Sunday, February 04, 2007

Healthy paranoia . . .

I don’t know about you, but for a while, a couple of weeks ago, I was being bombarded with emails telling me I’d won the UK National Lottery . . . which was pretty astonishing, given that I hadn’t played.

The emails were, of course, a scam . . . scam spam. The initial email says you’ve won a million or three British pounds in the lottery, and all that needs to be done now is to arrange for transfer of the funds to you, the lucky winner. I didn’t follow up on any of the emails, of course, but from what I’ve seen online the ultimate goal is to get you to send personal and bank account information to the scammers, who will presumably then use that to clean out any accounts you happen to have.

Seems pretty obvious, doesn’t it? They all – all of the 419 and other spam scams – seem pretty obvious to those of us who congratulate ourselves on being too clever to be taken in, but they must be working on some subset of the population or they wouldn’t keep cropping up in new and more or less creative guises.

And that brings me to my point. According to Wikipedia, Barnum’s Law is “You’ll never go broke underestimating the intelligence of the American public.” I’d modify that a bit for our online environment, so that it emphasizes complacency instead of intelligence (or the lack thereof).

What I find interesting about the UK lottery and all the other online scams is that ANYONE would be foolish enough to trust something that comes to them out of the blue from a purely unknown source . . . and yet people do. I’m reminded of a story I heard a few days ago, from a law enforcement officer who deals with cybercrime. He told me about overhearing another officer, who works with online fraud, having a conversation with an online fraud victim. That officer had apparently heard too much from victims of transparently fraudulent online scams because at one point he said to the victim, “I know $3,000 is a lot of money, sir . . . that’s why I wouldn’t sent it to Romania.”

Why would anyone do that? Why would anyone send money out into the ether to an unknown someone in an unknown someplace and not expect to be scammed?

It goes back to my comment about complacency. The picture accompanying this post is, obviously, the interior of a prison. The point is crime control: For roughly a century and a half, we have been relying exclusively on cadres of professional law enforcement officers to keep crime under control in our societies.

We do not, indeed, cannot, eliminate crime; our goal therefore is simply to keep it within manageable levels so citizens can go about their daily, legitimate activities with relatively little risk of being victimized. We control crime by having dedicated professionals who apprehend criminals (most of whom are notably inept when it comes to evading identification and capture), who are charged, tried, convicted and sentenced to serve time in places like the prison in the picture. The premise is that this controls crime by (i) deterring and incapacitating the particular criminal for the time he/she is locked up and (ii) deters others from emulating his/her criminal activity by making an example of this person. It’s not a perfect strategy, but it has worked satisfactorily in the real-world since it became the dominant model well over a century ago.

The problem for the online environment is that the dominance of this law enforcement crime control model in the real-world means that the average individual takes absolutely no responsibility for crime control. That is the police’s job, not mine – if my house is robbed because (hypothetically) I was foolish enough to leave my front door unlocked when I went to work, I can still call the police and they will still make a good-faith effort (maybe not their best effort, but an effort) to find the thief. The point is that my lack of responsibility, my failure to take even minimal precautions to protect my property, is irrelevant. In the civil law of torts, we have a doctrine called assumption of the risk, which can negate liability; so, basically, if I go bungee jumping knowing I have a fractured vertebrae, and wind up a paraplegic, I can’t recover from the bungee jumping people because I assumed the risk of my injury.

We don’t have that principle in criminal law, because a crime is an offense against the state, not against the victim. That being the case, the victim’s stupidity or irresponsibility is irrelevant – the state still needs to go after the criminal for the reason I noted above: to deter/incapacitate him/her and to deter others from following his/her example.

The result of all that, I submit, is a level of complacency. Most of us give little, if any, thought to the threat of being victimized by a criminal as we go about our daily lives. We may have alarm systems in our houses and cars and offices, but that, again, is a type of delegation – I don’t have to think about security, I delegate it to the professionals who will take care of it for me.

Then we go online.

There isn’t anyone to whom we can delegate the responsibility for protecting us when we are online. Unless and until there is (which I’m not sure I want to see – I tend to like the idea that cyberspace is a raucous place with varied experiences, good and bad), we will have to take care of ourselves online. And that brings me back to the title of this post: healthy paranoia.

My sense is that people sixty, eighty, a hundred years ago were much less complacent and much more likely to be skeptical of strangers and their strange offers . . . and that the same was true for much of human history. Now, part of that would have bee a function of pure provincialism – the stranger coming to a small town/village would have been met with suspicion by people who seldom encountered anyone they had not known for years. But I also think much of it, particularly in more urbanized societies, was due to sad experience with face-to-face fraudsters. “The Big Con” by David Maurer, a book that was originally published in 1940 and was reprinted recently, describes the various types of scams real-world con artists used on civilians in the first several decades of the twentieth-century. Many of the scams had their roots in scams that went back centuries.

The success of those scams throughout history tells us there have always been, and no doubt will always be, people who fall for what is clearly too-good-to-be-true. I suspect, though, that the combination of the online environment and our pretty much surrendering responsibility for protecting ourselves from crime has led us, as a population, to be more susceptible to con artists than people were in the past.

If you don’t believe me, consider the story I described above: The person sent $3,000 to someone he knew nothing about in a country (Romania) known for harboring cybercrime . . . and expected a local police officer to get the money back and bring the perpetrator to justice. None of that computes, none of that works, none of that makes any sense at all . . . except, maybe the last part. This person, I would argue, did not exercise health paranoia in assessing the too-good-to-be-true offer from Romania because he assumed (i) that it was legitimate and (ii) that if it was not, law enforcement would take care of it.

It wasn’t, they can’t . . . and somehow people have to realize that.

1 comment:

Anonymous said...

Dont you hate this?

Check out http://theScamBaiter.com

These guys get even with these crooks, and sometimes even get them arrested even though they are in Nigeria.

There is a lot of funny stuff there too, you have to see what they make these scammers to so get "paid", check out their "mugu museum"

http://thescambaiter.com/forum/vbimghost.php?do=userlist