Technological Aspects of Internet Crime Prevention

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Gillian Dempsey, Department of Commerce, Australian National University

Ooi Chuin Nee, Electronic Trading Concepts - ETC, Sydney

Robert F. O'Connor, Departments of English and Commerce, Australian National University

Version of 15 February 1998

© Xamax Consultancy Pty Ltd, 1997, 1998

This document provides an outline of a presentation at the Australian Institute for Criminology's Conference on 'Internet Crime', Melbourne University, 16-17 February 1998

This document is at

The full paper is at


A preliminary analysis is undertaken of the extent to which it is feasible to prevent crime on the Internet, in particular through the credibility of law enforcement agencies being able to investigate criminal activities.

The primary focal points are the detection of traffic involving a party-of-interest, the acquisition of traffic content, access to message content, and the attribution of message content to a legal person. Supporting sections deal with Internet crime, and with current and future Internet technology.

Extended Abstract

The Internet presents new challenges to law enforcement. This paper addresses the question of the extent to which the prevention of Internet crime is being, and will be, aided and inhibited by Internet technology. It arises from work being undertaken, as a result of an invitation by the Institute of Criminology, by a team that incorporates both information technology and legal expertise.

The political context of the work is that the dramatic growth-rates, global reach, and innovation that are the hallmarks of the Internet are causing concerns to the law enforcement community. Proposals for Internet regulation have been met with a considerable amount of opposition from those who have become used to and are attracted by the net's free environment. This paper addresses not the politics, however, but rather the underlying technics.

Many would-be regulators are seeking to apply conventional approaches to an unconventional phenomenon. An appreciation of the nature of Internet technology is a pre-condition to rational discussion. Accordingly, a 'Primer on Internet Technology' is provided. This describes the key features of Internet infrastructure, including architecture, protocols and tools, and the process whereby the infrastructure is applied to useful purposes.

The notion of 'Internet crime' is examined, and an open and inclusive working definition adopted. Although a literature exists relating to computer crime generally, and there is an increasing range of resources addressing commercial legal issues arising in the context of the Internet, there is a remarkably limited amount of information currently available on the criminal law enforcement aspects. This paper accordingly performs foundation analysis.

The direct prevention of Internet crime is argued to be largely infeasible, because criminal behaviour is essentially indistinguishable from non-criminal activities. Disincentives against criminal behaviour are therefore critical to crime prevention. Clear definition of crimes, and awareness and educational programmes are important.

The key disincentive, however, is argued to be the credibility of law enforcement agencies being able to discover, investigate and prosecute criminal acts. The team is researching all of these aspects. This particular paper, however, primarily addresses detection and investigation, and specifically the detection of traffic involving a party of interest, the acquisition of traffic content, access to that content, and the attribution of message-origin to a particular party.

The analysis draws on prior work on the established computer security notions of confidentiality, integrity, authentication and non-repudiability. An overview of these ideas is to be found in Clarke (1996).

The analysis commences by identifying challenges to the detection of relevant traffic. Logs of Internet transactions are maintained by computers along the path that a message travels. Access to sufficient of these logs is difficult to achieve, the identity of the sender- and recipient-nodes is difficult to establish, and the node's location in physical space is as well, particularly where the connection is temporary. Fixing of the time at which message-related events occurred is remarkably problematical. Prior research is available on multiple digital personae, at Clarke (1994), and on anonymity and pseudonymity, at Clarke (1995).

The acquisition of traffic content depends either on logs that contain message-content as well as message-headers, or on real-time monitoring of relevant links. The practicalities of such approaches are assessed. Acquisition of traffic content is of limited use if the content cannot be interpreted. Barriers are discussed, including character-sets, data compression, encoding and encryption. An introduction to the vital question of encryption is at Clarke (1996).

The association of message-origin to a particular party generally depends on a succession of linkages being able to be established, at least with a sufficient degree of confidence to assist law enforcement investigations, and preferably at a level adequate to provide evidentiary value. In fact, user-accounts and machine-ids are readily falsified, and hence generally repudiable.

With contemporary Internet technology, the difficulties identified in the analysis are intrinsic and unavoidable. Moreover, they are not going to be easily overcome. Although new versions of all levels of Internet technology are to be anticipated, there is a long lead-time involved. Moreover, law enforcement interests are neither strongly represented on standards teams, nor are they regarded with much sympathy by the people who are responsible for technological developments.

The Internet offers plenty of scope for people to hide their trails, and to commit unprosecutable crimes. There is therefore a strong case for pessimism about the preventability of Internet crime. Nonetheless, new expertise needs to be developed, as an adjunct to conventional law enforcement techniques, and as a means of ensuring that law enforcement agencies can provide more authoritative input to the technology standards development process.

The Internet is frequently spoken of as being a basis for electronic communities, and the notion of community self-policing needs to be applied and matured.


Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 2 November 1997

Last Amended: 15 February 1998

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 6 288 6916 Fax: +61 6 288 1472