The mid-to-late 1990s was a time of considerable opportunity for virtual innovators. The share prices of the dot.coms shot through the roof and attracted “blue chip” investments, making the new virtual ventures seem all the more viable. During this period, value became firmly attached to ideas, rather than things, and for a few golden years the heightened market optimism confused the “virtual” with the “real”. A scenario emerged, reminiscent of Tulipmania in Holland during the seventeenth century (Moggach, 1999) and the South Sea Bubble in the early eighteenth. Widespread optimism over this ebullient market drove investment in ventures that were not only non-viable, but were not due to recoup for some considerable time. Furthermore, many of the assumptions about market growth and technological development which underpinned the stock valuations were themselves rather poorly founded. But this same optimism also drove further technological developments, and looked to make happen the original prophecy.

For years it seemed as though the virtual bubble could not – and would not – burst. The media recounted each wonderful episode of the development of the new technology, and each example of brave virtual entrepreneurship. But the prevailing mentality was such that if one was not on the virtual juggernaut then one was off it; and these times also generated great anxiety, because the uncertainty of the “new” technology shattered the comfort and familiarity of the “old”. Sensing a split in their audience between the believers and the agnostics, the media simultaneously ran cautionary tales of the future of things to come alongside the tales of technological and entrepreneurial heroism. In other words, the mid-to-late 1990s was also a great time for the cyber-soothsayers, who informed the public that using the Internet would make them vulnerable to new types of criminals; criminals who, rather ironically, were taking advantage of the very same qualities of the Internet that attracted the entrepreneurs and consumers. The public were left in no doubt that if the cyber-pornographers did not completely erode what was left of their existing moral fibre, then they would fall victim to cyber-terrorists, cyber-stalkers, cyber-fraudsters, etc. These fears were intensified by the global concerns over the Y2K “Millennium Bug”, a simple design fault in PC operating systems which, it was predicted, would cause the collapse of key installations within national infrastructures.

The turning point came upon the chime of the first stroke of the new millennium midnight. It became immediately apparent that the Four Horsemen of the Virtual Apocalypse were not riding that night; nor did they ride on any other night since, and neither the anticipated “Electronic Pearl Harbor” (Smith, 1998) nor the “cyber-tsunami” and its accompanying global meltdown occurred. The moment of silence was filled with the familiar crime SNAFU: property was still being stolen, individuals were still at personal risk from assault, motorists still drove too fast. From that time onwards the hot wind of change gradually transformed into the cool breeze of realism, and the dot.com bubble began to develop a slow puncture. However, this deflation should not be interpreted as a demonstration that the Internet fails to live up to expectations; rather, it illustrates that we are simply coming to terms with the phenomenon of cyberspace, and that we are acquiring a much more realistic understanding of its impact. Consequently we should not underestimate the potential harm of cybercrimes or play down the importance of the need to understand them, especially within their individual contexts.

As the virtual fog begins to lift, it is apparent that these are still early days in the lives and times of cyberspace. A growing body of literature about various aspects of cybercrime is emerging, and there are a number of books which use the rubric. Some of these are useful,¹ others are not. I hope that the present volume builds upon and further develops the foundations laid by the useful works. Not only does it seek to add to our understanding of cybercrimes, but it gives those understandings some perspective by further mapping out the terrain, and also by adding analytical depth and, where possible, a theoretical framework that will provide a basis for further study.

The first part of this introductory chapter briefly identifies the various harmful behaviours that we currently understand to be cybercrimes, at how they impact and in what ways and upon whom, in order to suggest a framework for understanding them. The second part identifies some of the problems and pitfalls that criminologists will encounter when they engage with the subject. The third part outlines the structure of the collection and locates the chapters within it.

In a rather contradictory way, the term “cybercrime” does not actually do much more than signify the occurrence of a harmful behaviour that is somehow related to a computer. It has no specific referent in law, and it is a concept that has been largely invented by the media. Yet, despite the rather unsystematic attempts to define it, the term nevertheless regularly invokes a knee-jerk response from the media, policymakers, politicians, academics and the public alike. Like sticky paper on a shoe, it is a term that cannot be easily shaken off and dismissed as it has quickly become absorbed into popular parlance; and, whilst it has no specific meaning, it signifies a range of activities and has considerable currency. So it is our job as criminologists to understand the behaviours that it describes and to assist the understanding of others. But what are cybercrimes? Are they that important? And if they are important, then what qualities do they possess to generate such concern? Finally, how do we understand them? How can we put them into perspective? The following paragraphs suggest that we need to distinguish between the different levels of their impact, but also that it makes sense to look at cybercrimes in terms of the type(s) of behaviour and impacts that they represent.

The Internet has impacted upon criminal and/or harmful activity in three main ways – this is after discounting the fact that many of the behaviours that have been identified as cybercrimes are not actually crimes as such but invoke civil remedies instead (Wall, 2000a). First, the Internet has become a vehicle for communications which sustain existing patterns of harmful activity, such as drug trafficking, and also hate speech, bomb-talk, stalking and so on. Newsgroups, for example, circulate information about how to bypass the security devices in mobile telephones or digital television decoders (Mann and Sutton, 1998; Wall, 2000b). Second, the Internet has created a transnational environment that provides new opportunities for harmful activities that are currently the subject of existing criminal or civil law. Examples would include paedophile activity, and also fraud. Third, the nature of the virtual environment, particularly with regard to the way that it distanciates time and space (Giddens, 1990: 6), has engendered entirely new forms of (unbounded) harmful activity such as the unauthorized appropriation of imagery, software tools and music products, etc. Indeed, at the far extreme of this third category, the transjurisdictional, contestable and private nature of some of the harms indicates a scenario where there exists new wine, but no bottles at all! It is important, therefore, to disaggregate these three levels of impact because they each invoke different policy responses and require quite different bodies of understanding. Cutting across these three levels, or depths, of impact lie four broad areas of harmful activity which are currently raising concerns (see Wall, 1999, 2000a).

Each of the following four areas of harmful activity illustrates a range of activities and behaviours rather than specific offences, reflecting not only bodies of law, but also specific courses of public debate.

“(Cyber)-trespass”, or hacking/cracking, is the unauthorized crossing of the boundaries of computer systems into spaces where rights of ownership or title have already been established. Computer hackers played an important role in the early stages of the conceptual development of the Internet, combining high levels of specialized knowledge to test out and develop new ideas with a staunch ethical belief in freedom of access to all information. Initially they were applauded as a celebration of the genius of youth and the pioneering spirit of America (Chandler, 1996: 229), but they have subsequently become demonized (Chandler, 1996; Duff and Gardiner, 1996; Ross, 1990; Sterling, 1994; Taylor, 1999; Jordan and Taylor, 1998). Although a distinction is increasingly being made between the principled trespasser (the hacker) and the unprincipled trespasser (the cracker), their skills and beliefs are now commonly regarded as a major threat to the interests of those who are attempting to effect monopoly control over cyberspace: namely commerce and the state. It is because of this ideological baggage that the term “cyber-trespasser” is used here instead.

When the range of cyber-trespassers is examined it is found that they clearly represent a spectrum of qualitatively different types of behaviour. In its mildest form, cyber-trespass is little more than an intellectual challenge resulting in a harmless trespass; at its worst it is full-blown information warfare (Szafranski, 1995: 56). Four basic types of cyber-trespasser can be identified from the literature. Young (1995: 10) distinguishes between utopians who naively believe that they are contributing to society by demonstrating its vulnerabilities,² and cyberpunks who are aggressively anti-establishment, and who intentionally cause harm to targets which offend them. In addition, two further types of cyber-trespassers can be identified: the cyber-spy and the cyber-terrorist. The practical distinction between the groups is often blurred because cyber-spies and cyber-terrorists must by definition be expert crackers in order to be able to gain access to sites. Most acts of cyber-trespass probably fall between these extreme positions.

“(Cyber)-deceptions/thefts” describes the different types of acquisitive harm that can take place within cyberspace. At one level lie the more traditional patterns of theft, such as the fraudulent use of credit cards and (cyber)-cash, and a particular current concern is the increasing potential for the raiding of on-line bank accounts as e-banking becomes more popular.

Credit card frauds over the Internet arise from the fraudulent use of appropriated credit cards to buy goods over the Internet from the many virtual shopping malls and auction sites. In common with telephoned transactions, the cyber fraudster does not need to have the actual credit card in order to shop over the Internet; only the card number and expiry date, together with the name on the card and a delivery address, are required. All are details that can be obtained from, for example, a discarded credit card voucher.³

The cyber-cash concept is developing rapidly and, while its developers envisage the eventual establishment of a self-contained monetary system within cyberspace, current concepts of cyber-cash are linked to the use of smart cards which are loaded with electronic cash equivalents at specific banking points. Such points of access will eventually be available through the Internet. At the time of writing, six or more major banks in the UK had undertaken, or had been represented in, trials of cyber-cash facilities (AAP Newsfeed, 1998).⁴ Whilst the security potential for cyber-cash is considerably greater than conventional cash, especially when transactions are accompanied by a personal identification number, it is highly likely that the illegal reproduction of cybercash credits will quickly become a challenge for offenders.

At another level is cyberpiracy, which is the appropriation of new forms of intellectual property that have been created or popularized within cyberspace.⁵ It is the computer programme, expressed in the form of a digital code, that generates, through a computer system, “virtual products”, such as images, music, office aides or interactive experiences – to name but a few. The appropriation of these “virtual products”, or of the programme itself, does not “permanently deprive” the owner of their use (Smith and Hogan, 1999), which is one of the legal definitions of theft. Thus, piracy is becoming an increasingly challenging type of cybertheft as it is causing us to reconsider our understanding of property and also of the very act of theft itself.

It will be remembered that one of the distinguishing characteristics of cyberspace was the fact that monetary values are attached to ideas rather than to objects. In parallel to the growth of the Internet has been an increase in the number, complexity and application of intellectual property laws relating to trademarks, copyright, patents and – in the USA – privacy and publicity laws (Boyle, 1996; Madow, 1993; Wall, 1996; Vagg, 1995). When cyberspace and intellectual property laws intersect they become a powerful force, especially during a time when, as Baudrillard observes, economic activity has come to be the outcome rather than the cause of cultural values and norms (Vagg, 1995: 87; Baudrillard, 1988). Importantly, the fact that productive ideas can now be effected without the need for the modes of physical production means that the monetary value of those ideas is further increased. Therefore, these various forms of intellectual property, especially trademarks, domain names and character merchandise, are becoming, so to speak, its “real estate”. So the terrain of cyberspace becomes pockmarked by the struggle for control over this “intellectual” real estate. This development raises concerns about the proliferation of legal activity involving intellectual property law and the potential emergence of unjust power imbalances (Boyle, 1996). More specifically, the establishment of monopoly control through law enables those in control to further determine where the boundaries between desirable and undesirable behaviours will lie.

There are two, related strands of this type of piracy. The first is the counterfeiting of products such as toiletries, designer labels and character merchandise, which is becoming a rapidly expanding business and which tends to exist on the peripheries of cyberspace, using the Internet as a distribution network. The second variant of cyber-piracy/theft (that of stealing intellectual properties) is quite different and finds the boundaries between criminal and civil law extremely blurred. It is where owners’ interests in their properties – for example, in images, trademarks, texts, music⁶ or general character merchandise – are threatened by theft or by their release into the public domain of the Internet. The main threat to the owner is the dilution of their control over their intellectual property. The term “dilution” is used in intellectual property law to describe the reduction in value caused by unrestricted use. The threat of dilution is therefore used to justify the continuation of legal control,⁷ even though the appropriation of a property may not necessarily be motivated by the prospect of financial gain, but for artistic or moral reasons.⁸

“(Cyber)-pornography/obscenity”, as the term suggests, is the publication or trading of sexually expressive materials within cyberspace. The cyberporn/ obscenity debate is very complex because pornography is not necessarily illegal. The test in the UK and many other jurisdictions is whether or not the materials are obscene and deprave the viewer, but there are considerable legal and moral differences as to what are the criteria that enable law enforcers to establish obscenity and depravity. In Britain, for example, individuals daily consume images through the various facets of the mass media that might be classed as obscene in some Middle-Eastern countries.

The role of pornography in the Internet’s career has been contradictory. On the one hand, it has probably scared many people, particularly concerned parents, from using it to its full potential. On the other hand, it was pornography that got people, mostly men, interested in the Internet; and though it was this interest which created a market for pornography, it also drove the devel...