The Chilling Effect ct of Enforce cement of Computer Misuse: Evidence ces from Online Hack cker Forums Assistant Professor: Qiu-Hong WANG Singapore Management University Co-authors: Rui-Bin Geng, Seung Hyun Kim 11 July 2019, Cambridge
Mo Moti tivati tion n -- -- Deterrence ce’s Difficu culty Criminalize Criminalize Computer Misuse Offences Production, Distribution Committing Offences and Possession of including Illegal Access/ Computer Misuse Tools Interception, Data/System with Offensive Intent Interference, etc. Judicial determination of CM : Perpetration cost advantage : the legal system need to take Automation and reachability ex-ante adjudication of the Lower knowledge barrier to malice and severity of hacking acquire hacking techniques tools which may vary with the via online communities context where the act will be Enforcement cost disadvantage : committed. Invisibility and anonymity Jurisdictional boundary
List of Computer Misuse Act ct (CMA) Country Law Amendment UK: The Computer Misuse Act 1990: Australia Criminal Code Act 1995 (Cth) ss 478.3 and 478.4 Section 3A: Making, supplying or obtaining articles Croatia New Crim inal Law Article 272 for use in an offence under Section 1,3 or 3ZA Canada Protecting Canadians from Online Crim e Act Section 342.2 China Crim inal Code Article 285 Colom bia Penal Code Act 1273 of 2009 Article 269A-J Ethiopia Telecom Fraud Offence Proclam ation Article 3 Fiji Crim es Decree 2009 Article 346 France Monetary and Financial Code Article L163-4 Germ any Germ an Crim inal Code Acts 202c US: The Computer Fraud and Abuse Act: (a)(5)(A) Italy Penal Code Art 615 Dutch Criminal Code Netherlands Article 350a New Zealand Crim es Am endm ent Act 2013 (2013 No 27) subsection 1 of 251 Qatar Cybercrim e Law (No. 14 of 2014) Article 66 China: Criminal Code: the Amended Article 285 Russia Crim inal Code Act 273 and 138.1 Serbia Crim inal Code Article 304a Singapore Com puter Misuse and Cybersecurity Act Article 10(1) Sweden Crim inal Code Article 9b Switzerland Crim inal Code Article 143bis United Kingdom Computer Misuse Act (UK) s1, s3, s3A and s3ZA Computer Fraud and Abuse Act of 1986 (a)(5)(A) United States
Mo Moti tivati tion n – Deterrence ce or Chilling Effect ct? illegal legal How to Know when you are infected with RATs • My python password finder for any site! Ten to fifteen thousand proxies in a list [ip:port]. • • or Keyl0ggers. • Easily Hackable important Website :) • How to change your ip in less then 1 minute How to protect your HTML source code • • [The Order] Free Rat Support | Reliable | • Anonymity complete GUIDE By Theraider & How to stop people from resolving your IP via • Quick and Easy | 2+ Years of Experience Dangerous R. Skype • Hacking A College • Ping Scan Script Nexus anti-flood 2010 with DDOS protection! • DDoS Service [Cheap] [Powerful] • Protected Prosecution Threat Criminalized Offensive intent Neutral intent Defensive intent Judicial determination of CM : Legal system with fallibility and uncertainty • Predict potential cybersecurity risks associated with new • technology or new uses of existing technology Dual use nature of cybersecurity technology: tools for • penetration tests; cryptocurrency Unfalsifiability of security claims •
Mo Moti tivati tion n – Conce cerns on Chilling Effect ct • Cost of Chilling Effect: • Defamation vs. Free Speech • Government surveillance vs. Privacy • Cybersecurity Offense vs. Defense • Empirical Challenge of Chilling effects • Where to find a control group? • Lack of individual-level data to track a choice between different intents • Globalized activities • Shift in norms
Re Research Questions -- -- Em Empi pirical Evide denc nce of Chi hilling ng Effect • External Shock : CMA enforcement -- the production, distribution, and possession of hacking tools with offensive intent • Context : Publicly accessible online hacker communities Protected Prosecution threat Criminalized Offensive intent Neutral intent Defensive intent Chilling / Substitution Effect? Chilling Effect? Deterrence Effect? Ø While the CMA enforcement explicitly imposes legal risk on the communication with offensive intent , would the supposition of this deterrence effect lead to the chilling effect on the sharing with neutral intent or even defensive intent ? Ø How would the online social community context reinforce or weaken the effects of CMA enforcement?
Re Research Context -- -- Hac Hacker er For orums ms op oper erated ed in in the e surfac ace e web eb as vantage points for diversified intents • Moral ambiguity leads to the coexistence of black/grey/white hats in online hacker communities, and discussions on offense, defense or neutral-intent techniques with dual use (Thomas 2005) • Dual roles • A stepping stone towards more serious online cyber-attacks (Pastrana et al. 2018) • A school for white hats and grey hats to understand hacking techniques (Kirsch 2014). • Not for the most malicious activities but less determined hackers or the curious (Pastrana et al. 2018)
Re Research Context -- -- Ch Chinese Hacker r Foru orums ms • CMA enforcement -- February 28, 2009, the Amendment of Article 285 in the Criminal Law • Language barrier and Internet access filtering lead to localized subjects and their limited mobility • hackforums.net was not accessible in China • The earliest Chinese dark web was launched in October 2014 • Two top forums • Ranked the 2 nd and 3 rd (Alexa.com à China à Computers/Security à Hacker , April 05, 2017) • 89.4%~92.6% of the users geographically located in China -- The majority of the forum participants are within the jurisdictional scope of the CMA enforcement
Context and Data: Author Intent Classification Exploratory knowledge 4 word embedding clusters à The training and testing 4 categories of contribution intents datasets Unsupervised Clustering Manual Labelling NLP-CNN model based on semantic cliques • Two human coders after 6 months of precision recall F1 training • 25% of leading posts in each year: irrelevant 0.98 0.99 0.98 • Forum A: 38,736 / 165,870 • Forum B: 12,093 / 52,154 • 50,827 consistently labelled records defensive 0.95 0.94 0.94 • inter-rater agreement: 0.87 for Forum A and 0.92 for Forum B offensive 0.96 0.93 0.95 neutral 0.94 0.90 0.92
Pr Preliminary Analysis defensive Content Volume CMA Before After offensive enforcement 600 Enforcement Enforcement neutral 500 The number of 400 137,718 80,306 leading posts 300 The number of 200 replies per leading 7.53 10.09 100 post 0 Jan-04 Mar-05 Dec-06 Feb-08 Sep-08 Apr-09 Jun-10 Jan-11 Mar-12 Dec-13 Aug-04 Oct-05 May-06 Jul-07 Nov-09 Aug-11 Oct-12 May-13 Jul-14 % of defensive 6.62% 12.63% leading posts % of offensive 8.78% 5.84% leading posts % of neutral 3.67% 3.59% leading posts % of irrelevant 80.97% 77.86% leading posts
Qu Quasi-Differ erenc ence-In In-Differ erenc ence A reduced-form regression on the number of posts in different categories {defensive, offensive, neutral, irrelevant} generated by hacker forum user i in month t (Marthews & Tucker 2017) Limitations -0.0248*** q Inflation with many zero observations AfterCMA t ´ Offensive it (0.0002) q User’s contribution intent decision 0.0262*** AfterCMA t ´ Defensive it (0.0002) interdependent within each user -0.0273*** AfterCMA t ´ Neutral it q Contribution on security-irrelevant posts is (0.0002) Adjusted R-squared 0.1038 correlated with security-related posts No. of observations 2,826,232 q No way to address forum self-regulation on obviously illegal posts
A A Mixed Nested Logit Model Each choice occasion: whether to post and which to post ! = b b + b + d + d d A 2 U + Age Age AfterCMA Experience + Attention - - ijk 0 ij 1 i k 2 i k 1 j k 2 j ijk 1 3 j ijk 1 d d + d + Peer + AfterCMA Experience " AfterCMA Attention " - - - 4 j ijk 1 5 j k ijk 1 6 j k ijk 1 + d d AfterCMA Peer " + Other _ Post - - 7 j k ijk 1 8 j ijk 1 A I b + d æ ö = X W ijk ijk it i ik j ç ÷ - ! 1 I ! æ ö exp( U ) it - I J 1 1 exp( U ) Õ ç ÷ - lt I = ijk × L A ( , I ) e it ç ÷ = j 2 ! ! ijk it + ç J -1 + ÷ I I 1 exp( U ) 1 exp( U ) è ø å ! Randomized heterogeneity + = j 1 1 exp( U ) it it ç ÷ across contributors on ijk è ø = j 1 preference and life cycle Probability of being removed by forum self-regulation Probability of {Offensive, Neutral, Defensive} post Probability of post
Deterrence Effect Weakened • Diminishing marginal perpetration cost Reinforced • Increasing severity Increasing enforcement cost • Weakened Substitution Effect Weakened Diminishing marginal utility • Increasing utility • Reinforced Increasing utility • Reinforced Chilling Effect Reinforced Increasing probability of erroneous • prosecution Reinforced Exemplified perceived risk associated • with social interaction (Kasperson et Reinforced al. 1988 )
Recommend
More recommend
