Computers used for criminal activities of a financial nature are merely a means to an end. By this I mean that to this type of criminal the computer is just a tool with which to illegally access funds which otherwise would be completely unavailable. This apparently obvious statement becomes relevant when compared with the informational motivated computer criminal whose interest is primarily focussed upon the computer and its interaction with other computers. A large percentage of financial computer crime takes place within the boundaries of a legal occupation. Green (1990: 13) defines as occupational crime any act punishable by law which is committed through opportunity created in the course of an occupation that is legal . He specifies that the term legal occupation is necessary because without it the term occupational crime could conceivably include all crimes.
Occupational crime can include
INFORMATIONAL MOTIVE
It s as if big companies and their suck-up lawyers think that computing belongs to them, and they can retail it with price stickers, as if it were boxes of laundry soap! But pricing information is like trying to price air or price dreams. (Sterling1992:85)
The quest for information can be taken as a direct rebellion against those who wish to package and sell it. Richard Stallman identified this anti-authoritarian stance; when asked if he thought that some hacking was undertaken in a spirit of political rebelliousness he replied: I don t see a connection directly with abuse of power by governments, but abuse of power on a smaller scale by sysadmins (system administrators) seems directly relevant (Stallman: email interview). He emphasised as a contributory factor behind hacking the behaviour of grass-roots system managers and administrators, and he contended that it is not enough just to prosecute and/or fix holes that hackers draw attention to, because: neither of these would eliminate the motive for cracking. The way to do that is to stop the fascist behaviour which inspires blind resistance to stop treating disobedience as if it were evil (Stallman: email interview).
Hacking as a form of anti-bureaucratic rebellion can take both macro and micro forms (Taylor1999: 62). On a macro-level Steve Hardin argues, most law-abiding people fantasise about breaking the law big-time and getting away with it. We ordinary folk are intrigued by the little guy who beats the big corporations or governments (Hardin: email interview). The anti-authoritarian outlook of hackers that is needed as part of their free information ethos tends to encourage little empathy with governmental agencies.
“The public perception of people who break into computer systems, unfortunately, is that they are either geniuses or misguided kids showing off,” noted Eugene Spafford, Internet Security Expert and Professor at Purdue University, he also stated, “Nothing could be further from the truth. They are criminals, plain and simple.”
The 1960s saw the beginning triumph of computers, and in many Western countries it was realized that the collection, storage, transmission and connecting of personal data endangers the personality rights of citizens. Orwellian visions and the mistrust of the revolting youth of the late sixties inspired the discussion about the dangers of the “Big Brother”. However, today the old paradigm of the computer as an exotic instrument in the hands of the powerful became at the latest obsolete with the massive spreading of personal computers.
According to official statistics, data protection offences are only of limited importance today. The cases that became known show different degrees of endangerment: The misuse of “STASI” documents, i.e. the documents of the Ministry for State Security of the former GDR, or the possible blackmailing of AIDS-infected patients prove that in the information society of the 20th century, data protection has become a central matter of concern. The storing of information about defaulting debtors by credit investigation agencies or the transmission of data within criminal prosecution authorities also show, however, that the ascertainment of infringements of privacy in numerous cases depends on a difficult assessment and evaluation of conflicting principles: The underlying discussion on values does not only have to deal with the protection of privacy, but also with the freedom of information, which is the driving force of the cultural, economic and political development of an “open society”.
“Clear” infringements of privacy became known especially in the area of traditionally protected (also by criminal law) professional secrets, especially concerning official secrecy as well as the requirement of confidentiality for officials, doctors, lawyers and banks. Such data constituted the object of the offence in a South-African case, in which the offender – presumably through theft of magnetic tapes – obtained medical data of persons that had undergone an AIDS-test; the data were passed on to the employers of the persons affected.
Another clear case of infringement of traditional regulations on protection of secrets happened in 1989 when two employees of one of the biggest Swiss banks helped the French tax authorities to decode magnetic tapes containing customers’ data for a compensation of 500,000 FF.
In contrast, difficult problems on evaluation and assessment with regard to the ascertainment of infringements of privacy are illustrated by an Italian case. In 1986 IBM was accused that its security system RACF represented an inadmissible control over employees.
a) The term “computer hacking” traditionally describes the penetration into computer systems, which is not carried out with the aims of manipulation, sabotage or espionage, but for the pleasure of overcoming the technical security measures. In practice, this kind of offense can be frequently found. As far as damage is concerned, a differentiation must be made: In numerous cases, the attacked computer user is not actually harmed, but only endangered. Contrary to this, considerable damages occur in other cases especially when the perpetrators later use their knowledge for committing espionage and sabotage. In any case the “formal sphere of secrecy” or the integrity of the concerned computer systems is violated.
The most severe case of sophisticated “hacking” involved a group of German teenagers. They had managed to get access to various American computer systems and then sold the knowledge obtained in their data-journeys to the former Soviet secret service KGB. The case was discovered because one of the hackers sought help at the author’s former Bayreuth chair, and a deal was agreed on with the prosecution authorities: The hacker revealed his knowledge and the investigation against him was suspended. The case was of particular interest because information on new techniques of computer manipulation was revealed in the course of this proceeding. The resolving of this case confirms the effectiveness of a “self-revelation” for cases of hacking already called for before.
b) Recent developments of telephone and telecommunications technology have led to the fact that nowadays, hacking does not only affect classic computer systems but increasingly also telephone lines, answer-phones and voice-mail-systems. By using the “blue boxes” and signal devices described above, young “telephone hackers” dial themselves into the local telephone exchanges of the telephone company and are thus able to listen in on the digitally led conversations in the respective part of town. In the US, besides other confidential information, especially the numbers of telephone access cards (so-called calling cards) are listened in on, which are then resold. The digital ISDN-network and the combination of telephone and computer technology will make new forms of crimes possible in future.
An example for the new form of telephone hacking is a 1992 case: Young Germans penetrated into the speech computer of the Barclays Bank in Hamburg to which the clients of the bank reported the receipt of their credit cards including the corresponding secret personal identification numbers as well as announcements in case of loss or – by giving the respective secret number – when asking for an increase of their credit limits.
Legislation and Prosecution
Computer crime and criminal information law are relatively young phenomena. A first historical analysis indicates that each new development of computer technology was followed by a corresponding adaptation of crime as well as by legislative changes. A short overview – using the example of Germany – illustrates this adaptation of crime and information law to the new information technologies. It also indicates that this process started gradually at first, but then continued at an increasing pace:
- From the beginning of the 1950s computers were introduced in industry and administration to control routine processes. As late as 20 years after that time, the first cases of computer manipulation, computer sabotage and computer espionage became known. Only in 1986 did the German legislator react with the Second Act for the Prevention of Economic Crime.
- On the other hand, the mass processing of personal data in electronic data banks since the 1960s was soon regarded as a danger to privacy. In Germany, the first law that took this development into account was enacted in 1970.
- The open networks of the 1970s soon led to corresponding misuses in the form of “hacking”, which the Law Committee of the German Parliament could still consider in the Second Act for the Prevention of Economic Crime in 1986.
- The mass phenomenon of program piracy came along simultaneously with the spreading of personal computers in the 1980s, forcing the legislator to carry out different reform measures from 1985 onwards.
- The use of automated teller machines in the 1980s, too, was immediately followed by new ways of code card misuses, which already represented criminal offenses due to the reforms of the Second Act for the Prevention of Economic Crime.
- Today, electronic post services, mailboxes, ISDN as well as the development of close links between data processing and telecommunication are used by neo-nazi groups, perpetrators in the field of economic crime and organized criminals: Computer technology and telecommunication have not only become part of general life, but also of general crime. The changes that these new technologies caused in criminal procedural law do therefore not only concern traditional computer offenses, but all kinds of crime.
Conclusion
The criminological part of this paper has shown that the spreading of computer technology into most areas of life, especially the increasingly close relationship between data processing and data telecommunication technology, has made computer crime more diverse, more dangerous, and more international. The legal part of the article could trace back the multitude and the complexity of the resulting legislative reactions to six groups of problems and “waves” of reform: the protection of privacy, the fight against computer-related economic criminal law, the protection of intellectual property, the fight against pornography and other communication offenses, the reform of procedural law as well as new regulations concerning safeguard measures and the recognition of an electronic signature.
These developments of crime and the law are based on the underlying social changes and shifts of paradigms which will continue to exert crucial influence on our law in future:
- The emergence of the information society with its new objects of protection under criminal law,
- The changes of the risk society in which non-criminal measures deserve greater attention but in which measures of criminal law and criminal procedural law will also play an important role, as well as
- The growing together of the citizens in a “global society” in which new challenges can only be coped with by means of international cooperation.
These changes entail a loss of power of the classic national state both in favor of regional and supranational governmental organizations as well as in favor of multinational companies. Therefore, the effective protection of the citizen in the newly emerging information and communication society is only possible if these basic changes are considered and shaped positively. We need an intensified cooperation of national states and supranational organizations, new prevention and prosecution measures of information technology, as well as adequate control strategies of data protection law.
Bibliography
Coleman, J. W. (1994), The Criminal Elite The Sociology of White-Collar Crime (St Martins Press: London)
Punch, M. (1999), Dirty Business (Sage: London)
Ruggiero, V. (1996), Organised and Corporate Crime in Europe (Dartmouth: Aldershot)
Taylor, P. (1999), Hackers (Routledge: London)