Why Sue The Victim of a Cybercrime?
There will always be crime in some form or fashion. According to Thomas Holt and Adam Bossler in their scholarly book, Cybercrime in Progress, society's reliance on technology has affected the nature of crime and deviance in the modern world, giving rise to cybercrimes, or offenses enabled by technology.
How to Classify Cybercrime?
Even the definition of cybercrime has evolved over the decades since the first computer crime law was drafted in 1978, in Florida, making unauthorized access to computer systems a third degree felony. There used to be a distinction between “cybercrime” and “computer crime.” But, as all forms of computing, from mobile phones to smart watches, are now internet enabled, and the Internet of Things invades everything we do, the term cybercrime is generally used to refer to offenses that can occur in online environments.
The popular forms of cybercrimes include data breaches, ransomware and identity theft. There are cybercrimes that do not garner much media attention, such as cyberstalking, cyber bullying, cyber extortion, defamation etc.
One might argue that crimes such as stalking or bullying were, and still are, crimes even without the internet. No need to classify them as cybercrimes. Even a data breach could be considered plain old theft. But, for reasons related to allocating appropriate resources, funding, investigation, and penalties, it is necessary to differentiate between physical world crimes, and cybercrimes (thus, cyberstalking is different from stalking). If we don’t recognize and acknowledge this new breed of crime, we will overlook the dangers in cyberspace.
I may cause a bit of controversy, but anyone who thinks it is possible to eradicate cybercrime must believe in a Utopia (a fantasy world). We must acknowledge that cybercrime is the natural evolution of crime as we live in a digitized society. We should always endeavor to prevent crimes and punish the wrongdoers, but we will never eliminate crime.
Victims Are Being Punished Twice
Now, here’s the real reason I started down this train of thought: Why are companies being sued for being the victims?
Companies that have suffered a data breach, ransomware attack or lost funds through hacking are inevitably sued for failing to take reasonable measures to avoid being the victim. Can you imagine a person being sued because he/she was the victim of theft, assault or battery. It sounds cruel, but that is exactly what happens to companies that have been victimized by cybercriminals.
Yes, I agree that if a company totally ignored a cyber-threat and that caused harm to consumers, then perhaps our legal system should be used to make things right. This is the concept behind products liability lawsuits: companies can’t 100% eliminate products from being faulty and causing harm, but if the company was aware of the faulty product and did nothing, then the company needs to answer some tough questions and probably compensate injured consumers.
The Judicial System To the Rescue
As for cybercrimes, I don't want to engage in a philosophical argument over concepts of ethics, but something seems wrong with our moral compass if we punish the victims. It’s like suing a bank for being robbed. Even with the best security, robberies still happen.
From a practical perspective, consumers will continue to sue companies that have been victims of a cybercrime, but the judicial system should only punish companies that were intentionally or grossly negligent.
So, I may have answered my question: consumers will sue victims of cybercrimes to deter them from being intentionally or grossly negligent in the cyber-age . . . or to get lots of money ;-)
~ Florida Cyber Lawyer, Robert Stines, Esq., CIPP