page offers perspectives from government, business and
It covers -
In considering security and crime on the internet we can
identify activity that affects one or more of the four
physical infrastructure - the communications links (much
of which predate the net) such as copper wire, wireless
and optic fibre, the switches and devices such as personal
computers, mobile phones and servers
logical layer - connecting the physical infrastructure,
eg Internet Protocol (IP)
applications layer, eg web browsers
the monster under the bed
The collection of essays in Cybercrime: Law Enforcement,
Security & Surveillance In The Information Age
(London: Routledge 2000) edited by Douglas Thomas &
Brian Loader offer a concise, thoughtful introduction
to issues and technologies, including privacy, encryption,
hacking, anonymity and infowar. It is complemented by
the Australian Institute of Criminology 2007 report on
The future of technology-enabled crime in Australia
Information Security Management: Global Challenges
in the New Millennium (Hershey: Idea 2001) edited
by Gurpreet Dhillon, Cyber-Threats, Information Warfare
& Critical Infrastructure Protection (Westport:
Praeger 2002) by Anthony Cordesman, The Law &
Economics of Cybersecurity (Cambridge: Cambridge
Uni Press 2006) edited by Mark Grady & Francesco Parisi
and Security and Usability (Sebastopol: O'Reilly
2005) edited by Lorrie Cranor & Simson Garfinkel are
The Hundredth Window: Protecting Your Privacy and Security
in the Age of the Internet (New York: Free Press
2000) by Charles Jennings & Lori Fena is a crisp overview
of dangers and what you can do about them. The authors
were among the founders of industry group TRUSTe
whose performance is questioned elsewhere on this site;
Fena has been a president of the Electronic Frontiers
Other introductions include Digital Crime & Digital
Terrorism (Upper Saddle River: Pearson Education
2006) edited by Robert Taylor
Secrets & Lies: Digital Security In A Networked World
(New York: Wiley 2000) by Bruce Schneier is an engaging,
clearly-written introduction to security mechanisms, policies
and risk assessment. It's strongly recommended. Schneier
is a leader thinker about network security; his Applied
Cryptography: Protocols, Algorithms and Source Code in
C (New York: Wiley 1995) is a detailed primer.
Trust & Risk In Internet Commerce (Cambridge:
MIT Press 2000) by L Jean Camp is a useful study of perceptions
of risk online, regulatory frameworks and technologies
such as encryption. Like Schneier's Secrets it's
an essential read. We recommend reading in conjunction
with Joseph Reagle's thesis, identified on the preceding
page of this guide. It is more up to date than The
Global Internet Trust Register (Cambridge: MIT Press
1999) edited by Ross Anderson, Fabien Petitcolas, Bruno
Crispo et al - a PDF
version of the 1998 edition is available.
Risky Business - Protect Your Business From Being Stalked,
Conned or Blackmailed on the Web (New York: Wiley
1998) is a plain-English overview by Daniel Janal of Upside
We are impressed by Hacking Exposed (New York:
McGraw-Hill 1999) from Stuart McClure, Joel Scrambray
& George Kurtz and by Dieter Gollmann's Computer
Security (New York: Wiley 1999).
An introduction to the extensive but uneven literature
on surveillance issues and technologies is here.
what is cybercrime
The Commonwealth government has recently released
a discussion paper
on computer-related offences as part of the Model Criminal
Code project that seeks to encourage uniform treatment
of offences across Australia's state, territory and national
Earlier this year the cybercrime
unit in the US Department of Justice released a useful
on The Electronic Frontier: The Challenge of Unlawful
Conduct Involving the Use of the Internet.
Like its 1997 report
on The Availability of Bombmaking Information,
the Frontier document provides a perspective on
online v offline behaviour and enforcement. The Justice
Department has also released a report
on Cyberstalking: A New Challenge for Law Enforcement
For a walk on the wild side we recommend the 1999
RAND Countering The New Terrorism study,
one of the best of recent US reports on information
warfare and cyberterrorism, and its November 2001 successor
on Networks and Netwars: The Future of Terror, Crime,
and Militancy edited by John Arquilla & David
Ronfeldt. The Cold War is over, on to the war of bits
Jean Guisnel's Cyberwars: Espionage on the Internet
(Cambridge: Perseus 1999) and is more alarmist; there
is tart questioning in Andrew Ross' Strange Weather:
Culture, Science & Technology in the Age of Limits
(London: Verso 1991). The latter for us is more persuasive
than the breathless Safe: The Race to Protect Ourselves
in a Newly Dangerous World (New York: HarperCollins
2005) by Martha Baer, Katrina Heron, Oliver Morton &
Evan Ratliff - the arrogance of characterisation of the
"newly dangerous" world is equalled by the naivety
in acceptance of some 'solutions'.
Infowar has a discussion forum and media service about
infowar and security concerns, albeit with little critical
The Institute for the Advanced Study of Information Warfare
includes an exhaustive online bibliography. Mathew Devost's
Information Warfare: Can You Trust Your Toaster?
is a short example of the rash of recent academic publications.
(Our fridge is the device
we worry about and of course we won't be connecting
it to the web)
George Smith, in An Electronic Pearl Harbour? Not Likely,
a more solid article
for the Federation of American Scientists' Issues
in Science & Technology, assesses political hype,
financial self-interest and technological reality in recent
US debate about 'cyberwar'. The FAS has an excellent collection
of links on infowar, security and hacking.
US guru Dorothy Denning's
homepage has a large collection of papers and links. Her
Warfare & Security (New York: Addison-Wesley
1999) is a lucid introduction to computer security.
Simson Garfinkel's Web Security & Commerce
(Sebastopol: O'Reilly 1997) and Secrets & Lies:
Digital Security In A Networked World (New York: Wiley
2000) by Bruce Schneier are useful starting points.
The Forum on Risks to the Public in Computers &
Related Systems (RISKS),
under the auspices of the Association for Computing Machinery
(ACM), has a wealth of information about dangers.
Australia's National Electronic Authentication Council
released two reports - Legal liability and e-transactions
and E-commerce security - that include recommendations
for developing B2B ecommerce.
NEAC was established in 1999 by the Commonwealth Government
to oversee the development of a national framework for
the electronic authentication of online transactions-providing
advice to government, industry and consumers on authentication
issues and encouraging the development of relevant standards.
Legal liability & e-transactions is a scoping
study about the legal liability of electronic authentication
transactions. It identifies and assesses liability issues
in the use of various electronic authentication systems,
particularly public key infrastructure (PKI).
E-commerce security is a scoping study covering
the standards and authentication technologies used to
secure electronic transactions.
the digital apocalypse?
Cyberwars: Espionage on the Internet (Cambridge:
Perseus 1999) by Jean Guisnel is another call-to-arms
by a science journalist with links to the French intelligence
All very exciting, but you might get more value from the
Web Security Handbook (New York: Wiley 1997) by
Avi Rubin, Dan Geer & Marcus Ranum. Ranum's site
is of value. Netspionage: The Global Threats To Information
(London: Butterworth 2000) by William Boni & Gerald
Kovacich is a slightly less breathless version of Guisnel.
Peter Grabosky & Russell Smith's Crime in
the Digital Age: Controlling Telecommunications &
Cyberspace Illegalities (New Brunswick: Transaction
1998) and Cyber criminals on trial (Cambridge:
Cambridge Uni Press 2004) by Grabosky, Smith & Gregor
Urbas consider theft of services, information piracy,
extortion, electronic money laundering,
fraud and other crimes. There is a more succinct statement
in Peter Grabosky's paper
on Computer Crime: A Criminological Overview. A range
of perspectives are provided by papers in Crime &
the Internet (London: Routledge 2001) edited by David
Our Privacy guide includes
detailed references for studying online personal and commercial
data protection. Simson Garfinkel's Database Nation:
The Death of Privacy in the 21st Century (Sebastopol:
O'Reilly 2000) is somewhat overblown but worth reading.
Warnings of the 'death of privacy' come in Reg Whitaker's
overheated The End of Privacy: How Total Surveillance
Is Becoming A Reality (New York: New Press 1999) and
Jeffrey Rosen's The Unwanted Gaze: The Destruction
of Privacy in America (New York: Random 2000).
A view from the academy is provided by public-key wizard
Whitfield Diffie and Susan Landau in Privacy on the
Line: The Politics of Wiretapping and Encryption (Cambridge:
MIT Press 1999); much better value.
It's more perceptive than Crypto (New York: Penguin
2001) a brief history by Steve Levy built - alas - on
the usual dichotomy of the techno-savvy little guy versus
the big bad forces of darkness.
one side of the battle were relative nobodies: computer
hackers, academics and wonky civil libertarians. On
the other were some of the most powerful people in the
world: spies, generals and even presidents. Guess who
Bruce Sterling's The Hacker Crackdown: Law & Disorder
on the Electronic Frontier (New York: Bantam 1993)
is provocative and more insightful than Rosen or Whitaker.
memoirs & exposes
The Cuckoo's Egg (New York: Doubleday 1993) by Clifford
Stoll (author of Silicon Snake Oil), a tale of
digital derring-do in which Berkeley astronomer - with
a little help from spooks and the police - tracked down
a cyber criminal.
Tangled Web: Tales of Digital Crime From The Shadows of
Cyberspace (Indianapolis: QUE 2000) by Richard Power
is a mix of journalitic anecdotes, hard facts and common
sense. In contrast Paul Taylor's Hackers: Crime in
the Digital Sublime (London: Routledge 1999) is a
rigorous study drawing on interviews with hackers, security
personnel and others.
The Fugitive Game and The Watchman by Jonathan
Littman (both published by Little Brown) are a journalist's
account of Kevin Mitnick and other hackers. Mitnick
has subsequently cashed in as consultant to corporate
America, vendor of Mitnick memorabilia on eBay and author
of The Art of Deception (New York: Wiley 2002).
Mike Godwin's Cyber Rights: Defending Free Speech in
the Digital Age (New York: Times 1998) is a useful
corrective to much of the contemporary media hysteria.
Katherine Tarbox's Katie.com: My Story (New York:
Dutton 2000) is a recent contender for 'digital stranger
danger' stardom. The unhappy Ms Tarbox was lured into
unpleasantness by a creep she met on the internet. We're
less impressed by the potential of the web for digital
molestation - virtual or otherwise - and more by an environment
that didn't care for the child.
There are pertinent figures in the 2001 CCRC report (PDF)
by David Finkelhor, Kimberly Mitchell & Janis Wolak regarding
Online Victimization: A Report on the Nationís Youth
and in the Pew Internet & American Life Project report
on Teenage Life Online: The Rise of the Instant-message
Generation and the Internet's impact on Friendships and
Julian Dibbell's account of misbehaviour by MUD and MOO
players My Tiny Life: Crime & Passion In A Virtual
World (London: 4th Edition 1999) is engagingly written
but frankly silly: turn off the PC, go outside, breathe
the fresh air and get a life (of the non-virtual kind).
Indra Sinha's vapid memoir The Cybergypsies: A True
Tale of Lust, War & Betrayal on the Electronic Frontier
(New York: Viking 1999) is forgettable, as is Suelette
Dreyfus' Underground: Tales of Hacking, Madness &
Obsession on the Electronic Frontier (London: Mandarin
At Large: The Strange Case of the World's Biggest Internet
Invasion (New York: Touchstone 1998) by David Freedman
& Charles Mann and Cyberpunk: Outlaws & Hackers
on the Computer Frontier (New York: Touchstone 1995)
by Katie Hafner & John Markoff are other accounts
- suitably breathless, resolutely anecdotal - of hacking/cracking.