may increase the attempts to sexually engage with a child. Correspondingly, this ideology resembles the intention of the paedophile by giving them a weak defence to avoid prosecution by maintaining that they did not intend to sexually

248

F. C. Speed

solicit a child. Here, there needs to be a move towards transparency in the law by indicating and creating the same definitions of childhood and adulthood. Furthermore, when examining the effect of the actions governed by the Criminal Justice System, it could be proposed that a large degree of society fail to consider to what degree public preservation and patrolling assemblages stem from professional policing, for instance, when regarding the ‘computer generated Sweetie’ (Campbell 2015: 348), which is a fake online profile the police use to engage with paedophiles. It could be proposed that the inclination of creating fake profiles immensely encouraged and intensified online paedophilia. Perhaps, the fault was not in the creation of ‘Sweetie’, which consequently gave paedophiles a similar ideology of altering their self-portrayal to the identity of another or fake profile but in the announcement of the creation, development, and actions of ‘Sweetie’. For instance, although this technology may deter a minority of paedophiles from interacting online, it is arguable that the consensus of creating a fake profile has raised, and perhaps normalised, the acceptance of fabricating online characters. Arguably, further evaluation should be conducted into how the components of the ideological state apparatus (Althusser 1969), possibly encourage or enhance paedophilic ideologies and strategies. Additionally, Sorell (2016: 8) questions ‘whether it is justifiable to criminalise steps in a harm-producing process if the steps come before the attempted full-blown crime’. Within the online grooming process, it is debated where the justified criminalised steps would be. For instance, would it be when attempting to create a fake social networking profile or would it be the point of online gratification in which sexual acts may be requested through imagery, video chat, or ‘cyber rape’ (Yar 2013). The threshold for online grooming as a preparatory offence is unclear and potentially fluctuating due to the diversification of the crime. When discussing the views of online grooming as a preparatory offence, Sorell (2016) does not acknowledge that the identity of a paedophile is not a criminalised offence unless these attractions are acted on. However, by extent, it could be proposed that the self-confessed identity of a paedophile, with no level of intervention (for instance medical assistance), could be by extent recognised as a possible preparatory offence.

Online Grooming: An Exploration into the Genetic-Social …

249

Although there is a level of freedom of speech and freedom of thought that should be considered, could it be suggested that the extension of preparatory offences would act as a sufficient deterrent? It could be proposed that society also places too much emphasis on the ‘Paedophile Hunter’ who is in the minority and who does not investigate to the extent of the police. For instance, Campbell (2015: 346) highlighted an array of policing methods and innovative software such as ‘Net Nanny, Cyber Patrol, Pure Sight, Cyber Sitter, Safe Eyes, Teensafe and Footprints’. Yet there is little emphasis placed on these institutions that arguably have more power and influence in the prevention of online grooming. Perhaps there needs to be additional research conducted into an overview of paedophilia prevention patterns and an evaluation into their degree of successful intervention. Similarly, it could be maintained that prevention strategies maintain a one-size-fits-all approach. For instance, it is apparent that children with severe disabilities can often be identified as more vulnerable by a predator due to their increased online access and often their goodnatured perspectives on the world. There is a lack of online awareness and policing specifically catered towards disabled individuals in contemporary society. Many online safety campaigns often address all children, however, this may not include the practices or alternate perspective that would help a disabled child understand. Campaigns such as ‘SafeSurfing’, which is run by Mencap: The Voice of Learning Disability, Cerebra, and ‘Staying Safe on Social Media and Online’ run by The Foundation for People with Learning Disabilities, are arguably not widely used or well known. It is arguable that the lack of awareness of such campaigns enable victimisation as the majority of society uses a singular approach for a range of children.

4.1

Explanation and Examples of the Genetic-Social Framework (Owen 2012)

Owen’s (2012) Genetic-Social framework is a development on Sibeon’s (2014) original anti-reductionist framework. However, Owen considers

250

F. C. Speed

the Genetic-Social framework from a standpoint that draws upon evolutionary psychology, behavioural genetics, and neuroscience in addition to numerous philosophies of social sciences such as sociology, criminology, and psychology. The purpose of the Genetic-Social framework is to consider the cause of human behaviour and criminal behaviour via a four-fold lens: socio-environmental, genetic, neurological, and psychological. Owen (2014: 3) recognises that: crime may be socially constructed, in the sense that human actors ascribe meaning to the world, but that there is still a reality ‘out there’ in the sense that environmental conditions are potential triggers of genetic or physiological predispositions towards behaviour that may be labelled criminal.

Within this perspective, which acknowledges a number of contributing factors that are simultaneously internal and external to an individual, Owen categorises how he believes the framework contends a multitude of invalid modes of theoretical justification. Owen (2017: 29) identifies such attempts of ‘illegitimate reasonings’ as ‘cardinal sins’. Following this, when considering the explanations and reasoning for online grooming, Owen’s (2012) use of the Genetic-Social framework enables crime to be reasoned through a multitude of contributing factors. For instance, as online grooming can vary depending on the child’s outlook and influences, the paedophiles intent and strategies, the contributing factors of external life (such as school, laws, and the media), and the use of the social media platform, it could be maintained that cyber grooming is consequently a subjective process, dependent on the interaction of the paedophile and the child. Therefore, Owen’s outlook of the GeneticSocial perspective, which identifies a number of factors behind the reasoning of criminalisation and victimisation, could be considered as an anti-reductionist (Owen 2014) framework that unifies a number of perspectives. For instance, when considering the Genetic-Social framework (Owen 2012) within the identification of the Proteus effect, which is the notion that online we change and alter our self-representation, ‘to conform to the behaviour that others believe would expect of them to have’ (Yee and

Online Grooming: An Exploration into the Genetic-Social …

251

Bailenson 2007: 274). This could be identified within one of Owen’s (2017) ‘Cardinal Sins: Functional Teleology’. According to Owen, ‘Functional teleology is an invalid form of analysis involving attempts to explain the causes of social phenomena in terms of their effects, where effects refer to outcomes or consequences viewed as performances of functions’ (Owen 2017: 30). Furthermore, within the Proteus effect, it is unclear if individuals have the intention to change their representation for the purpose of conforming to expectations and this level of analysis does not maintain an outcome of an effect. It is apparent that the ‘Cardinal Sins’ (Owen 2012) could be used to identify the shortcomings of such research. Consequently, in addition to the ‘Cardinal Sins’ (Owen 2012), Owen also recognises a number of meta-concepts that identifies key factors in a multi-perspective response to the reasoning for criminal behaviour. For instance, Williams et al. (in submission cited in Whittle et al. 2012: 71) discuss how as a ‘part of the rapport building process, an offender often synchronises their behaviour and style of communicating with the young person’s, generating commonality and making them comfortable’. This is an important part of the predatory process that could be referred to as the trust formation. Often the purpose of the offender synchronising their behaviour is to create a luring perception of identifiability. It could be suggested that a child’s sense of trust heightens, which consequently impacts on their level of communication when they consciously and unconsciously identify with an additional party. When referring to Owen’s Genetic-Social framework that considers the ‘Biological Variable’ (Owen 2017: 33) as a contributing factor to committing the crime, it could be suggested that the unconsciousness of trust could possibly be linked to the medial prefrontal cortex (mPFC) that actively considers the similarities and differences between the individual and the other (Harris and Fiske 2007). If the offender did not attempt to identify with the child, this would consequently affect the activity within the mPFC by creating a higher level of suspicion and questionable status. This ultimately ‘refers to the “feedback loop” which embraces both genes and environment, acknowledging plasticity and mutuality’ (Owen 2017, 33). Similarly, the ‘Infra-humanization theory’ (Leyens et al. 2009) maintains ‘that people see some groups as less human than others; they judge

252

F. C. Speed

outgroups themselves as not experiencing complex emotions to the same extent as the ingroup does’ (Harris and Fiske 2007: 46). Therefore, with respect to online grooming, the predator often attempts to synchronise their profiles and level of conversation with the child. Within this strategy of online grooming, the paedophile arguably uses the biological variable (Owen 2012), the environment, and psychological techniques to enhance the levels of conversation. Perhaps this example reinforces the perspective of ‘embodied cognition’ that ‘conceives the human mind as the product of the brain, the body and the interactions in the outside world’ (Owen 2017: 33). Conversely, when examining the EU Kids Online Model (Livingstone et al. 2015), which was initially proposed as a linear model that identified several contributing factors that enabled online grooming. It demonstrated a cause-effect design that broke down the stages of the offence. The model was based on Bronfenbrenner’s ‘ecological approach, in which he proposed encircling layers of social influence- from close to distant’ (Bronfenbrenner 1979, cited in Livingstone et al. 2015: 4). Arguably, this could be likened to Owen’s (2012) Genetic-Social approach, although rather than identifying the main influence from ‘close to distant’, the Genetic-Social (Owen 2012) perspective would entail using a stance of ‘Flexible Causal Prediction’ (Owen et al. 2017). Here, by cautiously conceptualising the combination of effects, ‘the researcher using the framework would be able to gain a picture of the most likely combination of variables’ (Owen et al. 2017: 38). However, although the model attempts to incorporate a cluster of statistic, theory, and evidence-based knowledge, it could be suggested that the model neglects to consider juvenile cyber danger from a biological positivist perspective when concerning Owen’s (2012) Genetic-Social framework. For instance, it could be proposed that children are genetically predisposed to certain characteristics due to their genetic makeup. Therefore, when considering a specific individual with features such as a degree of resilience, vulnerability, or passivity, it could be suggested that they are genetically prompted. This could be linked to Owen’s (2017: 33) identification of ‘psychobiography’ which ‘refers to the largely unique asocial components of an individual’s’ dispositions’. Another example could be in relation to the underdevelopment of the prefrontal cortex,

Online Grooming: An Exploration into the Genetic-Social …

253

which has been recognised as a key to impulsivity (Carrion et al. 2009). This could enable children to make decisions with less clarity and act with more haste, as they lack the full ability to comprehend the consequences of their actions, however, the effect of this is arguably subjective and dependant on their psychobiography.

4.2

Limitations of Existing Research and Drawing upon the Genetic-Social Framework (Owen 2012)

When considering Finkelhor’s (2012) precondition model (although this could be considered dated when discussing online grooming) it attempts to identify the steps leading to abuse. This concerns ‘a motivated perpetrator, overcoming the inhibitions through rationalisation and justification, overcoming the external constraints or barriers to gain access to the child, and finally reducing the child’s resistance to engaging in sexual activity’ (Savirimuthu 2012: 69). When considering Quayle’s (2017: 3) review of online grooming which starts by identifying the possible behaviours that could induce criminal offending and consequently cause a form of problematic digital behaviour such as ‘compulsive masturbation or addiction to online pornography’, Quayle mainly comments on the motivations and possible downfalls of the victim through the digital sphere they engage with. However, it could be suggested, similar to Quayle’s (2017) ideology that prevention of such harmful behaviour would primarily exist within the prevention of the paedophilic or sexually perverted self. Pratt and Fernandes, (2015) ask the question as to why most young people are ‘able to view pornography without sexually abusing others, while for others pornography seems to provide high levels of sexual stimulation and represents a manual on “how to do sex”, as well as lowering inhibitions to engage in sexually abusing behaviour.’ Quayle (2017: 13)

As stated, ‘the report considers the role of electronic media in sexually harmful behaviour although it acknowledges that reasons behind the

254

F. C. Speed

growth in online grooming, the viewing of online pornography, and the making and distributing of sexual images is poorly understood’ (Quayle 2017: 4). Arguably, it would not be realistic to give fault to a singular factor that could have solely caused the harmful sexual actions of an individual. This perspective would entail the framework arising out of reductionism (Owen 2017). ‘Sibeon distinguishes between “non reductive multi-factorial explanation”, in other words, explanations which draws upon a cluster of variables and compounded reductionism’ (Owen 2017: 18). It is arguable that when discussing the effects of online pornography, sexual imagery, and other external factors, that Quayle should also acknowledge factors that are not part of the digital culture. For instance, within Quayle’s (2017) review, there is a large emphasis on the differences between paedophilic contact offenders (offline offenders) and online pornography offenders. However, it could be suggested that Quayle did not take into account the perspective of the child. It is probable that within contemporary society, a number of children could be identified as more vulnerable as they wish to engage in sexual content in order to desensitise themselves so they can believe themselves to be ‘sexually knowledgeable’ or gain positive gratification from an influencer. This is one of the many factors that could contribute to the victimisation of a child. It could consequently be suggested that Quayle should be analysing grooming from a multifactorial perspective that looks at ‘Micro-Macro’ variations (Owen 2017: 32). For instance, ‘Micro-macro refers to differences in the units or and scale of analyses concerned with the investigation of varying extensions of time-space’ (Sibeon 1997 in Owen 2014: 119). Therefore, when considering online pornography, perhaps Quayle should discuss in terms of micro-macro (Owen 2014) the extent of the effect that pornography may have on an individual, in comparison to other contributing factors. Contrariwise, it is also apparent that the purpose of online grooming should be questioned. Whittle et al. (2012: 63) argue that ‘the purpose of grooming behaviour remains consistent across environments, despite potential variation in specific grooming techniques’. It could be argued that when grooming for online gratification, the predator often craves the virtual interaction rather than the physical interaction. It could be suggested this could be identified within Merton’s (1938) strain theory,

Online Grooming: An Exploration into the Genetic-Social …

255

in which a degree of individuals with a paedophilic mentality accept the cultural norms where grooming is criminalised and, therefore, is aware that it is not a socially acceptable norm. However, the individual deviates from the digital institutionalised means of living by transgressing against the norms online. This possibly could be identified as a digital innovator in which the predator creates a separate virtual selfrepresentation of themselves to engage with online interactions. It could be suggested that perhaps Merton’s ‘deviant adaptions’ (1938: 177) have been enhanced and extended with the development of technology. For instance, when specifically concerning online paedophilia, it could be proposed that there has been an increase in innovators who commit the crime due to the intensity of the ‘Online Disinhibition Effect’ (Suler 2004). This effect can be defined as ‘a lowering of behavioural inhibitions in the online environment’ (Lefler and Barak 2012: 434). However, it is questionable to what degree the internet—a machine—enhances our behaviour. Owen (2017: 97) maintains that distinguishing between ‘human agency, motivations and culpability from non-human objects and cyber technology could arguably lead to excuses being made for online criminal offending’. Therefore, it could be suggested that online access gives new opportunities to enhance characteristics, however, the purpose of online grooming may change as ‘human agency, motivations and culpability’ (Owen 2017: 97) also change. For instance, if the culpability of online grooming changed and was punishable by death, it could be suggested that a new motivation for online grooming would be an attempt at suicide. Overall, it could be maintained that the use of Owen’s (2012) GeneticSocial framework offers an insight which enhances current literature. The Genetic-Social (Owen 2012) approach offers a wider perspective which can be applied to all levels of research. The use of the ‘Cardinal Sins’ (Owen 2017: 29) creates a better justification for each perspective by analysing the possible critiques which could arise in research. By maintaining a more justified approach, the data produced arguably increases the credibility of the research. Similarly, the ‘Meta-Concepts’ (Owen 2017: 31) enable the research to create and maintain a wider perspective which accounts for a number of approaches which could be discussed with regards to their individual impact. For instance, the

256

F. C. Speed

‘Meta-Concepts’ (Owen 2017: 34) considers the ‘Time-Space’ dimension of research. This ‘refers to significant but neglected dimensions of the social and reflects concerns with temporality and spatiality’ (Owen 2017: 32). Therefore, the Genetic-Social (Owen 2012) framework does not only consider the basis and multi-dynamic perspectives within research, but also the opportunity and degree of effect in terms of time and space. This framework enables a researcher to create a more substantial, creditable outcome by considering multiple influences which could affect the reliability, scope, representativeness and validity of research.

Bibliography Althusser, L. (1969). For Marx. New York, NY: Pantheon Books. BESA. (2018). Tablet Adoption Continues to Rise; Barriers to Adoption Shift [Online] Available at: http://www.besa.org.uk/news/besa-press-releasetablet-adoption-continues-rise-barriers-adoption-shift/ [Accessed 13 May 2018]. Campbell, E. (2015). Policing Paedophilia: Assembling Bodies, Spaces and Things. Crime, Media, Culture: an International Journal, 12(3), 352–357. Carrion, V. G., Weems, C. F., Watson, C., Eliez, S., Menon, V., & Reiss, A. (2009). Converging Evidence for Abnormalities of the Prefrontal Cortex and Evaluation of Midsagittal Structures in Pediatric Posttraumatic Stress Disorder: An MRI Study. Psychiatry Research: Neuroimaging, 172(3), 226– 234. Craven, S., Brown, S., & Gilchrist, E. (2006). Sexual Grooming of Children: Review of the Literature and Theoretical Considerations. Journal of Sexual Aggression, 12(3), 63. Critcher, C. (2002). Media, Government and Moral Panic: The Politics of Paedophilia in Britain. Journalism Studies, 3(4), 521. Davidson, J. C. (2002). The Context and Practice of Community Treatment Programmes for Child Sexual Abusers in England and Wales. PhD, The London School of Economics and Political Science. Donovan, D. (2016, February). Mood, Emotions and Emojis: Conversations about Health with Young People. Mental Health Practice, 20 (22), 23. Fletcher, A. (2010). Growing up in England: the Experience of Childhood 1600– 1914. New Haven: Yale University Press.

Online Grooming: An Exploration into the Genetic-Social …

257

Hargittai, E. (2010). Digital Natives? Variation in Internet Skills and Uses Among Members of the ‘Net Generation’. Sociological Inquiry, 80 (1), 92–113. Harris, L. T., & Fiske, S. T. (2007). Social Groups that Elicit Disgust Are Differentially Processed in mPFC. Social Cognitive and Affective Neuroscience, 2(1), 46. Lefler, N., & Barak, A. (2012). Effects of Anonymity, Invisibility and Lack of Eye-contact on Toxic Online Disinhibition. Computers in Human Behaviour, 28(2), 434–443. Leiner, B. M. (2009). Brief History of the Internet. ACM: Internet Society, 39, 22. Leyens, J., Vala, J., Pereira, C., et al. (2009). From Infra-humanization to Discrimination: The Mediation of Symbolic Threat Needs Egalitarian Norms. Journal of Experimental Social Psychology, 45 (2), 299–452. Livingstone, S. (2003 a, b; in Livingstone et al. 2005a). People Living in the New Media Age: Rethinking Audiences and Users. Oxford Internet Institute/MIT Workshop: New Approaches to Research on the Social Implications of Emerging Technologies. Livingstone, S., Mascheroni, G., & Stasrud, E. (2015). Developing a Framework for Researching Children’s Online Risks and Opportunities in Europe. EU Kids Online, 1–21. McRobbie, A., & Garber, J. (1975). Girls and Subcultures: An Exploration. London, UK: Hutchinson. Merton, R. K. (1938). Social Structure and Anomie. American Sociological Review, 3(5), 672–682. Ofcom. (2016). Children and Parents: Media Use and Attitudes Report 2016 . London: Ofcom. ONS. (2017). Internet Users in the UK: 2017, [Online] Office for National Statistics. Available at: www.ons.gov.uk/businessindustryandtrade/itandinte rnetindustry/bulletins/internetusers/2017 [Accessed 4 February 2018]. Owen, T. (2012). The Biological and the Social in Criminological Theory. In Hall and Winlow (Eds.), New Directions in Criminological Theory (pp. 1– 73). London, UK: Routledge. Owen, T. (2014). Criminological Theory: A Genetic-Social Approach (pp. 22– 165). Basingstoke: Palgrave Macmillan. Owen, T. (2017). Crime, Genes, Neuroscience and Cyberspace (pp. 18–97). Basingstoke: Palgrave Macmillan. Owen, T., Noble, W., & Speed, F. (2017). New Perspectives in Cybercrime. Basingstoke: Palgrave Macmillan.

258

F. C. Speed

Prensky, M. (2001). Digital Natives, Digital Immigrants Part 1. On the Horizon, 9 (5), 3. Quayle, E. (2017). Over the Internet, under the Radar: Prevention of Online Child Sexual Abuse and Exploitation in Scotland . Scotland: Barnardo’s Scotland. Savirimuthu, J. (2012). Online Child Safety: Law, Technology and Governance (pp. 63–91). Political Science: Palgrave Macmillan. Sharman, J. (2017, August 10). Newcastle Sex RING Victims Suffered ‘profoundly Racist Crime’ Says Former CPS Chief [Online] The Independent Available at: www.independent.co.uk/news/uk/crime/newcastle-childsex-ring-asian-men-underage-white-girls-sex-abuse-racist-crime-lord-mac donald-cps-a7885571.html [Accessed 15 August 2017]. Smart, C. (1989). Feminism and the Power of Law. New York, NY: Routledge. Smart, C. (1998). A History of Ambivalence and Conflict in the Discursive Construction of the ‘Child Victim’ of Sexual Abuse. Social and Legal Studies, 8(3), 392–408. Smith, T. (2009). Conference Notes—The Social Media Revolution. Journal of Market Research, 51(4), 1–23. Sorell, T. (2016). Online Grooming and Preventive Justice. Criminal Law and Philosophy, 11(4), 2–11. Steeves, V., & Webster, C. (2008). Closing the Barn Door: The effects of Parental Supervision on Canadian Children’s Online Privacy. Bulletin of Science, Technology & Society, 28, 1. Suler, J. (2004). The Online Disinhibition Effect. Psychology of Cyberspace, 7 (3), 321–325. Think U Know. (2018). What Is Live Streaming? [Online] Available at: https:// www.thinkuknow.co.uk/parents/articles/what-is-live-streaming/ [Accessed 6 May 2018]. Valkenburg, P. M., & Peter, J. (2010). Online Communication Among Adolescents: An Integrated Model of Its Attraction, Opportunities and Risks. Journal of Adolescent Health, 48, 121–127. Whittle, H., Hamilton-Giachritsis, C., Beech, A., & Collings, G. (2012). A Review of Online Grooming: Characteristics and Concerns. Aggression and Violent Behaviour, 18(1), 1–63. Yar, M. (2013). Cybercrime and Society (pp. 120–134). London: Sage. Yee, N., & Bailenson, J. (2007). The Proteus Effect. Human Communication Research, [e-journal] 33(3). Available through: Wiley Online Library [Accessed 14 May 2017].

Index

A

Absence of a legal guardian xiii, 218, 220, 227, 228 Abusive image xii Activism 64, 65, 67, 77, 80 Actor–Network Theory (ANT) 17 Agency 5, 7, 9, 16, 182, 221, 222, 255 Anonymous 49, 65, 67, 70–80, 88, 90, 101, 175 Article 6 of the Convention on Cybercrime 44

B

Black lives matter movement 134

Child victimisation 239, 244 Communications Act 2003 238 Computer Misuse Act 1990 (CMA) xi, 41, 42, 44, 53, 69 Criminalisation of tools xi Critical Art Ensemble (CAE) 65, 66 Cult of the Dead Cow 69

D

Deviant adaptation 255 Directive 2013/40/EU (EU) 43, 47, 55, 57, 106 Direct use of obfuscating tools 42, 50, 51 Dramas 127 Dual nature of hacking tools 43

C

Cartel executions 133 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2021 T. Owen and J. Marshall (eds.), Rethinking Cybercrime, https://doi.org/10.1007/978-3-030-55841-3

259

260

Index

E

K

Electrohippies 67 Electronic Civil Disobedience (ECD) 65, 66 Electronic Disturbance Theater (EDT) 66, 67 European Telecommunications Standards Institute (ETSI) 195 European Union Agency for Cyber Security (ENISA) 45, 48, 193, 195 Exploring Active Personality as an alternative to Objective Territoriality 116

Kein Mensch is Illegal 68

L

Lack of international rule to solve future conflicts of territorial limits 112 LGBT online experiences xiii Limit of Ne Bis In Idem in transnational context 106, 114–116

M F

Facebook Killer 134

Madeleine McCann xiii, 145, 151 Merton, R.K. strain theory 254 Mondo documentaries 125

G

Global Information Security Watch 178

H

Hacking xv, 4, 41, 43, 44, 54, 55, 64, 74, 202 Hacktivism xi, 64–70, 75, 77, 78, 80 Hoschild, A. 146

I

Identities online xi, xii, 77, 91 Ideology of motherhood xii, 146, 147, 150, 155, 160 Instant Messaging 88, 91, 99 Internet grooming xi, 25, 36

N

Narcissism 136, 137 Needham, Kerry 146 Nigeria xiii, 107, 214, 215, 217, 220, 222, 223, 226, 229, 231, 232

O

Online politics 63 Online territoriality 12, 106 Owen agency ix, 6, 8, 10 anti-reductionism viii, xiv, 19, 249, 250 biological variable ix, 6, 10, 251, 252 CD H13 genes 14, 15

Index

cyberterrorism x, 3–5, 11, 16–19 cyber violence 4, 13–16, 18 Dark Tetrad of Personality 12 Dasein 9, 11, 17 dualism 10 embodied cognition 17, 252 emotive aversion 8 essentialism 7 Flexible causal prediction (FCP) x, 19, 20, 252 functional teleology 7, 251 genetic fatalism ix, 6, 8 hate trolls 4, 14, 18 Heidegger, M. 5, 8, 9, 11, 17 incantatory language 8 intermittent gewissen 10 MAO-A genes 5, 14 metatheorey viii, ix, 8, 14–16, 18, 239 micro-macro ix, 6, 254 Neural Darwinism 9 neuroplasticity 11 neuro-agency 5, 11, 16, 17 ontological flexibility xv, 5 oversocialised gaze ix, 6 post-postmodernism viii, x, xiv, 5 power 9, 10, 241 product 7, 252 realist ontology 18 reductionism 254 reification 7 relativism viii, 7 simulated non-human agency 9 time-space ix, 6, 9, 254, 256 virtual criminology 17

261

training-identity synthesis 92 Police and Criminal Evidence Act (PACE) 89 Political cybercrime 56, 64 Posthuman Agency 17 R

Real risk of multiple prosecutions 111 Red Rooms 122, 132, 133, 138 Regulation of Investigatory Powers Act (2000) (RPA) 89 Rights of the suspect in cybercrime 107 Risk society xii, 6, 146 Routine Activity Theory (RAT) 215, 218, 220, 227, 231 S

Section 127 of the 2003 Communications Act 153 Serious Crime Act (2015) 48 Sex Offenders Act 1997 240 Smart TV Surveillance 202, 204 Snuff films 121–124, 127, 128, 132 Social media responsibilities 137 Spillover effect of cybercrime 108 Suler, J. 5, 12, 14, 18, 177, 255 online disinhibition effect 12, 19, 177, 255 Swedish gang rapes 135, 136 T

Trainee undercover officers 88, 91 P

Pilgrim 88, 91, 92

262

Index

V

W

Vygotsky, L.S. xi, 23, 25–27

Wuttisan Wongtalay murder and suicide 135