Toward a Criminal Law for Cyberspace: Distributed Security


The article analyzes the structure and evolution of the current, traditional model of law enforcement and explains why this model is not an effective means of addressing computer-facilitated criminal activity. It begins by analyzing the operation of rules in collective systems composed of biological or artificial entities; it explains that every such system utilizes basic, constitutive rules to maintain both internal and external order. The article explains that intelligence has a profound effect upon a system’s ability to maintain internal order. Intelligence creates the capacity for deviant behavior, i.e., the refusal to abide by constitutive rules, and this requires the development of an additional set of rules, proscriptive rules (or a criminal law).

Systems must also have processes in place (a system of law enforcement) to implement these rules; the article traces the evolution of Western law enforcement from a model predicated on citizen enforcement to the current model of professional policing. It explains why the current model – with its hierarchical organizational structure and reactive approach to real-world crime -- is inadequate to deal with cybercrime. Having done that, the article considers how a different approach, a system of distributed security which utilizes citizen efforts, can be implemented; distributed security emphasizes citizen prevention of cybercrime, instead of official reaction to completed cybercrime. The article considers whether the implementation of a system such as this should be voluntary or obligatory and concludes that it must be obligatory. Finally, the article outlines how two legal doctrines – an assumption of risk principle and a modification of current complicity law – can be used to create incentives for citizens to become part of a system of distributed security.


Computer Law | Criminal Law | Criminal Procedure

Date of this Version

August 2003