Caslon Analytics elephant logo title for Security & InfoCrime guide
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa
























related pages icon



& Trust


related pages icon


Forgery &


section heading icon     perspectives

This page offers perspectives from government, business and academia

It covers -

subsection heading icon     orientation

In considering security and crime on the internet we can identify activity that affects one or more of the four layers -

  • the physical infrastructure - the communications links (much of which predate the net) such as copper wire, wireless and optic fibre, the switches and devices such as personal computers, mobile phones and servers
  • the logical layer - connecting the physical infrastructure, eg Internet Protocol (IP)
  • the applications layer, eg web browsers
  • the content layer

subsection heading icon     the monster under the bed

[under development]

subsection heading icon     introductions

The collection of essays in Cybercrime: Law Enforcement, Security & Surveillance In The Information Age (London: Routledge 2000) edited by Douglas Thomas & Brian Loader offer a concise, thoughtful introduction to issues and technologies, including privacy, encryption, hacking, anonymity and infowar. It is complemented by the Australian Institute of Criminology 2007 report on The future of technology-enabled crime in Australia (PDF). Information Security Management: Global Challenges in the New Millennium (Hershey: Idea 2001) edited by Gurpreet Dhillon, Cyber-Threats, Information Warfare & Critical Infrastructure Protection (Westport: Praeger 2002) by Anthony Cordesman, The Law & Economics of Cybersecurity (Cambridge: Cambridge Uni Press 2006) edited by Mark Grady & Francesco Parisi and Security and Usability (Sebastopol: O'Reilly 2005) edited by Lorrie Cranor & Simson Garfinkel are also recommended.

The Hundredth Window: Protecting Your Privacy and Security in the Age of the Internet
(New York: Free Press 2000) by Charles Jennings & Lori Fena is a crisp overview of dangers and what you can do about them. The authors were among the founders of industry group TRUSTe whose performance is questioned elsewhere on this site; Fena has been a president of the Electronic Frontiers Foundation (EFF). Other introductions include Digital Crime & Digital Terrorism (Upper Saddle River: Pearson Education 2006) edited by Robert Taylor

Secrets & Lies: Digital Security In A Networked World
(New York: Wiley 2000) by Bruce Schneier is an engaging, clearly-written introduction to security mechanisms, policies and risk assessment. It's strongly recommended. Schneier is a leader thinker about network security; his Applied Cryptography: Protocols, Algorithms and Source Code in C (New York: Wiley 1995) is a detailed primer.

Trust & Risk In Internet Commerce
(Cambridge: MIT Press 2000) by L Jean Camp is a useful study of perceptions of risk online, regulatory frameworks and technologies such as encryption. Like Schneier's Secrets it's an essential read. We recommend reading in conjunction with Joseph Reagle's thesis, identified on the preceding page of this guide. It is more up to date than The Global Internet Trust Register (Cambridge: MIT Press 1999) edited by Ross Anderson, Fabien Petitcolas, Bruno Crispo et al - a PDF version of the 1998 edition is available.

Risky Business - Protect Your Business From Being Stalked, Conned or Blackmailed on the Web (New York: Wiley 1998) is a plain-English overview by Daniel Janal of Upside magazine.

We are impressed by Hacking Exposed (New York: McGraw-Hill 1999) from Stuart McClure, Joel Scrambray & George Kurtz and by Dieter Gollmann's Computer Security (New York: Wiley 1999).

An introduction to the extensive but uneven literature on surveillance issues and technologies is here.

subsection heading icon     what is cybercrime

The Commonwealth government has recently released a discussion paper on computer-related offences as part of the Model Criminal Code project that seeks to encourage uniform treatment of offences across Australia's state, territory and national jurisdictions.

Earlier this year the cybercrime unit in the US Department of Justice released a useful report on The Electronic Frontier: The Challenge of Unlawful Conduct Involving the Use of the Internet.

Like its 1997 report on The Availability of Bombmaking Information, the Frontier document provides a perspective on online v offline behaviour and enforcement. The Justice Department has also released a report on Cyberstalking: A New Challenge for Law Enforcement and Industry.

subsection heading icon     wired dangers

For a walk on the wild side we recommend the 1999 RAND Countering The New Terrorism study, one of the best of recent US reports on information warfare and cyberterrorism, and its November 2001 successor (here) on Networks and Netwars: The Future of Terror, Crime, and Militancy edited by John Arquilla & David Ronfeldt. The Cold War is over, on to the war of bits and bytes? 

Jean Guisnel's Cyberwars: Espionage on the Internet (Cambridge: Perseus 1999) and is more alarmist; there is tart questioning in Andrew Ross' Strange Weather: Culture, Science & Technology in the Age of Limits (London: Verso 1991). The latter for us is more persuasive than the breathless Safe: The Race to Protect Ourselves in a Newly Dangerous World (New York: HarperCollins 2005) by Martha Baer, Katrina Heron, Oliver Morton & Evan Ratliff - the arrogance of characterisation of the "newly dangerous" world is equalled by the naivety in acceptance of some 'solutions'.

has a discussion forum and media service about infowar and security concerns, albeit with little critical evaluation.  

The Institute for the Advanced Study of Information Warfare (IASIW) includes an exhaustive online bibliography. Mathew Devost's paper Information Warfare: Can You Trust Your Toaster? is a short example of the rash of recent academic publications. (Our fridge is the device we worry about and of course we won't be connecting it to the web)

George Smith, in An Electronic Pearl Harbour? Not Likely, a more solid article for the Federation of American Scientists' Issues in Science & Technology, assesses political hype, financial self-interest and technological reality in recent US debate about 'cyberwar'. The FAS has an excellent collection of links on infowar, security and hacking.

US guru Dorothy Denning's homepage has a large collection of papers and links. Her Information Warfare & Security (New York: Addison-Wesley 1999) is a lucid introduction to computer security.

Simson Garfinkel's Web Security & Commerce (Sebastopol: O'Reilly 1997) and Secrets & Lies: Digital Security In A Networked World (New York: Wiley 2000) by Bruce Schneier are useful starting points.

The Forum on Risks to the Public in Computers & Related Systems (RISKS), under the auspices of the Association for Computing Machinery (ACM), has a wealth of information about dangers.

Australia's National Electronic Authentication Council (NEAC) released two reports - Legal liability and e-transactions and E-commerce security - that include recommendations for developing B2B ecommerce.

NEAC was established in 1999 by the Commonwealth Government to oversee the development of a national framework for the electronic authentication of online transactions-providing advice to government, industry and consumers on authentication issues and encouraging the development of relevant standards.

Legal liability & e-transactions is a scoping study about the legal liability of electronic authentication transactions. It identifies and assesses liability issues in the use of various electronic authentication systems, particularly public key infrastructure (PKI).

E-commerce security is a scoping study covering the standards and authentication technologies used to secure electronic transactions.

subsection heading icon     the digital apocalypse?

Cyberwars: Espionage on the Internet (Cambridge: Perseus 1999) by Jean Guisnel is another call-to-arms by a science journalist with links to the French intelligence community.

All very exciting, but you might get more value from the Web Security Handbook (New York: Wiley 1997) by Avi Rubin, Dan Geer & Marcus Ranum. Ranum's site is of value. Netspionage: The Global Threats To Information (London: Butterworth 2000) by William Boni & Gerald Kovacich is a slightly less breathless version of Guisnel.

Peter Grabosky & Russell Smith's Crime in the Digital Age: Controlling Telecommunications & Cyberspace Illegalities (New Brunswick: Transaction 1998) and Cyber criminals on trial (Cambridge: Cambridge Uni Press 2004) by Grabosky, Smith & Gregor Urbas consider theft of services, information piracy, extortion, electronic money laundering, fraud and other crimes. There is a more succinct statement in Peter Grabosky's paper on Computer Crime: A Criminological Overview. A range of perspectives are provided by papers in Crime & the Internet (London: Routledge 2001) edited by David Wall.

Our Privacy guide includes detailed references for studying online personal and commercial data protection. Simson Garfinkel's Database Nation: The Death of Privacy in the 21st Century (Sebastopol: O'Reilly 2000) is somewhat overblown but worth reading.

Warnings of the 'death of privacy' come in Reg Whitaker's overheated The End of Privacy: How Total Surveillance Is Becoming A Reality (New York: New Press 1999) and Jeffrey Rosen's The Unwanted Gaze: The Destruction of Privacy in America (New York: Random 2000).

A view from the academy is provided by public-key wizard Whitfield Diffie and Susan Landau in Privacy on the Line: The Politics of Wiretapping and Encryption (Cambridge: MIT Press 1999); much better value.

It's more perceptive than Crypto (New York: Penguin 2001) a brief history by Steve Levy built - alas - on the usual dichotomy of the techno-savvy little guy versus the big bad forces of darkness.

On one side of the battle were relative nobodies: computer hackers, academics and wonky civil libertarians. On the other were some of the most powerful people in the world: spies, generals and even presidents. Guess who won?

Bruce Sterling's The Hacker Crackdown: Law & Disorder on the Electronic Frontier (New York: Bantam 1993) is provocative and more insightful than Rosen or Whitaker.

subsection heading icon     memoirs & exposes

The Cuckoo's Egg (New York: Doubleday 1993) by Clifford Stoll (author of Silicon Snake Oil), a tale of digital derring-do in which Berkeley astronomer - with a little help from spooks and the police - tracked down a cyber criminal.

Tangled Web: Tales of Digital Crime From The Shadows of Cyberspace (Indianapolis: QUE 2000) by Richard Power is a mix of journalitic anecdotes, hard facts and common sense. In contrast Paul Taylor's Hackers: Crime in the Digital Sublime (London: Routledge 1999) is a rigorous study drawing on interviews with hackers, security personnel and others.

The Fugitive Game and The Watchman by Jonathan Littman (both published by Little Brown) are a journalist's account of Kevin Mitnick and other hackers. Mitnick has subsequently cashed in as consultant to corporate America, vendor of Mitnick memorabilia on eBay and author of The Art of Deception (New York: Wiley 2002). Mike Godwin's Cyber Rights: Defending Free Speech in the Digital Age (New York: Times 1998) is a useful corrective to much of the contemporary media hysteria.

Katherine Tarbox's My Story (New York: Dutton 2000) is a recent contender for 'digital stranger danger' stardom. The unhappy Ms Tarbox was lured into unpleasantness by a creep she met on the internet. We're less impressed by the potential of the web for digital molestation - virtual or otherwise - and more by an environment that didn't care for the child.

There are pertinent figures in the 2001 CCRC report (PDF) by David Finkelhor, Kimberly Mitchell & Janis Wolak regarding Online Victimization: A Report on the Nationís Youth and in the Pew Internet & American Life Project report on Teenage Life Online: The Rise of the Instant-message Generation and the Internet's impact on Friendships and Family Relationships.

Julian Dibbell's account of misbehaviour by MUD and MOO players My Tiny Life: Crime & Passion In A Virtual World (London: 4th Edition 1999) is engagingly written but frankly silly: turn off the PC, go outside, breathe the fresh air and get a life (of the non-virtual kind).

Indra Sinha's vapid memoir The Cybergypsies: A True Tale of Lust, War & Betrayal on the Electronic Frontier (New York: Viking 1999) is forgettable, as is Suelette Dreyfus' Underground: Tales of Hacking, Madness & Obsession on the Electronic Frontier (London: Mandarin 1997).

At Large: The Strange Case of the World's Biggest Internet Invasion (New York: Touchstone 1998) by David Freedman & Charles Mann and Cyberpunk: Outlaws & Hackers on the Computer Frontier (New York: Touchstone 1995) by Katie Hafner & John Markoff are other accounts - suitably breathless, resolutely anecdotal - of hacking/cracking. 

icon for link to next page     next page  (frameworks)

this site
the web


version of September 2007
© Bruce Arnold | caslon analytics