Internet and Computer Crime: System Architecture as Crime Control
Center for Advanced Studies Working Paper No. 03-2003
11 Pages Posted: 26 Apr 2005
Date Written: February 2003
New technologies provide new opportunities and new potentials. Technological developments, however, do not determine human fates; rather, they change the constraints within which people act.
The global reach of the Internet, the low marginal cost of online activity, and the relative anonymity of users have changed the balance of forces that have previously served to keep in check certain undesirable behaviors in the physical world. These characteristics of cyberspace have lowered the cost of perpetrating undesirable behavior by eliminating certain barriers to entry, lowering transaction costs and reducing the probability of getting caught. In addition, these characteristics make traditional enforcement strategies, particularly identifying and apprehending perpetrators after they commit online crime, both less effective and more expensive. At the same time, however, other characteristics of cyberspace provide new opportunities to control illegal acts. Unlike in the physical world, in cyberspace certain readily identifiable third parties - Internet service providers (ISPs) - have exclusive technical control over the infrastructure through which most illegal online behavior is carried out.
Thus, one strategy for controlling online behavior is to impose some responsibility on such third parties in order to control user misconduct before illegal acts are committed or to help identify and apprehend criminals after the fact. In other cases, the same logic can be applied to second parties - that is, victims of online crime who control the systems on which crime is committed - and legal responsibility to encourage optimal victim behavior can also be employed.
The purpose of this paper is to briefly examine the rationale and opportunity for online crime control through system architecture by imposing certain technical responsibilities on victims and implicated third parties. In particular, we examine affirmative obligations for ISPs to report criminal activity and retain data, and for victims to employ some minimal level of technical protective measures. In addition, we briefly discuss tort-based mechanisms to encourage both victims and third parties to adopt reasonable technical measures to prevent illegal behavior.
Keywords: online crime control, cybercrime, internet service provider liability, Internet regulation, information system architecture
Suggested Citation: Suggested Citation