Digital Architecture as Crime Control

This paper explains how theories of realspace architecture inform the prevention of computer crime. Despite the prevalence of the metaphor, architects in realspace and cyberspace have not talked to one another. There is a dearth of literature about digital architecture and crime altogether, and the realspace architectural literature on crime prevention is often far too soft for many software engineers. This paper will suggest the broad brushstrokes of potential design solutions to cybercrime, and in the course of so doing, will pose severe criticisms of the White House\u27s recent proposals on cybersecurity. The paper begins by introducing four concepts of realspace crime prevention through architecture. Design should: (1) create opportunities for natural surveillance, meaning its visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering a private space; (3) build communities and avoid social isolation; and (4) protect targets of crime. There are digital analogues to each goal. Natural-surveillance principles suggest new virtues of open-source platforms, such as Linux, and territoriality outlines a strong case for moving away from digital anonymity towards psuedonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end design of the Internet. An understanding of architecture and target prevention will illuminate why firewalls at end points will more effectively guarantee security than will attempts to bundle security into the architecture of the Net. And, in total, these architectural lessons will help us chart an alternative course to the federal government\u27s tepid approach to computer crime. By leaving the bulk of crime prevention to market forces, the government will encourage private barricades to develop - the equivalent of digital gated communities - with terrible consequences for the Net in general and interconnectivity in particular

Online gambling and crime: a sure bet?

Despite a growing body of research that is exploring the deleterious social effects of online gambling, there has, to date, been very little empirical research into internet gambling and crime. This paper seeks to initiate discussion and exploration of the dimensions of crime in and around internet gambling sites through an analysis of the current literature on gambling online. The paper forms part of a wider study that seeks to examine online gambling related crime and identify appropriate legal, technological and educational frameworks through which to limit victimisation

Edging your bets: advantage play, gambling, crime and victimisation

Consumerism, industrial development and regulatory liberalisation have underpinned the ascendance of gambling to a mainstream consumption practice. In particular, the online gambling environment has been marketed as a site of ‘safe risks’ where citizens can engage in a multitude of different forms of aleatory consumption. This paper offers a virtual ethnography of an online ‘advantage play’ subculture. It demonstrates how advantage players have reinterpreted the online gambling landscape as an environment saturated with crime and victimisation. In this virtual world, advantage play is no longer simply an instrumental act concerned with profit accumulation to finance consumer desires. Rather, it acts as an opportunity for individuals to engage in a unique form of edgework, whereby the threat to one’s well-being is tested through an ability to avoid crime and victimisation. This paper demonstrates how mediated environments may act as sites for edgeworking and how the potential for victimisation can be something that is actively engaged with

Understanding the role of technology in the commercial sexual exploitation of children: the perspective of law enforcement.

This exploratory study was conducted to better assess how technology can be used in criminal investigations; it is important to get a better understanding of how technology is currently employed in child sex trafficking as well as the approaches and needs of law enforcement. 144 investigators from Internet Crimes Against Children (ICAC) Task Forces and affiliate agencies responded to an online semi‐structured survey, including 45 investigators with experience conducting investigations of the commercial sexual exploitation of children (CSEC) that involved technology. Participants included investigators working in local, county, and state law enforcement agencies in the United States. The discussion suggested a great deal of variation in perspectives and experiences surrounding the problem of CSEC and technology. Investigators were able to highlight both benefits and obstacles. Benefits included the availability of digital evidence instead of relying on personal accounts, the monitoring capabilities of police, and the ability to conduct extensive undercover operations. Obstacles tended to focus on financial concerns, the continual need for training and technical assistance, and the rapidly changing technological environment. Findings highlight the vast complexity and variability in these crimes. There is still quite a bit of the unknown when it comes to investigating CSEC – technology changes rapidly and avenues for marketing and communicating are vast. Continual education, training and technical assistance are central to investigators’ needs in this area

4chan and /b/: An Analysis of Anonymity and Ephemerality in a Large Online Community

We present two studies of online ephemerality and anonymity based on the popular discussion board /b/ at 4chan.org: a website with over 7 million users that plays an influential role in Internet culture. Although researchers and practitioners often assume that user identity and data permanence are central tools in the design of online communities, we explore how /b/ succeeds despite being almost entirely anonymous and extremely ephemeral. We begin by describing /b/ and performing a content analysis that suggests the community is dominated by playful exchanges of images and links. Our first study uses a large dataset of more than five million posts to quantify ephemerality in /b/. We find that most threads spend just five seconds on the first page and less than five minutes on the site before expiring. Our second study is an analysis of identity signals on 4chan, finding that over 90% of posts are made by fully anonymous users, with other identity signals adopted and discarded at will. We describe alternative mechanisms that /b/ participants use to establish status and frame their interaction

Shining a Light on Policing of the Dark Web: An analysis of UK investigatory Powers

The dark web and the proliferation of criminals who have exploited its cryptographic protocols to commit crimes anonymously has created major challenges for law enforcement around the world. Traditional policing techniques have required amendment and new techniques have been developed to break the dark web’s use of encryption. As with all new technology, the law has been slow to catch up and police have historically needed to use legislation which was not designed with the available technology in mind. This paper discusses the tools and techniques police use to investigate and prosecute criminals operating on the dark web in the UK and the legal framework in which they are deployed. There are two specific areas which are examined in depth: the use of covert policing and hacking tools, known in the UK as equipment interference. The operation of these investigatory methods within the context of dark web investigations has not previously been considered in UK literature, although this has received greater analysis in the United States and Australia. The effectiveness of UK investigatory powers in the investigation of crimes committed on the dark web are analysed and recommendations are made in relation to both the law and the relevant Codes of Practice. The article concludes that whilst the UK has recently introduced legislation which adequately sets out the powers police can use during online covert operations and when hacking, the Codes of Practice need to specifically address the role these investigative tools play in dark web investigations. Highlighted as areas of particular concern are the risks of jurisdiction forum shopping and hacking overseas. Recommendations are made for reform of the Investigatory Powers Act 2016 to ensure clarity as to when equipment interference can be used to search equipment when the location of that equipment is unknown

On the complexity of collaborative cyber crime investigations

This article considers the challenges faced by digital evidence specialists when collaborating with other specialists and agencies in other jurisdictions when investigating cyber crime. The opportunities, operational environment and modus operandi of a cyber criminal are considered, with a view to developing the skills and procedural support that investigators might usefully consider in order to respond more effectively to the investigation of cyber crimes across State boundaries

Secure web application development and global regulation

The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today’s global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled technology has instigated the development of local, national, and global efforts to regulate criminal activities on the World Wide Web. This paper makes two contributions. The first contribution is the high-level review of the United States and United Kingdom legislation that has developed from the escalation and integration of the World Wide Web into society. The second contribution is the support for the idea that legislative compatibility, in concert with an organization’s policy compatibility, needs to be acknowledged in secure Web application development methodologies