Introduction
Scholars, researchers, and criminologists agree that despite numerous efforts to define what cybercrime is, they are yet to come up with a standard definition of the term. The very nature of crimes committed over computer networks makes it hard for the debaters to reach an agreeable conclusion. While the debate is healthy, some scholars (Cross and Shinder, 2008; Gordon and Ford, 2006; Kirkegaard, 2005) argue that the lack of a standard definition hampers how security experts react to the range of crimes committed in the virtual environment. Gordon and Ford (2006) are among scholars who believe that multiple definitions of cybercrime have led to confusion among security experts since the multiple definitions do not offer a clear picture about the breadth of crimes committed in cyberspace.
Acknowledging the role that the computer information technologies have played in breaking down geographical and cultural barriers, Kierkegaard (2005) observes that the global nature of cyberspace frustrates any efforts to come up with a globally-acceptable definition of cybercrime” (p. 60). Specifically, Kierkegaard (2005) notes that conceptions of crime differ between cultures, and what Americans consider as ‘crime’ may not be perceived the same way in Asia, Africa, and even in some European countries. This then makes it difficult for security experts to recommend universal means of preventing, detecting, and even prosecuting cybercrimes.
To combat cybercrime, Ngafeeson (2010) argues that businesses, governments, and the expansive global community would need to work together. Ngafeeson’s (2010) argument would however bear fruits only if the interested parties develop a standard way of defining, identifying, and classifying cybercrime. Admittedly, the longer the security forces stay without a clear and succinct definition, the more cybercrime evolves hence outpacing any efforts set up to fight it.
Different definitions
According to Ngafeeson (2010), though scholars and security analysts agree that cybercrime is a global menace, they have only managed to describe the phenomenon partially. Notably, some scholars and crime experts define cybercrime as ‘computer-assisted’, while others define it as ‘computer-focused’. An example of the former definitions is represented by Wall (2007) who defines cybercrime as “the transformation of criminal or harmful behavior by networked technology.” The latter group of definitions is represented by Wilson (2007) who defines it as “a crime that is enabled by, or that target computer”. According to Ngafeeson (2010), these distinct definitions limit the security forces’ ability to deploy effective crime-fighting measures in the virtual environment.
Restating a theory by Cantor and Land (1985), Ngafeeson (2010) observes that cybercrime, just like other ordinary crimes “required the presence of motivated offenders, suitable targets, and the absence of effective guardians” (p. 4). Lacking proper definitions of cybercrime means that although there are motivated offenders and suitable targets in cyberspace, guardians are usually lacking effective countermeasures in some cybercrime categories because the crime specialists do not deem them ‘crime’ enough situations. In other cases, countries simply lack a criminal justice system to address cybercrime.
But how does this happen? Well, Nagre and Warade(2008) offer some insight into how cybercriminals take advantage of the disharmony between different stakeholders interested in ending cybercrime. To start with, Nagre and Warade (2008) note that law enforcement bodies are not fast enough to catch up with new technologies used in cyberspace. This means that cybercriminals monitoring new technological development can outpace the law enforcement bodies.
The lack of a standard cybercrime definition further worsens the law enforcements’ inadequacy since different countries, individuals and businesses do not coordinate well to fight cybercrime. Specifically, countries that have varying definitions of the offense use conflicting policies to address cybercrime. Cybercriminals who are well aware of penalties enforced by different countries can move to geographic locations where their actions are not categorized as crimes, or where the cybercrime policies are lenient.
Nagre and Warade (2008) give an example of software embedded on a computer host system silently spying on the information accessed by a computer user. While this may not be seen as a crime in some countries, other countries, especially in the developed world see such spying as a blatant invasion of people’s privacy. Such an act moves from being just a civil case of invading someone’s privacy to a criminal act when the instigators of the software silently steal information from a computer without the user noticing it.
Nagre and Warade (2008) further note that governments the world over have accepted attempted cyber espionage as a normal activity instituted by curious citizens (and foreigners) to test the defenses that governments have on their computer configurations. While some governments view such activities as being motivated by curiosity, Nagre and Warade (2008) argue that individual criminals or criminal groups with vested economic or political motives can successfully hack into government computers hence accessing information stored therein.
For this reason, the authors argue that governments and criminologists’ failure to label actions in cyberspace could also hinder their inclusion in the cybercrime list. Specifically, some of these possible criminal activities, which include secret monitoring of computerized functions and cyber espionage, are considered necessary for economic completion and national defense. Articulating the threat posed by such government-created criminal leeway, an unnamed industrial official cited by Nagre and Warade (2008) lamented that the weak computer security practices enforced by the government could create room for crises in the future. If hackers for example succeed in breaking into databases containing sensitive information, the government would not just dismiss such an action as an ordinary glitch in cyberspace.
Without a proper definition of cybercrime, governments, individuals, and even businesses lack standard reactionary measures when cybercriminals attack. In an example offered by Nagre and Warade (2008), the United States Department of Defence (DOD) could not determine the best way to react to cyber-attacks launched from China even after determining that most such attacks did not come from ordinary malicious individuals. Specifically, Nagre and Warade(2008) note that the DOD did not know whether to treat the attacks as an intentional war from china, thus calling for military intervention or just ordinary crime that could be handled by police detectives.
Hoisington (2009) is among scholars who hold the opinion that ordinary cybercrime incidents like the deactivation of government websites could easily degenerate into cyber warfare especially if computer espionage targets critical networks. Specifically, Hoisington (2009) argues that cybercrime can assume destructive scenarios to the extent of risking lives through misinformation. The scope of offenses is however wide and includes actions such as illegal interceptions, copyright theft, cyberstalking, tax evasion, money laundering, cyber-terrorism, extortion, Denial of Service(DOS), electronic vandalism, forgery, investment fraud, and identity theft.
Other offenses that can also be classified as cybercrime include the illegal and unauthorized use of remote computers or digital devices, espionage, and the publication of offensive material about individuals, businesses, or governments. That is not all; Gordon and Ford (2006) hold the opinion that the definition of cybercrime continues evolving depending on the perceptions held by victims of cybercrimes and their observers or protectors.
Dealing with crimes committed over cyberspace requires law enforcement officers, criminologists as well as policymakers to visualize any imaginable crime that can be committed on virtual platforms and develop measures to counter the vices. As Gordon and Ford (2006) state, criminals with the intent to commit a crime will exploit every available option that cyberspace provides. This explains why terrorists and pedophiles readily use the virtual environment to perpetuate social evils.
Gordon and Ford, therefore, argue that a basic definition of cybercrime would need to be based on theoretical frameworks. Most of the existing descriptions are only descriptive and thus they fail to capture the entire breadth of crimes committed in cyberspace (Parker (1998). It is for this reason that Gordon and Ford (2006) propose that defining cybercrime, as “any crime that is facilitated or committed using a computer, network, or hardware device” would be a simple, yet comprehensive description (p. 14).
The description by Gordon and Ford (2006) does not state the nature of offenses that should be considered as cybercrime. As such, it is presumable that any offense committed on computers, computer networks, or hardware devices can be defined as a cybercrime. Notably, the authors admit that cybercrime can also occur in non-virtual environments, since “the computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime” (p.14). This can be interpreted to mean that the computer or electronic device used to perpetrate cybercrimes does not have to be in a network. While this definition may be comprehensive, it still does resolve the problem of responding to cybercrime. Specifically, criminologists and security experts would need to define crime if they are to devise effective means of responding to cybercrime.
Defining crime
Rossiers and Bittle (2004) argue that crime can be defined simply as “something that is against the law,” or broadly as a social wrong, which is shaped by the society’s understanding and response to the same (VI). If cybercrime were to be addressed based on these definitions, criminologists and security experts would still have a huge problem in their hands. In the first description, Rosiers and Bittle (2004) suggest that any activity that goes against stipulated legal guidelines is a crime. While this may look like a straightforward definition, applying this concept to cybercrime would still raise problems.
Specifically, the fact that different countries and cultures linked by cyberspace have different legal approaches to addressing crime would make countering cybercrime from a global perspective a challenge. An example of how this happens is Gordon and Ford’s (2006) observation that developed countries recognize infringement of copyright of computerized information, programs, or hardware as serious forms of cybercrime. Developing countries on the other hand do not have strong copyright laws, and some even lack the mechanisms needed to enforce such laws. Such a scenario gives cybercriminals a perfect ground to exploit the legal inadequacies in developing countries, and by extension the non-standardized criminal laws between the countries and cultures.
Rosiers and Bittle’s (2004) second definition of crime does not provide criminologists and security officers with an easier solution on how best to define, identify and respond to cybercrime either. The authors’ suggestion that crime is a social evil shaped by a society’s understanding and response to social offenses suggests that the concept of crime varies in different societies, thus making it even more complex to arrive at a standard definition of cybercrime. This then compounds the probability of getting a standard solution on how best to respond and address cybercrimes.
Why is a standard definition of cybercrime so important?
According to Finnie, Petee, and Jarvis (2010), governments, businesses, and individuals face a degree of ambiguity whenever they seek to identify and address cybercrime. Specifically, even experts in computers and related technologies seem to disagree on the exact cyberspace behaviors that deserve to be classified as being criminal. Countries or regions have therefore resulted in developed their definitions of the term, usually putting into consideration what the society in question perceives as criminal behavior. Consequently, Finnie et al. (2010) note that discrepancies exist in definitions used by different countries or regions, and this by far negates any effort that the global society may put in place to identify and combat cybercrime.
The discrepancies that exist between countries and regions in their definition of cybercrime, no doubt affect how security experts design reactionary measures to related offenses. As explained elsewhere in this paper, lenient cybercrime laws in some countries give cybercriminals an operating platform where they effectively evade the legal consequences put in place by countries or regions that have stiffer cybercrime laws.
With a standardized definition of cybercrime, however, such law-evading behaviors would decline. However, a global uniform response to cybercrime would require more than just a standardized definition of the cyberspace crime phenomena. It would be a more strategic crime-fighting measure if countries, regions, and cultures aligned anti-cybercrime laws in a manner that made it difficult for cybercriminals to enjoy leniency in some regions.
Any attempts to attain a standard definition of cybercrime should be done with the need for flexibility in mind (Hoisington, 2009). Specifically, security experts and policymakers should expect variations of cybercrime to come up in the future. As such, any uniform laws made in response to prevailing cybercrime trends across geographical borders should be flexible enough to react to new kinds of criminal activity developing in cyberspace.
A specific definition of cybercrime would bring to the fore the intensity of different offenses committed in the cyberspace hence guiding security experts on how best to detect, arrest and punish perpetrators. Gordon and Ford (2006) hypothesize that dividing cybercrime into two continuums would make defining the phenomenon easier; hence making the responsibility of designing response measures less strenuous for the security experts.
Specifically, Gordon and Brown (2006) suggest that cybercrime should be divided into i) crimes targeting technology; and ii) crimes targeting people. The first category of cybercrimes involves crimes that are technical and discrete and may require the offender to use crime-ware programs. Offenses in the second category, on the other hand, are less technical. While perpetuating the latter, criminals may prey on their victims using ordinary software packages such as e-mail and instant messaging among others.
Notably, cybercrimes targeting technology would need crime experts and policymakers to remain vibrant in making laws that respond to the fast-evolving tech crimes even after attaining a standardized definition. Cybercrimes directed towards people would however not require much response creation by the security experts, since they can be addressed using existing criminal laws. According to Gordon and Brown (2006), the latter category of cybercrimes are ordinary traditional crimes facilitated by cyberspace and can be addressed using ordinary criminal laws. Examples of such crimes include child pornography, drug trafficking, money laundering, child predation, corporate espionage, stalking, and terrorism. In some cases, however, existing laws cannot adequately address the ‘old crimes’ committed in cyberspace (Cross & Shinder, 2008).
According to Cross and Shinder (2008), definitions of cybercrime matter because their accuracy provides security experts with an incentive to develop effective legal responses. Moreover, the formation of new laws to address cybercrime would form a basis for court precedents, which would be used to address similar cases in the future.
Do definitions matter?
According to Cross and Shinder (2008), “criminal offenses consist of specific acts or omissions, together with a specified culpable mental state” (p. 3). For security experts and policymakers to develop enforceable laws, the definition of a crime has to be specific. As many legal experts would tell, unspecific definitions in criminal law provide room for maneuver to both the prosecution and defense sides. This would in turn cause arguments, confusion, and even litigation regarding the applicability of the law.
Jurisdictional issues also make precise definitions of cybercrime important. As Cross and Shinder (2008) argue, investigating cybercrimes can only be successful if law enforcement officers know the specific nature of the offenses involved. Moreover, the investigators need to know the specific laws that address cybercrimes since such knowledge is helpful in the investigation stage.
Definitions of cybercrime also matter because as Cross and Shinder (2008) observe “the IT personnel, users and victims, police officers, detectives, prosecutors, and judges” cannot intelligently discuss offenses committed on cyberspace in the absence of definitions that are either the same or substantially similar (p. 9). Without clear definitions, it is also obvious that collecting meaningful cybercrime statistics would be a futile undertaking, hence making any effort to analyze cybercrime trends or patterns pointlessly. Without a proper and comprehensive analysis of cybercrime, government agencies responsible for the welfare of citizens cannot adequately counter cybercrimes.
Specifically, Cross and Shinder (2008) observe that for government agencies to develop proactive anti-cybercrime prevention plans, they would need to train specialized personnel, and buy sophisticated equipment. Such an undertaking would require agency heads to ask for additional budgets, which they would need to justify by proving that cybercrime is a real threat to the public. Without statistics attained from cybercrime analysis, the agency heads may not have the facts needed to back their request for additional funding.
The hope of attaining a standard definition of cybercrime
Despite Cross and Shinder’s (2008) assertion that developing proactive cybercrime prevention plans depends on how willing regions, countries, and other cyberspace stakeholders are to attain a standardized definition, there is no denying that such a milestone would face numerous challenges. Stakeholders would need to overcome the multi-jurisdictional nature of cybercrime definitions. In the United States alone, different states’ organs define cybercrime in different terms.
The definition used by the Federal and State Statutes is different from the definition used by the USA Patriotic Act, the Protect America Act, and the State Laws. On the international scene, the United Nations has its definition of cybercrime, as does the European Union. If a common definition were to be attained, it is rather apparent that a lot of coordination and cooperation would be needed within and outside geographical, cultural, and regional divides.
According to Gordon and Ford (2006), a common cybercrime definition would “provide researchers with a common language, necessary for sound collaboration (or even meaningful discussion)”, which would perhaps motivate governments, businesses, and individuals to adopt a common ground (p.16). Consequently, a common definition would make it easier for security experts to determine the scope of cybercrime, therefore enhancing the chances of experts finding successful counter-cybercrime measures. As Gordon and Ford (2006) state in their conclusion, the different definitions of cybercrime only lead to unclear usage of the term, which consequently leads to conflicting responses by security forces based in different jurisdictions.
The admission by scholars, legal experts as well as policymakers that cybercrime definitions need to be standardized could be an indication that cyberspace stakeholders may too awaken to the same need. If the observation made by Kierkegaard (2005) is anything to go by, government and business enterprises have already realized that confronting cybercrime individually is no longer effective. As such, more stakeholders are encompassing other constituencies across geographical, cultural, and regional borders in the search for effective solutions to counter cybercrime.
Conclusion
The details revealed in this essay leave no doubt that indeed definitions of cybercrime do matter. Moreover, different definitions may not help crime experts, the legal fraternity, and law enforcers in identifying and addressing offenses that occur in cyberspace. As such, scholars such as Cross and Shinder (2008) advocate for a standard definition of cybercrime, arguing that such an act would make analyzing cybercrimes easier hence necessitating the formation of effective detection and deterrent legal practices.
Whether the global community will adopt a standardized definition or continue with their fragmented definitions is only a question that time will answer. In the meantime, cybercrime will progress and change in line with other developments happening in cyberspace. As such, we can expect that internet criminals will get more creative as they passionately pursue victims across international borders. While the solution to cybercrime does not entirely lie in standardizing its definition, it is clear that a common description of the phenomena across the world would give security experts a common ground to examine the offenses.
This would in turn enhance the chances of the security experts developing cyber crime-fighting techniques applicable across geographic borders. If not for anything else, the standardized cybercrime fighting techniques would deter criminals who base their actions in countries or regions that treat the offenses leniently.
To give credit where it is due, however, this essay must admit that security experts have developed technological countermeasures against cybercrime over the years. This is despite the different definitions of the cybercrime phenomena. The effective use of the countermeasures however varies across physical and geographical borders since different individuals, governments, and businesses’ perceptions of cybercrime varies. Proponents of a standardized definition of cybercrime claim that the variations in defining the concept result in different responses to the offenses, hence guaranteeing leniency or acquittal to cybercriminals in some areas.
References
Cross, Michael, and Shinder, Debra L. (2008) Scene of the cybercrime. 4th edition. Burlington, MA, Syngress.
Finnie, T., Petee, T. & Jarvis, J (2010) The future challenges of cybercrime. Proceedings of the Futures Working Group, 5, 1-76.
Gordon, S., & Ford, R. (2006) On the definition and classification of cybercrime. Journal of Computer Virology, 2, 13-20.
Hoisington, M. (2009) Cyberwarfare and the use of force giving rise to the right of self-defense. Boston College International and Comparative Law Review, 32(2), 439-454.
Kierkegaard, S. M. (2005) Cracking down on cybercrime global response: the cybercrime convention. Communications of the IIMA, 5(1), 59-66.
Nagre, D. and Warade, P. (2008) Cyber Terrorism vulnerabilities and policy issues- “facts behind the myth”. Web.
Ngafeeson, M. (2010) Cybercrime classification: a motivational model. Web.
Parker, D. (1998) Fighting computer crime: a new framework for protecting information. Wiley, New York.
Rosiers, Nathalie, and Bittle, Steven (eds) (2004) What is a crime? Defining criminal conduct in contemporary society. Toronto, UBS Press.
Wall, D. (2007) Policing cybercrimes: situating the public police in networks of security within Cyberspace. Police Practice and Research: An International Journal 8(2): 183-205.
Wilson, C. (2007) Botnets, Cybercrime, and Cyberterrorism: vulnerabilities and policy issues for Congress. Congressional Research Service. Web.