Ruminations on Warning Banners, Deterrence, and System Intrusion Research

• Author: Kevin F. Steinmetz
• DOI: http://doi.org/10.1111/1745-9133.12314
• Published date: 01 August 2017
• Date: 01 August 2017

POLICY ESSAY

SANCTION THREATS ON ONLINE

BEHAVIORS

Ruminations on Warning Banners,

Deterrence, and System Intrusion Research

Kevin F.Steinmetz

Kansas State University

When we consider the myriad examples of high-profile computer intrusions,

frauds, deceptions, and other illicit activities in recent times, there is perhaps

an understandable degree of public concern regarding information security.

The late modern mediascape is awash with stories of sordid security compromises and

technological high jinks. Much like when other crime panics occur, the burning question

for many is “how do we stop these criminals?” For computer-related offenses, this task has

been easier said than done. Computing and network technologies can increase the scope

and scale of offending while providing tools to obscure the identities and whereabouts of

offenders (Yar, 2013). In this context, studying—much less countering—perceived online

threats is an arduous task.

Alexander Testa, David Maimon, Bertrand Sobesto, and Michel Cukier (2017, this

issue), in their analysis, adopt a novel approach to studying a computer crime of great public

and political interest: system trespass. Similar to previous studies (Maimon, Alper, Sobesto,

and Cukier, 2014; Wilson, Maimon, Sobesto, and Cukier, 2015), the authors examine the

deterrability of computer system trespassers through high-interaction honeypot computers

under experimental conditions. Two parameters were the focus of this analysis: (1) the effect

of administrative against nonadministrative user access and (2) the presence or absence of

a warning banner foreboding the potential consequences of intrusion. These variables were

examined for their effects on the likelihood that trespassers would enter “navigation” or

“change file permission” commands on the target system. Testa et al. found that most

users trespassed into systems with root-access or administrative privileges. Sanction threats

The author would like to thank Brian Schaefer, Donald Kurtz, Howard Henderson, and Matt Nobles for their

feedback on prior drafts of this essay. Appreciation is also extended to Eugene Vasserman who was consulted

on certain technical points. Any mistakes made in this essay are the author’s alone. Direct correspondence to

Kevin F. Steinmetz, Department of Sociology, Anthropology and Social Work, Kansas State University, 204

Waters Hall, 1603 Old Claflin Place, Manhattan, KS 66506 (e-mail: kfsteinmetz@ksu.edu).

DOI:10.1111/1745-9133.12314 C2017 American Society of Criminology 727

Criminology & Public Policy rVolume 16 rIssue 3