What is cybercrime?

It sounds like the subject of a Hollywood thriller or paperback science fiction novel. Hackers surrounded by glowing LCD screens watching as money drains from your bank account into theirs. Cybercrime: a new crime for the digital age. Or is it? Is cybercrime something new or is it just a new spin on the familiar old crimes?

Cybercrime has no established definition. On the broadest interpretation it could include any criminal act committed via computer or the Internet. But what distinguishes theft from your online banking account and theft by someone impersonating you in the branch or forging your signature on a cheque? For many crimes involving computers, the essential elements are the same as the traditional crime and recognizing a distinction when a computer is used does not make sense. A computer does not aggravate a theft in the way that a weapon does (by increasing the likelihood of bodily harm) it is merely a method of committing the same crime. For “cybercrime” to be coherent as a category, it must be in some way distinct from recognized traditional crimes: cybercrimes are those criminal acts that are unique to computers.

But some would argue that there are no crimes that meet this definition. In a 2001 article and a recent follow-up, Professor Susan Brenner argues that all known cybercrimes can be encompassed, with a little effort, by existing crimes. Consider a few candidates for pure cybercrimes: hacking, denial of service, and distributing malicious software. These are criminal acts which take place in “cyberspace”. But each of them has a real-world analogue: hacking can be viewed as a form of digital trespass; denial of service is vandalism or common nuisance; malicious software is mischief or theft of processing power. Thus, even these acts are like the example of theft in the previous paragraph: merely traditional crimes carried out through the medium of cyberspace. The solution is not to invent new crimes but to revise existing ones to accommodate changing situations. Brenner does, however, suggest the possibility of true cybercrimes (acts only possible in cyberspace) emerging in the future. There is even a precedent for criminalizing acts that take place in another realm—witchcraft. It was once believed that witches manipulated spirits in another realm to harm their victims much like cyber-criminals act in cyberspace to harm their victims. But for the present time Brenner concludes that traditional crimes are enough.

One troubling aspect of Brenner’s argument is its reliance on the concept of “cyberspace”. Cyberspace allows you to easily draw analogies between real and virtual actions—for example, associating hacking with trespassing. But cyberspace is just a metaphor. It is useful for explaining the relationships between computers, but it leads to inaccuracy in describing the actions of people online. It is certainly possible to redefine the legal understanding of location to match this metaphor, but just because something is possible doesn’t make it right. Without relying on cyberspace, the ability to remotely access and manipulate another person’s property is actually something new but still easily described: the Criminal Code calls it unauthorized use of a computer. The provision does not criminalize “digital trespass” but rather unauthorized access, which is an accurate non-metaphorical description of the act we wish to proscribe. This is a cybercrime. It is not a pure cybercrime in the sense that Brenner is looking for, but it is a distinct criminal act in which computers play an essential role.

The Criminal Code provision also highlights another problem with extending real-world crimes to encompass virtual counterparts. Unauthorized use of a computer is classified in the Code alongside theft rather than breaking and entering. This demonstrates that there may be multiple candidate offenses for a single cybercrime. What can be clearly defined as a separate crime becomes muddled if we try to force it into existing categories. If only for practical reasons, it makes sense to treat it differently.

The global reach of the Internet and the power and flexibility of computers allow us to interact in brand new ways. Sometimes this merely provides a new method to commit an old crime. But there are some crimes—cybercrimes—in which the role of the computer renders them practically distinct.