When Cyberbullying Becomes Cybercrime-and-Punishment

July 25, 2011

When two girls, age 11 and 12, decided to cyberbully a former friend, you can be sure they didn’t expect to be hauled up on criminal charges, but that’s exactly what their malicious behavior earned them.

Many tweens and teens are shocked to discover their cyberbullying actions constitute crimes and that they may face the full consequences of the legal system as well as any punishment meted out by schools or family.

It comes as an additional shock for tweens and teens to learn that though they are minors with sealed criminal records, the internet handily circumvents that nuance if so much as one person outs their name on a social site – a risk that has been heightened by the FTC’s approval of Facebook activity inclusion in background checks. Convictions do not enhance the bright future a cyberbully may hope to have; it’s not exactly something anyone wants to include when answering the ever present question on work, school, and loan applications of “have you ever been convicted of a crime?”

In the case mentioned, the Seattle times reports that:

“…the 12-year-old girl posted sexually explicit photos and messages on a 12-year-old classmate’s Facebook page was given a six-month suspended sentence for cyberstalking and first-degree computer trespassing.

The case against the girl will be dismissed if she stays out of trouble for six months and follows other regulations, such as not contacting the victim and avoiding alcohol and drugs. Earlier, a co-defendant in the case, an11-year-old girl, was sent to the Juvenile Court Diversion Committee, which will order her to complete community service.

According to the charges, the two girls used the victim’s password information to post sexually explicit content on her Facebook page. They also instant-messaged “random individuals” under the alleged victim’s name to arrange sex acts, Issaquah police said.

Prosecutors said the victim had been at the home of one of the defendants in early March when she logged into Facebook. Leslie’s password information was somehow stored on the girl’s computer.

After the girls had a falling-out, the defendants used Leslie’s password to access her Facebook page “with the intent of embarrassing and tormenting the victim,” police said.”

For many kids and adults, the reality of criminal repercussions may be the best deterrent

I was asked to comment on that case, as was King County sheriff’s Capt. Michelle Bennett, a national expert on bullying and electronic harassment. Later, in a conversation between us, Bennett articulated a critical point in messaging and teaching about cyberbullying. While some youth will refrain from cyberbullying out of empathy and their own sense of decency, far more are likely to think twice when they realize the possibility of criminal prosecution accompanies their acts.

She suggested that the vast majority of youth (and adults) are not aware of how quickly their actions become criminal, and that effective cyberbullying messaging needs to include this component – particularly as more states are stepping up with stricter laws to protect victims of cyberbullying.

I think Bennett is spot on. While teaching empathy and understanding are key components of cyberbullying education, there is a percentage of youth for whom this simply won’t matter. They know damn well that their actions are mean – that was their whole intent. Of far more interest to these youth is self-preservation; they are far less likely to cyberbully when they understand the consequences they may face. We cannot overlook the teaching of this aspect when educating youth – or adults.

Yesterday I used this news story in a presentation with a hundred teen girls. To say they were shocked to discover it was criminal is an understatement.

Laws are catching up to cyberbullies

With the passing of electronic impersonation laws, cyberstalking and first-degree computer trespassing laws, misdeeds are catching up with cyberbullies. If you or your child has been the victim of cyberbullying, these laws may bring welcome relief – and justice. If you or your child is a cyberbully you/they may have already broken the law and may face misdemeanor, gross misdemeanor, or felony charges that will stick with you for the rest of your life, and are likely to stick with your child for the rest of their life as well.

Check the laws in your state to see exactly how much trouble cyberbullies may find themselves in, and expect that additional laws will be passed. Here is a sampling of laws today:

  1. A person is guilty of computer trespass if the person, without permission, deliberately gains access to another person’s computer system under without intending to commit additional crimes. (A gross misdemeanor)
  2. A person is guilty of computer trespass if the person, without permission, deliberately gains access to computer system with the intent to commit another crime (A class C felony)
  3. A person is guilty of cyberstalking if he or she, with intent to harass, intimidate, torment, or embarrass any other person, makes an electronic communication to such other person or a third party:
    1. Using any sexual, indecent, or obscene words, images, or language, or suggesting the commission of any sexual act; (a gross misdemeanor)
    2. Anonymously or repeatedly makes contact whether or not conversation occurs; or (a gross misdemeanor)
    3. Threatens to injury on the person or property of the person called, or any member of his or her family or household. (a gross misdemeanor)
  4. A person is guilty of cyberstalking if he or she, with intent to harass, intimidate, torment, or embarrass any other person, makes an electronic communication to such other person or a third party if:
    1. The perpetrator has previously been convicted of the crime of harassment with the same victim or a member of the victim’s family or household or any person specifically named in a no-contact order or no-harassment order (A class C felony)
    2. The perpetrator threatens to kill the person, or any other person. (A class C felony)
  5. A person is guilty of impersonation if they knowingly and without permission impersonate another actual person through or on an internet website or by other electronic means with the purpose of harming, intimidating, threatening, or defrauding another person. This includes opening an account or profile under the actual person’s name. (A misdemeanor)

The days of malicious online actions without repercussions are ending, and the internet will be a better place for it.

Linda

Comments Off | Linda's Blog | Tagged: , , | Permalink
Posted by Linda Criddle

Consumers Doubt Private Enterprise Can Reduce Cyber Crime

October 8, 2010

Almost 40% of business professionals polled by Deloitte during a recent cyber crime prevention webcast  were “not confident” that private enterprises have sufficient controls in place to minimize the occurrence of cyber crime.

In fact, the poll showed a fairly even split among respondents belief that their regarding organization was likely to experience an electronic security breach in the next 12 months. According to the results, 41.7% believed it was “likely” or “extremely likely” that an electronic security breach would occur in this time frame, while 38.4% indicated it was “unlikely” or “extremely unlikely.”

“Based on the results of this poll, it appears that many organizations are leaving themselves vulnerable to cyber crime because there might be a false sense of security, or perhaps even complacency,” said John Kula, director in the forensic & dispute services practice of Deloitte Financial Advisory Services LLP. “Many organizations are failing to recognize the prevalence of cyber crimes in their IT environments and consequently could be misallocating limited resources to lesser threats.”

As sobering as these views are, they appear to be quite accurate.

In  a study by Verizon and the Secret Service released in August, investigative experts found, as they did in the company’s prior data breach reports, that most breaches were avoidable if security basics had been followed. Only 4% of breaches assessed required difficult and expensive protective measures.

The 2010 report concluded that being prepared remains the best defense against security breaches. For the most part, organizations still remain sluggish in detecting and responding to incidents. Most breaches (60 percent) continue to be discovered by external parties and then only after a considerable amount of time.  And while most victimized organizations have evidence of a breach in their security logs, they often overlook them due to a lack of staff, tools or processes.

“Cyber crime innovation and techniques have outpaced traditional security models. That’s what makes it so important to gather intelligence data internally and externally to understand the threats, and then to act on that intelligence”, said John Clark, partner in the security & privacy services practice of Deloitte & Touche LLP. “If companies don’t have the tools in place to be informed and to prevent breaches, it could lead to significant risks, potentially leading to financial losses, regulatory issues, and a loss of client and public confidence.”

Where legislation can help

Consumers have little influence on whether companies step up to basic security precautions, so in spite of my reluctance to suggest legislative solutions, this may be one area that could benefit by new regulations. These regulations need to hold companies clearly accountable to better protect the consumers they serve by strengthening their technical security, implementing training and procedures to reduce the risk of breaches, effectively testing their systems for potential risks in an ongoing manner, and swiftly reporting breaches that do occur. Legislation could also provide a watchdog service that identified for consumers how various companies and services ranked to facilitate informed consumer decision making.

As consumers, we need to remove our business – and our information – from sites with poor safety, privacy and security track records and shift to companies that maintain appropriate security hygiene.

Cyber Security isn’t just a Corporate issue

Every consumer has a role to play in their own cyber security, and in the cyber security of the larger internet ecosystem. Every time a user fails to install adequate security software, or fails to update that software, they invite criminals to use their machine. They may use your computer to harm you, and/or they may use your computer as part of a botnet to spam others, spread malware, crash servers through denial of service attacks, or steal your contacts lists to help socially engineer scams against others.

To do your part as a digital citizen, it is essential that you ensure your computers and internet connections are secure with proactive protection software that automatically updates; that you use strong, unique passwords and you keep them private; and that you learn to avoid socially engineered exploits. It also means that every family member and/or anyone else who uses your computer(s) follow the same security rigor.

  1. Secure your computer. If your computer isn’t protected from Trojans, viruses and other malware your financial information and passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, there are several free services.
  2. Secure your Internet connection - make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here.
  3. Use strong passwords. A weak password is all it takes for someone to steal it. If you use the same password on multiple sites (or everywhere) you are asking for real trouble. Passwords do not have to be hard to remember, just hard to guess.
  4. When searching, Do NOT assume sponsored sites are safe. Because I use McAfee Site Advisor (it’s free), I see a warning notifying me of the risk. Without a tool like this, you have no way of judging if the site is legitimate or going to give you malware, spam, etc… There are other companies offer similar services; pick one and use it!
  5. Trust is Key. Know the Site. Know the User. Know the Company. Misplaced trust will land you in a world of trouble.
    1. You can no longer assume that links within trusted sites are safe. IBM’s research highlights the increase in malicious content placed on trusted sites.
    2. Be cautious and stay in the driver’s seat. Instead of clicking on a link, copy the URL into a search engine query and look at the results. Does the site have a positive safety rating? Don’t be pulled by links that may or may not take you where you want to go. This is particularly true with ‘shortened’ or ‘mini’ links used on sites like Twitter. If you do now have 100% confidence that the link is going to take you to a legitimate site, look up the material yourself.

There is a battle being waged for control online. Criminals want the status quo, we need to drive for change.

Linda

Comments Off | Linda's Blog | Tagged: , , , | Permalink
Posted by Linda Criddle

Follow

Get every new post delivered to your Inbox.

Join 1,753 other followers