The Internet is a very powerful and flexible communication channel - so much so, in fact, that the conceptual distinction between it and an actual physical space is getting a little blurred. We routinely speak of Web "sites", chat "rooms", software agents "crawling" around et cetera, usually without being aware of the metaphors of location and movement. While today's standard two-dimensional graphics devices and stereo sound systems are a far cry from the total sensory immersion of cyberspace as popularised by science fiction of the cyberpunk variety, there nevertheless is a certain sense of exploring a world within a world when one is browsing the Web. Apart from a handful of experimental and commercial services such as online role-playing games there really is not even an attempt to emulate a physical environment on the Internet, but in many ways this is unimportant, since what people actually require is often primarily a social environment or a communicational space, so to speak. The complex and diverse interactions within the global information network thus create, or at least contribute to, the feeling or illusion that it is a special kind of place rather than a mere machine for relaying messages, albeit an intricate one.

As all the content in information networks is ultimately produced by human beings, it is not at all surprising that the virtual world reflects the physical one to a great extent: whatever interests the subset of humanity that has access to information technology is represented in some form or other. Some rules of the physical world do not apply in the virtual one, but often when a rule is considered useful and important rather than restrictive and unnecessary, a way is found to implement it all the same. The enforcement of various codes of conduct is a case in point. In communities based on information exchange such as WWW forums and IRC channels there are often special users to whom the task of enforcing community rules has been assigned. Temporary or permanent exclusion from community is a typical penalty for severe or repeated misconducts. Such penalties only affect the offender insofar as he or she has genuine personal interest in the community, but at any rate the other users are spared from being harassed by suspended one.

The relationship between the physical world and the virtual one is not one-way, however: actions and events in Internet services may have consequences that transcend those services and, indeed, even the Internet itself. It is widely known that some people exploit this fact by using the Internet as a medium for criminal activity, taking advantage of the relative ease of concealing one's identity online. Sometimes the unusual nature of questionable earning methods enabled by the Internet makes it unclear whether applying those methods is actually subject to prosecution under current criminal laws, as demonstrated by Guest's article on the darker side of online gaming [4]. As a response to this phenomenon a number of informed and technically competent users have begun to devise techniques for beating malicious users with their own weapons. These range from direct counterattacks by force to subtle entrapment by guile depending on the nature of the malicious activity. Towards the latter end of the spectrum lies a technique known as scam baiting, which is used to counter attempts at raising money via email scams.

A typical example of an email scam is the so-called 419 scam, in which the scammer fraudulently poses as someone having access to a large sum of money that needs to be transferred abroad via a trusted bank account. The victim is lured to participate with the prospect of receiving a cut of the funds as a reward for assistance, and then persuaded to cover some comparably small expense out of his or her own pocket. Apart from Kich's rhetorical analysis [6], not a lot of research attention has been directed at this phenomenon. A baiter would respond to a 419 scam by expressing interest under an assumed identity and then stalling the transaction until the scammer gets frustrated and terminates communication. A common practice is to try to get the scammer to send a personal photograph - baiters refer to these as trophies - which is then published on the Web. Some even attempt to reverse the scam by persuading the scammer to send them some money.

The ethics of scam baiting is discussed by an advocate of baiting at a prominent baiter site, the 419 Eater [2]. The article addresses concerns regarding the motives of scammers and the effects of scamming, but neglects to consider the implications of the fact that baiting is basically a form of vigilante activism. It is true that law enforcement officials cannot do much beyond educating the public, and baiters' claims of positive results (such as scammers becoming more wary of victim replies) are plausible, but on the other hand there are issues such as whether it is right to publish personal photos on the Internet without proper authorisation, especially since there is no way to be sure that the person in the picture really is the scammer rather than someone innocent. It is also notable that baiting is not a purely altruistic activity: many baiters openly admit that personal amusement is at least a part of why they do it. Newspaper journalist Patrick Cain has dubbed the virtual battle of scammers and baiters "the Internet's first blood sport" [1].

Given all this, might it be better, after all, to simply ignore these emails and to advise everyone else to do the same? This paper analyses scam baiting as a form of vigilantism and explores the limits of its appropriate use as a defensive measure for lawful Internet users. A profile of the ethos of scam baiting is constructed using the stated motives and honour codes of baiters and their reports of successful baits as research material. Both motives and modi operandi vary to some extent, but in general it appears that baiters do not view scam baiting as a no-holds-barred pursuit and that in many cases their involvement is rooted in a sense of responsibility as human individuals and members of a privileged minority (namely those with the motivation and ability to identify and combat Internet abuse).

The baiter ethos is examined in terms of classical consequentialist and deontological ethics on a general level, and also in terms of concrete professional and organisational ethics codes on a more specific level. A particularly interesting angle is provided by the field of journalism, in which the justification of publishing photographs of people is a much-discussed dilemma. A good concise account of various applicable theories is given by Merrill in [7]; more detailed guidelines can be found, for instance, in the code of the journalist society SPJ [8]. Caution is a moral imperative in such matters, because once something has been published on the Internet it can remain available indefinitely. Determining the real extent of damage done is difficult, but providing evidence for beneficial effects is not easy either, and arguably the notion of potential benefits rests in part on the assumption of potential damage.

The paper also briefly discusses private reactions to others forms of cybercrime, including "hack back" [5] and physical counterattack as responses to network attacks, honeypotting as an anti-malware tactic and certain individual cases of auction fraud exposure [3]. Each of these, while related to scam baiting, has slightly different ethical implications, and is therefore useful for charting the ethical territory of Internet vigilantism and for plotting the location of scam baiting in it.

References

[1]         Cain P. (2004): Scamtrap. Toronto Star, July 12, 2004.

[2]         "The Cheshire Cat" (200): The Ethics of Scambaiting. http://www.419eater.com/html/ethics.htm, referenced Dec 11, 2006.

[3]         Coursey D. (2002): How a cyberposse is protecting you from auction fraud.   http://review.zdnet.com/AnchorDesk/420-6033_16-4207039.html, referenced Dec 11, 2006.

[4]         Guest T. (2006): Just a Game? New Scientist, no. 22 (May 20, 2006), pp. 38-42.

[5]         Jayawal V., Yurcik W. & Doss D. (2002) Internet Hack Back: Counter Attacks as Self- Defense or Vigilantism? IEEE International Symposium on Technology and Society (ISTAS), Raleigh (NC), United States, June 2002.

[6]         Kich, Martin (200): A Rhetorical Analysis of Fund-Transfer-Scam Solicitations. Cercles, no. 14, pp. 129-142.

[7]         Merrill, John C. (1997): Journalism Ethics - Philosophical Foundations for News Media. St. Martin's Press, New York.

[8]         Society of Professional Journalists (1996): Code of Ethics. http://www.spj.org/ethicscode.asp, referenced Dec 11, 2006.