Computer surveillance systems and practices

Computer Surveillance: Qualitative Attempt to Conceptualize Crime in the 21st Century

Purpose/Objectives/Theoretical Framework

Summary of Remaining Chapters

Computer Crime in a Digital Age

The Impact of the Net on Computer Surveillance

Networked Surveillance

Electronic Surveillance in the Workplace

Deterring Crime

Deterrance and Encryption Technology

Survey Population/Description of the Subject

Hypothesis Evaluation

The primary focus of this study is a qualitative exploration of the changing nature of crime related to computer surveillance. Specifically the aim of the study is to examine how advances in technology have facilitated computer crimes affecting both consumers and corporations. The extent to which computer surveillance crimes are becoming more insidious is explored, as well as any methods currently in use for deterring crime.

The author explores the nature of computer crime and surveillance in a comprehensive literature review, and combines the results of this examination with the information gained from surveying populations affected by computer surveillance. The conclusion of the study finds that the nature of crime is in fact changing in the face of technological advances. The author concludes that though criminal activity is becoming more prevalent and problematic thanks to advances in surveillance, there still exist few solutions and statistical reports with regard to deterring criminal activity.

Introduction

Computer crime is on the rise thanks to the advent of modern technology. As technology becomes increasingly sophisticated criminals are more able to facilitate devastating actions at the press of a button.

The aim of this research paper is to examine the changing nature of crime and discover the impact consumer surveillance has on consumers and businesses alike. The qualitative study proposed will also examine the extent to which advanced technologies are being exploited and used by criminals to facilitate illicit activity.

In addition to this, it will examine the extent to which businesses and consumers must increasingly face and be weary of illicit computer activities, and describe the impact such criminal activity has on privacy and personal interests.

Background of the Problem

Research suggests that the problem of computer surveillance is rapidly growing and should be considered a primary concern among governments internationally in the next several years (Shelley, 1998; Lyon, 2002; Campbell & Carson, 2002; Wibler, 2003). Despite the rise in criminal activity directly associated with computer surveillance, little progress has been made in the way of protecting consumers and businesses from crime resulting from computer surveillance.

Rationale

Trends have developed that go hand in hand with the advent of modern technology. As technology has afforded consumers and businesses the luxury of conducting business over the web, so too has it afforded criminals the opportunity to use computer surveillance to conduct more insidious and impacting crimes. Despite this, relatively few studies have actually been conducted that examine computer surveillance from a point of the changing nature of crime, with the intent of examining what if any methods can be developed to halt this pattern and invasion of privacy. This study will in part fill a void in relation to the research that has been conducted in this area.

Purpose/Objectives/Theoretical Framework

Better access to and control of access to communications technology is a growing trend in modern society, and with the advent of technological advances comes the need to discover better methods for protecting consumer and business privacy and information.

The aim of this thesis is a consideration of current theoretical approaches to computer surveillance in an attempt to understand the nature and extent of computer surveillance both in the workplace and in business (Shelley, 1998).

Computer surveillance will also be examined from the perspective of criminal activity and privacy rights.

A primary objective of the paper will be to assess changes in the nature of monitoring in recent years in addition to the impact computer surveillance has had vs. traditional surveillance methods. A qualitative study will be conducted in order to uncover trends and the implications of advanced technological incentives on computer surveillance activity. A qualitative study is most appropriate with regard to this subject, as an empirical or experimental examination would be impossible given the few available resources allocated to conducting a project of this scope. In addition, at this time there is limited information with regard to computer surveillance and statistics, due in part to a lack of cooperation between law enforcement agencies and technology firms who are consistently in competition to outperform one another (Shelley, 1998).

Research Hypothesis

The argument presented is that electronic surveillance has become more insidious in recent years, and the nature of crime is changing as a result.

Second to this, the researcher hypothesizes that as time progresses, the results of surveillance without appropriate checks and balances will be negative and severely impacting, both for individuals and corporations alike.

The study will seek to prove the point that a need currently exists for additional studies focusing on the impact of electronic surveillance on individual outcomes and productivity. Both workplace and consumer monitoring will be examined to determine complementary factors that might exist between the two.

Several forms of computer monitoring are common, including keystroke monitoring, electronic mail monitoring, entry and exit into buildings using smart cards and even product scanning systems which provide information about consumer purchases and merchandise (Bryant, 1995). For purposes of this study, a broad survey of computer surveillance techniques will be utilized.

Limitations

The author acknowledges that this study is limited in scope because of its qualitative nature and the current lack of information and statistics available with regard to computer surveillance. The author will attempt to overcome these limitations by surveying as broad a selection of research material available with regard to computer surveillance, and not limiting the study to one form or another of computer surveillance. This will help the researcher gather as much information as possible regarding the changing nature of computer surveillance crimes.

Summary of Remaining Chapters

Following this section, the paper will explore the research available with regard to computer surveillance, then discourse on the methodology used to collect additional information for purposes of this study, and subsequently draw conclusions from and discuss the data collected.

Literature Review

Overview

Whereas crime was once a local and regional matter, today crime and corruption are no longer "limited by geographic boundaries" and technology has in essence "redefined the nature of crime" (Shelley, 1998, p. 605). Crime exists in the form of computer surveillance, where access is controlled "by corporations that serve computer and telecommunications networks" and criminals that invade privacy pose "grave threats to the integrity of the world financial system, undermine the ability of states to protect their citizens, and are themselves a major threat to human rights" (Shelley, 1998, p. 605).

One of the problems of computer crime is that jurisdiction can't be exercised if the individual committing the crime has "no identity other than a computer network, which thanks to technologically innovation in the 21st century is not feasible" (Shelley, 1998, p. 605). Legal and law enforcement agencies have few effective and efficient methods for deterring cyber-criminals (Shelley, 1998).

Computer Crime in a Digital Age

The capacity of computer criminals to corrupt and undermine the quality of life of "millions of the world's citizens" through technology is virtually limitless (Shelley, 1998, p. 605). In fact, many citizens have gone as far as rendering themselves defenseless in the age of technology (Shelley, 1998). Facilitating interest in computer crimes are wire transfer, faxes and internet connections that move money (Shelley, 1998). Crime via computer can victimize virtually anyone. The primary form of criminal activity engaged in via computers is surveillance. Surveillance can be used to monitor keystrokes actions, record personal data and deter financials and other capital (Lyon, 2002; Shelley, 1998).

According to officials from the U.S. Department of Justice, "sophisticated computer techniques permit thieves to steal $10 billion annually from financial institutions" (Shelley, 1998, p. 605). International financial fraud is perpetuated through computer crime (Shelley, 1998).

How do computer criminals achieve such devastation? They often pose as legitimate businesses in search of large profits in highly competitive global markets (Shelley, 1998).

Prior to the advent of computer technology capital "had to be physically moved and valuables weren't easily traceable" (Shelley, 1998, p. 605). Now money flows through banks via wire transfers in minutes, thus larger amounts of transactions are occurring daily and increasing the risk for problematic encounters (Shelley, 1998). Criminal groups can use a variety of techniques "including transferring wires through several different countries" in order to cause difficulty for clients attempting to trace funds (Shelley, 1998, p. 605).

The Impact of the Net on Computer Surveillance

Thanks to modern technology and new advances on the web, each and every time a user logs onto the Internet an opportunity arises for computer surveillance. The use of the internet as a form of information exchange has rapidly expanded in recent years. According to Lyon (2002) using surveillance technology, anyone can track each and every click of the mouse, survey the web sites consumers visit and read personal email messages (p. 345). Surveillance technology also allows hackers and criminals to rifle through an individuals or a corporation's financial records and legal correspondence (Lyon, 2002).

Studies suggest that even "more "omniscient" technology is likely to be developed" in the near future (Lyon, 2002). Cookies were perhaps the first form of internet surveillance, developed in 1994 as a means for websites to track visitors logging in so they could provide more optimal service (Lyon, 2002). Now cookies have transformed the shape of communication and have further advanced the ability of criminals to survey individual user functions on the web.

The web is many things, an environment for "learning, conversing, coordinating and trading" but also "a means of trapping the unwary, of constraining the choices of the unsuspecting" (Lyon, 2002). From cookies web bugs developed, and increasingly other surveillance methods pop up daily. According to Lyons (2002) the web might be considered the "World Wide Web of Surveillance" (p. 345).

Lyons (2002) further defines surveillance as "processing personal data for the purposes of management and influence" and suggests that though ambiguous in nature, computer surveillance is constantly changing (p. 345).

Networked Surveillance

Networked surveillance or trading of names, email addresses and renting of lists that contain consumer information gathered from sites has in the past been considered relatively benign (Lyons, 2002). According to one leader at Sun Microsystems, most people "have zero privacy anyway, get over it" (Lyons, 2002, p. 345). But the problem has become more insidious.

Campbell & Carlson (2002) note that surveillance is often used as a "technique and technology of control" in a society best designed as focused on "information capitalism." (p. 586). In their study, Campbell & Carlson point out that surveillance technologies can be employed for such purposes as more effective and directed marketing and advertising online. Further they suggest that privacy has become a commodity that can be sold to anyone for any purpose at the right price (Campbell & Carlson, 2002).

According to Marx (2003), "the increased prominence of surveillance technologies is pulled by concerns over issues such as crime, terrorism, and economic competitiveness, and is pushed by newly perceived opportunities in electronics, computerization and artificial intelligence" (p. 369). Increased expectations of and protections for privacy have furthered interest in surveillance and even greater technological developments (Marx, 2003).

Marx (2003) also points out that there are many cultural beliefs that support "the legitimacy of surveillance" and notes phrases such as "I have nothing to hide" and "It's for my own good" as evidence to support this notion (p. 369). He goes on to conduct a study where he concludes that 11 forms of surveillance neutralization exist and that the majority of these are forms of 'resistance or noncompliance' (Marx, 2003, p. 369).

Electronic Surveillance in the Workplace

Another area where computer surveillance is increasingly a concern is in the workplace, though the implication for criminal activity in this regard is unclear according to the research available. More and more employees have reason to be concerned about surveillance and privacy issues as they find their employers have the ability to monitor their electronic activity more closely than before (Sinrod, 2001). Employers however argue that they have some valid reasons for monitoring.

According to statistics, a recent survey conducted by the American Management Association revealed that almost 80% of companies use some form of computer surveillance to monitor employee activities (Sinrod, 2001). Among the more common surveillance conducted includes surveillance of Internet use and email messages (Sinrod, 2001).

In certain states laws have been enacted that prevent employers from monitoring employee e-mail, as is the case in California (Sinrod, 2001). Employers however continue to rationalize their activity, noting that computer surveillance helps "combat personal use of the Internet during core business hours" (Sinrod, 2001).

Employers are also looking however to limit "defamatory statements" that employees may be making via electronic communications (Sinrod, 2001).

The issues of privacy rights violation however are legitimate. The primary legislative measure targeted toward electronic privacy in the workplace is the electronic communications privacy act, enacted in 1986, which bars the "intentional interception of any wire, oral or electronic communication, or the unauthorized access of stored communications" (Sinrod, 2001). This act is not without limitations however, and does allow monitoring under "appropriate circumstances" including allowing employers to monitor business calls and communications where employee consent has been acquired (Sinrod, 2001).

Other reasons cited for surveillance include an employee productivity issues, quality of work, employee theft, unlawful activity and other factors "potentially affecting productivity" (Johnson, 1995).

According to Bryant, there are some positions more likely to be monitored than others including: "word processors, data entry, telephone operators, customer service representatives, telemarketers, insurance clerks and bank proof clerks" (Bryant, 1995). Professional and technical workers are also monitored, and electronic mail surveillance of employee activities is common (Bryant, 1995). The exact number of employees affected by surveillance has not been recorded, but estimates suggests that as many as 20 million Americans alone are electronically surveyed while on the job, and that number has been estimated at as high as 26 million by others (Bryant, 1995).

Bryant cites Zuboff saying that a shift in computer surveillance in the workplace is occurring, where new computer systems not only monitor processes but also people, and mangers are now using computer surveillance as a method of recording behavioral history (Bryant, 1995). At what point does computer surveillance in the workplace become cause for concern? Can it even be considered a legitimate crime? What is clear is simply that the answer to this question is yet unclear in the minds of law enforcement agents, employers and employees alike.

Deterring Crime

Can computer crime resulting from surveillance actually be deterred? Computer surveillance crimes can be "committed anonymously from anywhere in the world at anytime," and according to some the consequences are "unprecedented" (Wible, 2003). To deter crime Wible (2003) suggests that traditional law enforcement methods must be altered, because computer crime requires "a new approach to thinking about deterrence" (p. 1577). To what extent these methods must be altered however remains a question to be answered.

Wibler (2003) suggests that computer crime may come in many varieties, including: online theft and fraud, vandalism and politically motivated activities, whereas 'hackers' generally want to break codes, seek challenges and gain bragging rights (p. 1577).

One school of thought is that a form of hacking called "look and see" where the hacker only attempts to get in to break a code and look around should be de-criminalized (Wible, 2003). Yet another method suggests that contests can be created to provide incentives for "law-abiding hacking" acknowledging this subculture yet maintaining individual's privacy (Wibler, 2003).

Up until this far most legislative action geared toward eliminating computer crime has proven largely ineffective... despite criminal penalties hackers in particular continue to intrude private networks (Wibler, 2003). Wibler's (2003) study suggests that contests may steer behavior away from unwanted intrusions while encouraging the hacker to remain competitive and work within his/her culture. Though Wibler's suggestions for deterring crime are interesting and cause one to think that crime may be addressed in an alternative way, they do not suggest solutions for more serious criminal activity. Those hackers interested in participating in contests are likely to be the least malignant of criminals and the least likely to impact consumers and businesses severely in the long-term.

Deterrance and Encryption Technology

In response to increased concerns over illicit computer surveillance, there has surfaced a rise in encryption technologies (Shelley, 1998). Is this the answer to deterrence?

Financial services industries are already required to secure any computerized transactions (Shelley, 1998). More sophisticated and more widely available technologies are consistently developed, and a trend is now forming toward "integration of robust digital encryption technologies into commercial desktop applications and networks" (Shelley, 1998).

There are however still many tools that computer criminals can use to seal electronic material or conceal illicit activity, "including anonymous re-mailers, where electronic messages can be forwarded without divulging sources," and a tool called steganography, where secret and innocuous data can be concealed (Shelley, 1998, p. 605). Part of the problem is countermeasures to prevent criminal activity are often very costly and technologically complicated, and thus far encryption technologies are not quite strong enough to prevent crime groups from accessing this technology and abusing it (Shelley, 1998).

Encryption can actually be used by criminals to avoid tracing criminal activities on the web (Shelley, 1998). Organized crime consistently uses computer surveillance to monitor international financial activities, and there is much evidence that suggests that crime groups have used encryption techniques to gain access to law enforcement and other protected information (Shelley, 1998). However there is not at this time enough information to assess accurately the extent to which encryption is growing and masking illicit activity, merely evidence to suggest that it is an area of growth among criminals (Shelley, 1998).

According to the FBI, there are at least 5,000 computer forensics cases each year, up to 10,000 and generally 5% involve encryption (Shelley, 1998). Business personnel suggest that 29% of computer crimes are unsolvable because they use encryption, whereas technology experts suggest that figure may be as high as 50% (Shelley, 1998).

Clearly better steps and efforts must be directed at better safeguarding encryption technologies. On the same token, researchers and law enforcement officials must continue to develop better and more advanced encryption methods to help ensure the safety and privacy of consumers and businesses conducting financial and other personal transactions over the web.

Methodology

Setting

The setting for this research study is a qualitative study that will explore the changing nature of crime through a synopsis of the literature and statistics available with regard to computer surveillance as well as an open ended questionnaire delivered to subjects on the topic of computer surveillance. For purposes of this study, a small population of individuals is selected at random and surveyed via use of internet technology, in order to facilitate the broadest number of responses. Survey respondents are allowed to reply to surveys anonymously, in order to facilitate as great a number of responses as possible.

The field work will take place in one of the nation's capital cities where the greatest number of people have access to the internet and high speed technologies, usually associated with increased surveillance and increased likelihood for criminal activity and abuse.

Research Instrument

For the fieldwork portion of this study, a questionnaire is developed consisting of 6 questions directly related to privacy and computer surveillance. The survey will provide open ended questions in order to limit personal bias and allow for the greatest amount of data and information to be collected from participants.

The survey will be distributed to willing participants via email. A cover sheet will accompany the survey to relay detailed instructions for answering questions. Subjects will have the option of providing demographic data.

Survey Population/Description of the Subject total of 50 surveys were mailed, with 1/4 going to consumers who access the internet regularly, 1/4 going to information technology specialists, 1/4 going to law enforcement officials and 1/4 going to the population at large.

The intent of the questionnaire is to uncover the extent to which the populations and designated officials believe that computer surveillance is a problem that impacts their lives, and to determine whether anyone has come to conclusions with regards to the manner in which crime can be reduced.

Hypothesis Evaluation

Hypothesis

The primary hypothesis presented is argument presented is that electronic surveillance has become more insidious in recent years, and the nature of crime is changing as a result.

Data/Analysis

The results of the literature review support the notion that electronic surveillance has enabled crime to increase with respect to technology. The research suggests that as technology continues to advance, corporations and individuals face new and changing threats from criminals that are using surveillance to gain information about financials, personal histories, and more (Lyon, 2002; Marx, 2003; Campbell & Carson, 2000).

The results of the questionnaires support this premise, with a majority of respondents noting that computer crime is on the rise, and more than 90% indicating they feel threatened by advances in technology that enable more sophisticated forms of computer surveillance. Particularly concern is expressed over protection of individual privacy rights and financial data.

The research also supports the notion that crime resulting from computer surveillance can take many different forms, whether keystroke monitoring or illegal transferring of capital. Study participants indicated fear that their livelihood and privacy is increasingly at risk as technology continues to advance but law enforcement programs and crime deterrent methods fail to keep up with changing times.

Hypothesis

Second to this, the researcher hypothesizes that as time progresses, the results of surveillance without appropriate checks and balances will be negative and severely impacting, both for individuals and corporations alike.

Data/Analysis

This hypothesis is supported from information from the literature review which acknowledges an increasing trend toward computer surveillance as a form of criminal activity (Lyon, 2002; Bryant, 1995; Wible, 2003; Marx, 2003). There is already a large body of research available acknowledging that almost no system of checks and balances exists with regard to computer surveillance with the exception of the corporate workplace.

Even in the workplace where a modified system of checks and balances is implied, survey respondents indicated that without a close and tight system of checks and balances, the potential for abuse is high. In addition, the results indicate that computer criminals are becoming more savvy and engaging in increasingly advanced forms of criminal activity including utilization of encryption technology to thwart law enforcement efforts (Shelley, 1998). There is at this time however, little suggestion for an effective method of checks and balances, and this might be an avenue for future study.

There is a large body of evidence according to the literature review that already exists supporting the premise that corporations are losing millions and billions of dollars from computer crimes already occurring (Bryant, 1995; Lyon, 2002; Marx, 2003). If computer criminals have already accomplished this, and little progress has been made in the way of law enforcement or even identifying true determinants, then one can only conclude that this trend will continue indefinitely.

Conclusions/Recommendations

Discussion

The results of this study clearly confirm the idea that the nature of criminal activity is changing thanks to advances in technology that have enabled more sophisticated computer surveillance. Crime is becoming more severe and more insidious as computer criminals gain access to increasingly sophisticated surveillance equipment and technologies. Criminals are also using encryption technologies, traditionally used to protect consumers, to prevent law enforcement agents from defeating their powerful organizations.