“Emergent Technology is, by its very nature, out of control and leads to unpredictable outcomes.” William Gibson The arrest of Saddam Hussein was considered by many Americans and British civilians, military figures, and politicians to be the key to the beginning of the end of the war in Iraq. It wasn’t. But what I want to discuss here is not the politics of the war in Iraq or Hussein’s arrest. I want to examine the legality of the snuff film of his execution taken clandestinely by a digital device, a mobile phone camera.
The gruesome images taken in January 2007 of Hussein’s execution were available for public viewing on Al-Jazeera and other websites on the internet within hours of the execution. That day, a million people had witnessed the execution. The man who made the film was arrested by the Iraqi authorities. Photographs or video images showing a death or “snuff” film used to be actionable or outlawed in the UK because they were “obscene, defamatory, libelous…encourag[ing] conduct that would be criminal or otherwise inappropriate.” But now we have entered into an age of uncharted territory with digital or e-crimes. Now it appears impossible to legislate against such mobile phone images or control their reproduction as they move around the globe to unregulated jurisdictions.
In this essay, I briefly define what a digital crime is; identify four distinct types of crime which involve the use of digital devices for their commission or their use of online services as a delivery mechanism. I describe how the crimes work and give suggestions to members of the general public on how to avoid falling victim to this type of crime, using technical and non-technical means. I examine the use of identity theft and crimes in which digital data is not the only resource used.
WHAT IS DIGITAL CRIME?
Some possible answers: (1) a woman stealing a lap-top computer from a store and not paying for it is clearly a crime involving a digital device, but the computer in question is a piece of property and this is simple theft;(2) and an IT consultant analyst steals a large number of disc-packs of software and demands ransom for their return, thereby committing common theft and extortion not a digital crime. For the purposes of this essay, digital-related crimes are defined as those crimes during which some digital device is used in the actual commission of the crime; in other words, those crimes where the digital device has played an active rather than a passive role.
1. COMPUTER ASSISTED FRAUD
The vast majority of computer-related crimes in the UK are fraudulent; that is, committed by obtaining financial advantage by deception. Virtually all financial control and accounting systems are now computer-based and therefore these systems are under constant threat of fraud, including skimming money from bank accounts, changing people’s credit records, break-ins to computer records, and identity thefts. Most cases involve fraud by the use of a computer system, but they also have one common feature: they are standard case-book crimes which have occurred for as long as financial institutions have existed. Digital crime is easier to commit than paper crime however. For one, it is more difficult to discover the identity of the perpetrator; the forensic paper trail is more onerous on the investigator. And it requires the expertise of a computer security expert. Until recently, such experts were not involved in security matters as a matter of course. Although most digital crimes involved thousands of pounds, some cases involved millions.
Twenty-three years ago, the Data Protection Act 1984 was introduced into English law. The primary purpose of the Act was summarized during parliament debates on the legislation by the Under Secretary of State at the Home Office:
The Bill is drafted to fulfill two purposes: the first is to protect private individuals from the threat of the use of erroneous information about them held on computers. The second is to satisfy the Council on Europe Convention on draft processing so as to enable our own data processing industry to participate freely in the European market.
English and Scottish Law Commissions were set up in the late 1980’s to review the UK’s legislation on digital crime and both Commissions decided to enact The Computer Misuse Act 1990 which applies across the whole of the UK. The Act came about specifically to deal with “hacking”-a term derived from the fictional novel Neuromancer, to describe an individual who obtains private information not open to the public via computer.
Criminally speaking there are two forms of hacking which are liable. Firstly, when A uses B’s computer using B’s personal financial details without B’s consent to purchase something to avoid paying for the merchandise. The second form of hacking is when personal identity or financial data pertaining to a private individual is obtained without their consent or authorization. There is also extortion which follows from hacking into bank’s and other financial institution’s computer systems. This occurs when the perpetrator threatens to crash the system by hacking into it unless cash is paid to them. This occurred no less than three times in the early 1990’s and the banks paid up eventually to avoid damage to their systems.
The data held on computers pertaining to an individual can be extremely sensitive and can cause tremendous problems for the victim when the information is revealed to the public. It can result in financial loss, personal disgrace, etc. Hacking applies to the outside hacker outside or within the victim’s employment or residential environment. Insider hacking was addressed in Attorney General’s Ref (No 1 of 1991) (1992) 3 WLR 432 “In this case a former sales assistant took advantage of his knowledge of a shop’s computer system to purchase equipment there at a reduced rate.” The Court of Appeal held the offence “could apply to ‘insider hackers’ who make unauthorized use of the computer system as well as outside ‘hackers.’
The Public Telecommunications Act 1984 was primarily enacted to tackle the problem of people who illegally obtained access to telecommunications systems by fraudulently representing themselves as registered customers of that system. It also covers people who dishonestly obtain telecommunications service with intent to avoid payment. The offence of concern to us here, however, is what has come to be known as “cyber-stalking,” and it is treated in most cases as seriously as physical stalking. In the UK, the law states that “Cyber-stalking occurs not only when someone sends a message which is obscene, indecent, or grossly offensive, but also someone who sends a message for the purpose of causing annoyance, inconvenience, or needless anxiety to another.” It covers those who use telecommunications systems to stalk their victims (i.e. land-lines, mobile phones, and even beepers). This form of the crime falls under the Public Telecommunications Act 1984. The victim can also use the Protection Against Harassment Act 1997, s. 4. The consequences of both forms of stalking, either via a phone or a computer, can result in a criminal charge though usually the police issue the cyber-stalker with a warning before they apply any criminal charges.
4. CHILD PORNOGRAPHY AND SEX CRIMES
Child pornography is one offence which can lead to a crime being committed without the use of the computer to commit the ultimate offence or offences, including rape, sex with a minor and unauthorized use of pornographic images of children taken by digital cameras. The Internet Watch Foundation (IWF) is the UK’s hotline for reporting illegal content, child abuse images, and incitement to racial hatred. According to IWF figures, internet child abuse is growing significantly. IWF said the proportion of sites reported to it containing material in the two most severe categories had risen four-fold from 7% in 2003 to 29% in the last year. “60% of commercial child-abuse websites now sell child rape images.” Furthermore, the proportion of children in these images under 12 is 9%. Most of these sites originate in the USA and Russia. Britain accounted for less than 1% of cases.
As recently as February 2007, British police arrested 72 people as part of the biggest child porn investigation in Austrian history. Police computer experts were able to track the users who logged on and paid to download the material. In the US, parents are suing Rupert Murdoch’s news corporation MYSPACE for 5 teenage girls who were targeted, were “groomed,” and then were sexually abused by men. Child sex-trafficking for the purposes of this type of digital porn has become an extremely serious and growing global problem.
OTHER DIGITAL CRIMES
Money laundering, extortion, defamation, cyber-hate, criminal communications involving car theft and bomb-making, online gambling, drug-trafficking, terrorism, are all crimes which involve “Information systems as instruments or targets of illegality” (Grabosky & Smith, 2003 p. 180). Again, crimes involving digital devices are virtually impossible to prevent because of the increasing sophistication of the perpetrators, who often use personal un-registered mobile phones or web cams to take images which are then reproduced on the internet while maintaining their anonymity. They also use computers in cyber-cafes in which their identity can remain hidden.
There is a plethora of software which can be purchased or even downloaded for free to protect you from the fraudulent use of your details or even identity-theft, computer viruses, dumpster diving, and spam (which has grown exponentially over the past decade). However, every single attempt to prevent these crimes is eventually unraveled by some expert in computer crime, someone even trained in government computer security.
- Make sure your software is up to date. The more current your software, the less likely the hacker will know how to break in.
- Get some software that protects your system. You can even download some for free.
- Use a good password – no names or other common combinations. Use at least one number.
- Don’t open email attachments from strangers (they may contain viruses or spyware). Don’t download software unless you really need it and are certain of the author’s ID.
The US Dept. of Justice which has developed the most legislation against digital crime has published a document intended to encourage good digital device practice entitled “Cyberethics” which “refers to a code of safe and responsible behaviour for the internet community.” Perhaps the UK could publish such documents. Enacting more legislation is problematic because the crime is just transferred to a non-regulated jurisdiction. Regarding the illicit filming of the execution of Saddam Hussein, the Senior Vice-President of ABC Bob Murphy commented, the filming “shows the potential of cell phone video as a powerful new source for news organizations but also indicates the lack of control authorities have over people when they are allowed to take pictures.” This comment strikes at the very heart of the problem of policing digital crime. The authorities have difficulty monitoring what people do in the privacy of their own homes and with so many billions of systems and PC’s, it is virtually impossible to control the content of the internet. Perhaps there will be some better solutions in the future; at the moment, the present digital-crime wave demonstrates that digital technological devices have opened a veritable Pandora’s Box of criminal offences.