The crime of electronic extortion is one of the most prevalent forms of cybercrime in recent times, and its prevalence is increasing at a great rate. This crime represents a threat to the majority of Internet users, as no person connected to the Internet can be considered completely safe from being a victim of this crime at any time. In light of a reality in which there are no real guarantees for the victims to preserve their privacy in the event that they resort to the competent authorities, and with the cross-border nature of the Internet preventing the perpetrators from being traced in many cases, this crime is among the most serious and the most difficult to confront.
This paper seeks to provide a comprehensive definition of the crime of electronic extortion and how it differs from the traditional crimes of extortion. It deals with the relationship between the crime of electronic extortion and both the right to privacy and the right to personal freedom. It also briefly presents a picture of the reality of the current legal approaches for dealing with this crime at the international and local levels. Finally, the paper reviews some ways to reduce the crime of electronic extortion.
What is the crime of electronic extortion?
The crime of extortion, in general, is that in which the perpetrator obtains material or other benefits from the victim forcibly, by threatening them to reveal data or information related to themself or others whose safety concerns them. The offender may obtain this data or information legally or illegally. Offenders use it to threaten the victim, knowing that disclosing it will cause them harm.
The crime of electronic extortion is one of the forms of the crime of extortion, and it occurs when the extortion itself or its requirements are achieved by using electronic or digital tools and means, or more precisely by using information and communication technologies to implement any element of the crime. Obtaining the victim’s personal data does not fall precisely within the definition of the ordinary crime of extortion. It is also independently punishable by law if it is done illegally. This applies to the crime of electronic extortion, in the sense that obtaining the information or data used for extortion illegally constitutes in itself a separate crime. However, when determining that the committed act constitutes a crime of electronic extortion, the use of an electronic or digital means to obtain data or information is one of the factors for considering it as such, whether the offender used electronic and digital means and tools to communicate with the victim to threaten them or not.
How does electronic extortion differ from ordinary extortion?
The crime of extortion does not differ in terms of defining the criminal act legally, whether it is electronic or ordinary, but the use of electronic means to carry out the crime of extortion distinguishes it with many characteristics that are not available for the regular crime of extortion. These characteristics relate to the availability of the opportunity to commit the crime, the difficulty or ease of carrying it out, and the possibility of impunity. The paper discusses these points in the following sections.
The opportunity to commit the crime is more available
There is an opportunity to commit the crime of extortion when the offender is able to obtain personal data and information whose owner fears that it will be published, or when this data and information is already in the possession of the offender. Accessing such data in the real world if it is preserved in papers or any non-digital form is very difficult and requires physical access to the place of storage, and before that, knowledge of this place, and usually requires being personally acquainted with the victim. In many cases, personal data or information exploited for extortion fall into the hands of the perpetrator only by chance.
This is not the case for digital data. With the increasing use of the Internet and its various applications in various aspects of people’s lives, an increasing amount of their personal data of all kinds is stored digitally in multiple storage locations. Many keep personal data and information on their personal computers, and many use the storage services available through the electronic cloud to keep copies of their personal data and information, whether as backups or to be able to access them using more than one device. Finally, there are personal data and information on the personal accounts of many applications and sites, whether submitted by the user to identify his identity for authentication, or published or exchanged with others through these applications. The multiplicity of places where data and personal information are stored increases the chance of gaining access to them, especially with the varying methods and tools of security used by these places, some of which may be more vulnerable to penetration due to defects in the code or the existence of backdoors, whether planted by certain parties or deliberately made available by the application programmers themselves for illegal purposes. On the other hand, the multiplicity of storage places may make obtaining integrated information that can be used for extortion purposes more difficult, but it is usually possible to access all the places on which there is data and personal information belonging to a person through any of his computers, and sometimes some computers that he uses on an ongoing basis, or accidentally without owning them, for example, computers owned by workplaces, or computers available in centers that provide paid services for their use.
Most computers of all kinds today are connected to the Internet throughout their uptime, in the case of smartphones, this usually means that they are connected to the Internet 24/7. When a computer is connected to the Internet, there is no need for physical access to it to hack into it. However, there are groups of people who have physical access to computers, which makes it easier for them to hack them.
With billions of people connected to the Internet today, each of them theoretically represents an opportunity to commit the crime of electronic extortion. It does not require any form of personal acquaintance between the perpetrator and the victim. This is what led to the transformation of the crime of electronic extortion into a permanent craft that some people practice professionally and achieve huge profits from it.
Although personal acquaintance between the offender and the victim is not in any way a condition for committing the crime, this acquaintance, if available, provides a greater opportunity to commit it. Usually, the crime in such a case is more personal than professional. This makes electronic extortion an ideal tool to harm anyone with the aim of settling personal scores with them. It is also what makes personal relationships on the Internet less secure. In the event of a personal dispute and escalation to the point of hostility and desire to harm, there is always a great chance that one of the parties will resort to exploiting the personal data of the other party to blackmail him. Obtaining personal data (photos, videos, etc.) in this case may not require hacking into the victim’s computer or one of his accounts on social media sites and others, as this data may have been in the possession of the perpetrator from the beginning, and he may have obtained it in a legitimate way.
Access to digitally stored personal data is easier
Digitally stored data at the present time is more connected to the outside world than any data stored in a traditional way. Digitally stored data is also connected to the outside world in multiple ways and at different levels, which is unparalleled in the case of data stored in traditional forms. Accordingly, the procedures for securing digitally stored data are also much more complex than the procedures required to secure data stored traditionally in a specific location, with which it may be sufficient to put a strong lock to prevent physical access to its contents. The complexity of procedures for securing digitally stored data is not only related to the multiplicity of ways to communicate with the outside world, but also to the level of technical skills required to implement and follow up. For example, in our time, the user of computers connected to the Internet can no longer suffice with simply installing an anti-virus application to be assured that his computer and what is on it is actually safe. It requires at least some amount of knowledge that enables the user to obtain information that allows him to secure his computer as well as his accounts on the Internet, his e-mail, etc. This information is usually available, but in most cases, it cannot avoid the use of some technical terms and concepts that are still outside the scope of the general knowledge of the average user.
What corresponds to the complexity of procedures for securing information systems, including personal computers, is the ease and multiplicity of ways to penetrate these systems to obtain the personal data and information stored on them. There are many groups of people the nature of their work may allow them to have physical access to the personal computers of others, and they usually have the necessary technical knowledge to extract data and information from them. Securing devices against hacking by those belonging to these groups is very difficult, and at the same time, the lack of experience of ordinary users leads them not to pay attention to the danger of allowing others to access their devices without monitoring them. More broadly, it is theoretically possible for anyone connected to the Internet to try to hack any information system connected to it. Depending on the level of technical knowledge of this person, he can practically succeed in penetrating many information systems that are not sufficiently secured. Most of these systems are the personal computers of ordinary users.
The risks of committing the crime are lower and the possibility of impunity is greater
Committing the crime of electronic extortion does not require a previous relationship or acquaintance between the perpetrator and the victim, which reduces the chances of the victim knowing the perpetrator. However, even if there is a previous relationship or acquaintance between the perpetrator and the victim, the perpetrator can still hide his identity from the victim, as means of electronic communication provide multiple options for anonymity. Hence, the perpetrator, if he is keen on this, can maintain the victim’s ignorance of his identity, and thus excludes the possibility that the victim would try to deal with him by his own means. It may also make it difficult to reach him in the event that the victim decides to report to the authorities that he has been subjected to the crime of electronic extortion.
On the other hand, the perpetrators of the crime of extortion in general, and electronic extortion in particular, rely on the fact that the victim will avoid resorting to the authorities to report the crime. This is because in most cases reporting the crime can lead to the effect that was originally the subject of the perpetrator’s threats, i.e. the disclosure of personal data or information that would cause various harms to the victim. In other words, if avoiding these damages is what prompts the victim to comply with the perpetrator’s demands, whatever they may be, then the chance of their occurrence through the disclosure of data and information at any stage of the authorities’ follow-up leaves the victim with practically no other choice but to implement the perpetrator’s demands.
The avoidance of victims of electronic extortion crimes reporting them does not distinguish these crimes from their traditional counterparts, whose victims usually do not resort to the competent authorities either. This leads to impunity for the perpetrators of most of these crimes. What differs in the crimes of electronic extortion is, first, the possibility of the perpetrator concealing his identity and working to ensure that it is not possible to reach him if he is reported. This is more likely if the offender has sufficient technical experience. Secondly, the perpetrator of the crime of electronic extortion may be residing outside the borders of the country in which the victim resides. This makes it impossible to continue any legal proceedings against him in the absence of any international laws regulating countries’ cooperation to confront the crime of electronic extortion, or in fact any other cybercrime. Hence, while it is quite easy to commit the crime of electronic extortion across borders, tracking the perpetrator across borders is practically impossible, which makes his impunity inevitable.
The relationship between the crime of electronic extortion and the right to privacy
The crime of electronic extortion always depends on the use of personal data and information and depending on the method of obtaining this data and information, this crime violates the right to privacy in one of two ways or both together. If the perpetrator obtained personal data and information through hacking into one of the victim’s computers, hacking into a network connected to one or more of his devices, or hacking one or more of the victim’s accounts on Internet applications and websites, this in itself is a violation of the victim’s right to privacy. In all cases, the crime of electronic extortion involves a threat to publish or disclose personal data or information, either in public or to a limited number of persons, or to a person or entity, and in any of these cases, the publication or disclosure of personal data or information constitutes a violation of the right to privacy.
The theoretical concept of the right to digital privacy is the right of a person to have complete control over his personal digital data in all its forms, and this specifically includes his choice or his express consent to the possibility of any person or entity accessing all or any part of this data. The person’s control over his digital data and information also includes his right to determine the actions he authorizes for those who have him access to any part of this data, including his permission to view the data, to show it to others, or to publish it. The person or entity that has obtained access to this data or information shall not have the right to dispose of it outside the limits authorized by its owner. The foregoing means that proving that the offender obtained the personal data or information in a legal way does not mean at all that he has the right to share it with others or publish it publicly. This also applies to shared data or information, meaning that it belongs to more than one individual. In this case, if the offender is one of those sharing this data, he is not allowed to dispose of it in a way that violates the privacy of those who share it.
On the other hand, measures aimed at protecting the right to privacy within the framework of an institution or within the framework of social networking platforms on the Internet and other applications can reduce the possibility of the occurrence of electronic extortion crimes. For example, if these entities are committed to preventing the publication of personal material without the express consent of the owners, this will limit, at least in some cases, the possibility of threatening to publish this material. The concern of the various parties to prepare, implement and publish clear policies to protect the privacy of those who possess or control their personal data by virtue of a work relationship, membership, or otherwise, can also help reduce the possibility of the occurrence of electronic extortion crimes to some extent.
The crime of electronic extortion and the right to personal freedom
The relationship between the right to personal freedom and the crime of extortion in general and with the crime of electronic extortion, in particular, is more complex and less clear than the relationship between the right to privacy and both. The entry to this relationship is that in most cases, as long as the subject of the threat of exposure is not a legally criminal act, what the perpetrator threatens to expose falls within the framework of the personal freedom of the victim, even if for any reason he does not wish to be known by some or all. The right to personal freedom includes, in addition to the right of a person to do what he desires as long as it is not criminalized by law, his right to determine who is entitled to know firsthand what he is doing or to know about it in any way and who is not entitled to do so, and this is the area in which the right to personal freedom overlaps the right to privacy.
Cyber extortion crimes violate the right to personal freedom as a potential threat that deters the exercise of this right. This violation is shared by all the perpetrators of this crime. But more generally, what makes the crime of electronic extortion possible when it comes to the threat of disclosing personal data or information related specifically to the victim’s practice of an act that falls within the framework of his personal freedom is the social structure that makes the person fears its disclosure. The prevailing traditions and values in a society that criminalize actions that fall within the scope of the personal choices of individuals make the crime of electronic extortion possible. This leads to the varying possibility of the occurrence of the crime of electronic extortion and the varying material and psychological consequences of it from one society to another, as well as between one social group and another.
Girls and women in the most conservative societies are undoubtedly the groups most likely to be victims of electronic extortion crimes and by a large margin from other social groups. Societal punishments for the actions that women belonging to this category can carry out in violation of the traditions and customs of society range from a scandal that limits the victim’s opportunities to live a normal life in varying proportions to threatening their safety and their very life. This leads to the consequences of falling victim to the crime of electronic extortion, even if the perpetrator does not carry out his threat. If we look at this situation within the framework of society’s responsibility to protect the right of its members to personal freedom, we can see clearly that the society itself is the first culprit that commits the crime of violating the personal freedom of its members, especially vulnerable groups, especially girls, women, lesbians, gays, transgender men, and women, and people with beliefs and religions whose existence the majority of society does not accept.
Different approaches to legally deal with the crime of electronic extortion
There is still no international legal instrument to deal with all types of cybercrime, including the crime of electronic extortion. In fact, this is an extension of the situation of all matters related to cyberspace and the Internet, as there are not yet any international treaties or covenants to deal with the various affairs of either of them, despite their enormous importance in the daily life of humans in a world that has come to live in the digital age, and despite that many of these affairs have become a very important and sometimes dangerous impact on international relations. The reason behind this is that there are deep differences between countries and their various blocs and alliances over everything related to cyberspace and the Internet. These differences relate to general approaches, basic principles, and each country’s view of what the future of the internet should be.
With the foregoing, since the beginning of 2022, negotiations have begun under the umbrella of the United Nations to reach an international agreement to deal with cybercrime, or, according to the official expression agreed upon by countries, “confronting the use of information and communication technologies for criminal purposes.” It was possible to reach this title for negotiations after a disagreement between countries over the definition of cybercrime, specifically about whether the new agreement will include only cyber-dependent crimes, which are crimes related exclusively to the use of the Internet, or will it extend to the crimes made possible by Cyberspace, Cyber-enabled crimes, which are traditional crimes that can also be committed through the Internet, including the crime of electronic extortion. Noting that hacking information systems (computers and their networks, etc.), which is often associated with the crime of electronic extortion, is a crime based on cyberspace.
The legal arsenals of almost all countries include legal articles that criminalize and punish extortion. Generally speaking, at least in theory, these laws can be applied in the case of electronic extortion, given the availability of the elements of the crime of extortion. What makes the practical application of laws that punish extortion in its traditional form to the crime of electronic extortion difficult at times is that first, state laws do not include reliance on electronic evidence in the investigation and criminal trial procedures. It is a problem that many countries have already dealt with, and their procedural laws have adopted electronic or digital evidence so that it is considered as physical evidence of the occurrence of a crime. In the case of the crime of electronic extortion, the electronic evidence relates to each of the contacts made by the offender to the victim, through which it was reported that he threatened him and demanded payment from him for not carrying out this threat. Physical evidence images in this case can include text, audio, or video messages through any web application.
Even in cases where local laws deal with electronic extortion crimes directly, taking into account the authenticity of the electronic evidence, these laws remain clearly deficient in achieving the deterrence factor associated with the imposition of punishment for the criminal act, i.e. the certainty of the offender that he will be subject to punishment in the event that he commits a crime. committing his crime. This deterrent factor is not achieved in cases where the perpetrator is outside the legal authority of the judicial authorities and the law-enforcement agencies that the victim can resort to. This is the case in the absence of a way to trace the perpetrator if he resides in a country other than the one in which the victim resides.
How can the crime of electronic extortion be reduced?
Paying attention to electronic and cyber security procedures at the personal and institutional levels
Protecting information systems from unauthorized access is the cornerstone for protecting users of these systems from becoming victims of electronic extortion crimes. The concept of an information system is very broad, and it includes many images of varying size, starting with a single computer and the like, such as smartphones, and reaching huge networks, including the Internet, which can be viewed as an information system, even if it is open, meaning that access to it is available to everyone. He wants and can, so there is no such thing as unauthorized access to the Internet. Otherwise, all networks and computers are considered information systems that have conditions for access to them, and any access that does not apply to these conditions is considered unauthorized access.
While the responsibility for securing personal computers in all their forms rests with their owners, the various institutions that use internal networks connected to the Internet are responsible for securing this network from all forms of unauthorized access, and this responsibility is not only related to protecting the data and information of the institution, but extends to The personal data and information of its employees and those who are connected to its internal network, whether by devices owned by it or owned by them, and whether this data and personal information are kept by the institution for work purposes, or it is present on devices connected to its network.
Relevant government institutions should protect the victims
Government institutions that deal with various crimes, including the crime of electronic extortion, bear an important responsibility in limiting the spread of this crime and work to provide a deterrent factor through the enforcement of relevant laws. However, above all, these institutions, which include the police, investigation agencies (public prosecution and investigative judges), and the judiciary, are responsible for making the option of reporting the crime more likely for the victim than the option of submitting to the perpetrator’s demands, whatever they may be. Specifically, the option of informing the competent authorities about a person’s exposure to a crime of electronic extortion is not better than complying with the perpetrator’s demands if this notification and the subsequent procedures lead at any stage to the publication of personal data and information originally used to blackmail the victim, in any way that is achieved. What the victim was trying to avoid.
Providing legal protection, that is, according to clear legal articles, for the privacy of victims in electronic extortion crimes, and the commitment of the various relevant authorities to these articles without any negligence, in all stages of follow-up reporting and investigation of the extortion incident and referral to trial until the stage of conviction and execution of the penalty, are extremely important It is necessary to encourage those who are subjected to this crime to resort to the authorities and report it. The articles of the law should also include deterrent penalties for anyone who discloses data or information that would violate the privacy of the victim, especially when it includes data or information that is the subject of the crime of extortion itself, and this includes all employees and men of judicial bodies whose work is related to the course of investigations and trial.
Human rights advocacy seeking to amend the traditions that support the spread of the crime of extortion
Human rights bodies concerned with digital rights and the right to privacy must pay greater attention to the aspect of community advocacy, i.e. propaganda to disseminate human rights concepts in society, with a greater focus on working on society’s acceptance of the concept of personal freedom for the individual in particular. From what was previously mentioned in the section on the relationship between the crime of electronic extortion and the right to personal freedom, it becomes clear that a large percentage of the crimes of electronic extortion would not have been committed or would have been possible in the first place had it not been for the fact that the social environment forces individuals to hide practices or facts about them that are involved in the framework of their personal freedom. Working to modify this social environment so that it is more open to difference and more respectful of the right to personal freedom can significantly limit the spread of electronic extortion crimes. The effort required to achieve this is supposed to be shared by state and media institutions, but in light of the current circumstances, it is not possible to rely on any of these institutions if the human rights institutions do not work first to attract their interest to play this role.
Another role that human rights organizations and other relevant non-governmental organizations can play relates to providing a form of protection for the victim of electronic extortion crimes if it is not possible to guarantee that the concerned authorities will provide this protection. Sometimes the perpetrator can be dealt with to stop threatening the victim. At other times, the victim can be protected from the societal consequences that he fears, or their impact on him can be mitigated.
Finally, there is a great role to play in raising awareness of the risks involved in connecting to the Internet and using its websites and applications without taking into account cybersecurity measures. This goal can be achieved through various activities, including the provision of simplified practical guides, as well as training workshops on the procedures for securing personal computers and providing technical support to those who need it. It is also important to publish information about security flaws and suspicions of backdoors in various applications and to warn against their use.
This paper sought to provide a general and brief picture at the same time of the crime of electronic extortion. The paper clarified the differences between the crime of electronic extortion and the crime of traditional extortion, and through this, it appears that the crime of electronic extortion must be treated legislatively in an independent manner that takes into account its distinctive characteristics, and in particular, care should be taken of the crucial role of electronic evidence in proving the occurrence of this crime. On the other hand, the paper dealt with the relationship between the crime of electronic extortion and the right to privacy and the right to personal freedom, and no doubt providing real protection for both rights would reduce the possibility of the crime of electronic extortion.
The paper also dealt with legal approaches to the crime of electronic extortion at the international and local levels. While there are some signs of hope in reaching an international agreement to deal with cybercrime in general, the fears that some countries will use this agreement for other than their purposes, in particular, to place more restrictions on freedom of expression, and to justify more violations of the right to privacy, makes hope that it will achieve By itself, even if it has already come to light, real progress in confronting the crime of electronic extortion is not great. On the domestic side, the paper revealed the limitations of what local laws can achieve in confronting a crime whose perpetrator can exploit the cross-border nature of the Internet to ensure impunity.
Finally, the paper presented some suggestions for what can be done to reduce the crime of electronic extortion, including the roles of individuals and private institutions in paying attention to cybersecurity considerations and procedures, the role of state institutions in protecting victims of these crimes to raise reporting rates, and finally the role of civil society in raising awareness Crime and ways to reduce it, as well as in the propaganda attempt to spread the concepts of human rights in general and the right to personal freedom in particular, which could have a significant impact in reducing a large percentage of electronic extortion crimes.
In the end, it should be noted that the crime of electronic extortion in particular exploits in a large proportion of its cases the reality of gender discrimination, discrimination against sexual minorities in particular, as well as discrimination against people of different ideologies, all of which are forms of discrimination prevalent in most societies, and the most conservative ones in particular. This confirms two things. The first is that forms of discrimination against vulnerable groups in society necessarily extend to them being more likely to be victims of crime, including forms that are not directly related to discrimination against them. The second is that confronting the most general societal ills such as the rule of masculinity and discrimination against groups different from the majority is always the way to reduce many sources of threat to society and its security and the security of its members.