If someone breaks into your home and steals your possessions, it’s a crime you can easily understand. Most crimes are offences against property or the person. Even crimes such as defamation are attacks against you as a person: the effects are apparent and felt by you, the person being defamed.
We see the role of the legal system as being, to quote Gilbert and Sullivan, “to make the punishment fit the crime”. In this we entrust the legal system with deciding appropriate punishments – ranging from incarceration to community service or a financial penalty. Sentences often become the subject of public debate, to which parliament can respond if the nature of the offence or punishment is out of step with public perceptions.
The recent UK phone hacking scandal is an excellent example of this. In the months leading up to the trial, there was a procession of victims as they became aware, much to their surprise, that they had been monitored. It is almost unbelievable, given the amount of public exposure, debate and condemnation that this resulted in only one sentence – 18 months’ jail for Andy Coulson.
As we move to the information economy, criminal activities are also moving into the information economy. Some such crimes are obvious, such as attempts to infect personal computers with viruses, attacks on bank accounts and phishing attacks, where increasingly sophisticated and apparently genuine emails from people and institutions are used to obtain banking or other details by deceit.
Intrusive but invisible crimes
What is more worrying is increasing evidence of largely invisible crimes. Personal and business information is being illicitly monitored and recorded. This may extend to tracing the very nature of your personal life such as myki and credit card petrol purchases to determine travel routes and frequency, cell phone data to record who you contacted and for how long, and travel details.
Often all these bits and pieces of information are completely innocuous until they are put together to create digital footprints of the victim’s movement within our social fabric. The victim often has no idea this is happening until the information is used against them. Information is the one item that can be stolen without the owner being aware at the time of the loss of property.
This is not a new experience. In 1986 a hacker was stealing information from the Lawrence Berkeley National Laboratory. The tangible loss was 75 cents of computer time. The FBI could not officially intervene because the “stolen” amount was below the financial threshold of US$1,000,000 that gave the agency jurisdiction.
The associated theft of information did not have a value, despite the potential intelligence damage to the USA. This experience and the chase for the hackers is related in Clifford Stoll’s book The Cuckoo’s Egg.
How does the law value information?
These examples highlight the inescapable fact that our legal frameworks struggle to keep up with the shift by our society to an information age. The issue here is our perception of the damage, in terms of the cost of the item, compared to the damage in terms of its value.
In both cases, the cost in terms of the activities used to gain the information was negligible compared to the value of the information to which the perpetrators gained access.
We are in transition. The perception of the loss involved in such activities has to shift to the value of information obtained. This change will more accurately reflect the loss that the victim has suffered.
As a society we have embraced the emerging information economy. As with sharing the keys to our house or car, we perceive a vulnerability in voluntarily sharing our passwords. We are beginning to perceive the same vulnerability with the digital footprints we necessarily generate in our day-to-day activities.
That is what needs to be addressed now in our legal framework. It is not an unfamiliar concept. After all, the Mona Lisa is only about $100 worth of paint, canvas and wood. Its value on the other hand …