What Is Cyberstalking?

Although there is no universally accepted definition of cyberstalking, the term is used in this report to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property. Most stalking laws require that the perpetrator make a credible threat of violence against the victim; others include threats against the victim's immediate family; and still others require only that the alleged stalker's course of conduct constitute an implied threat.⁽¹⁾ While some conduct involving annoying or menacing behavior might fall short of illegal stalking, such behavior may be a prelude to stalking and violence and should be treated seriously.

Nature and Extent of Cyberstalking

An existing problem aggravated by new technology

Although online harassment and threats can take many forms, cyberstalking shares important characteristics with offline stalking. Many stalkers - online or off - are motivated by a desire to exert control over their victims and engage in similar types of behavior to accomplish this end. As with offline stalking, the available evidence (which is largely anecdotal) suggests that the majority of cyberstalkers are men and the majority of their victims are women, although there have been reported cases of women cyberstalking men and of same-sex cyberstalking. In many cases, the cyberstalker and the victim had a prior relationship, and the cyberstalking begins when the victim attempts to break off the relationship. However, there also have been many instances of cyberstalking by strangers. Given the enormous amount of personal information available through the Internet, a cyberstalker can easily locate private information about a potential victim with a few mouse clicks or key strokes.

The fact that cyberstalking does not involve physical contact may create the misperception that it is more benign than physical stalking. This is not necessarily true. As the Internet becomes an ever more integral part of our personal and professional lives, stalkers can take advantage of the ease of communications as well as increased access to personal information. In addition, the ease of use and non-confrontational, impersonal, and sometimes anonymous nature of Internet communications may remove disincentives to cyberstalking. Put another way, whereas a potential stalker may be unwilling or unable to confront a victim in person or on the telephone, he or she may have little hesitation sending harassing or threatening electronic communications to a victim. Finally, as with physical stalking, online harassment and threats may be a prelude to more serious behavior, including physical violence.
 

 

While there are many similarities between offline and online stalking, the Internet and other communications technologies provide new avenues for stalkers to pursue their victims.

A cyberstalker may send repeated, threatening, or harassing messages by the simple push of a button; more sophisticated cyberstalkers use programs to send messages at regular or random intervals without being physically present at the computer terminal. California law enforcement authorities say they have encountered situations where a victim repeatedly receives the message "187" on their pagers - the section of the California Penal Code for murder. In addition, a cyberstalker can dupe other Internet users into harassing or threatening a victim by utilizing Internet bulletin boards or chat rooms. For example, a stalker may post a controversial or enticing message on the board under the name, phone number, or e-mail address of the victim, resulting in subsequent responses being sent to the victim. Each message -- whether from the actual cyberstalker or others -- will have the intended effect on the victim, but the cyberstalker's effort is minimal and the lack of direct contact between the cyberstalker and the victim can make it difficult for law enforcement to identify, locate, and arrest the offender.

The anonymity of the Internet also provides new opportunities for would-be cyberstalkers. A cyberstalker's true identity can be concealed by using different ISPs and/or by adopting different screen names. More experienced stalkers can use anonymous remailers that make it all-but-impossible to determine the true identity of the source of an e-mail or other electronic communication. A number of law enforcement agencies report they currently are confronting cyberstalking cases involving the use of anonymous remailers.

Anonymity leaves the cyberstalker in an advantageous position. Unbeknownst to the target, the perpetrator could be in another state, around the corner, or in the next cubicle at work. The perpetrator could be a former friend or lover, a total stranger met in a chat room, or simply a teenager playing a practical joke. The inability to identify the source of the harassment or threats could be particularly ominous to a cyberstalking victim, and the veil of anonymity might encourage the perpetrator to continue these acts. In addition, some perpetrators, armed with the knowledge that their identity is unknown, might be more willing to pursue the victim at work or home, and the Internet can provide substantial information to this end. Numerous websites will provide personal information, including unlisted telephone numbers and detailed directions to a home or office. For a fee, other websites promise to provide social security numbers, financial data, and other personal information.

Evidence suggests cyberstalking is a growing problem

Although there is no comprehensive, nationwide data on the extent of cyberstalking in the United States, some ISPs compile statistics on the number and types of complaints of harassment and/or threats involving their subscribers, and individual law enforcement agencies have compiled helpful statistics. There is, moreover, a growing amount of anecdotal and informal evidence on the nature and extent of cyberstalking.

First, data on offline stalking may provide some insight into the scope of the cyberstalking problem. According to the most recent National Violence Against Women Survey, which defines stalking as referring to instances where the victim felt a high level of fear:⁽³⁾

·         In the United States, one out of every 12 women (8.2 million) and one out of every 45 men (2 million) have been stalked at some time in their lives.

·         One percent of all women and 0.4 percent of all men were stalked during the preceding 12 months.

·         Women are far more likely to be the victims of stalking than men - nearly four out of five stalking victims are women. Men are far more likely to be stalkers - 87 percent of the stalkers identified by victims in the survey were men.

·         Women are twice as likely as men to be victims of stalking by strangers and eight times as likely to be victims of stalking by intimates.

In the United States, there are currently more than 80 million adults and 10 million children with access to the Internet. Assuming the proportion of cyberstalking victims is even a fraction of the proportion of persons who have been the victims of offline stalking within the preceding 12 months, there may be potentially tens or even hundreds of thousands of victims of recent cyberstalking incidents in the United States.⁽⁴⁾ Although such a "back of the envelope" calculation is inherently uncertain and speculative (given that it rests on an assumption about very different populations), it does give a rough sense of the potential magnitude of the problem.

Second, anecdotal evidence from law enforcement agencies indicates that cyberstalking is a serious - and growing - problem. At the federal level, several dozen matters have been referred (usually by the FBI) to U.S. Attorney's Offices for possible action. A number of these cases have been referred to state and local law enforcement agencies because the conduct does not appear to violate federal law.

In addition, some local law enforcement agencies are beginning to see cases of cyberstalking. For example, the Los Angeles District Attorney's Office estimates that e-mail or other electronic communications were a factor in approximately 20 percent of the roughly 600 cases handled by its Stalking and Threat Assessment Unit. The chief of the Sex Crimes Unit in the Manhattan District Attorney's Office also estimates that about 20 percent of the cases handled by the unit involve cyberstalking. The Computer Investigations and Technology Unit of the New York City Police Department estimates that almost 40 percent of the caseload in the unit involves electronic threats and harassment -- and virtually all of these have occurred in the past three or four years.

Third, ISPs also are receiving a growing number of complaints about harassing and threatening behavior online. One major ISP receives approximately 15 complaints per month of cyberstalking, in comparison to virtually no complaints of cyberstalking just one or two years ago.

Finally, as part of a large study on sexual victimization of college women, researchers at the University of Cincinnati conducted a national telephone survey of 4,446 randomly selected women attending two- and four-year institutions of higher education. The survey was conducted during the 1996-97 academic year. In this survey, a stalking incident was defined as a case in which a respondent answered positively when asked if someone had "repeatedly followed you, watched you, phoned, written, e-mailed, or communicated with you in other ways that seemed obsessive and made you afraid or concerned for your safety." The study found that 581 women (13.1 percent) were stalked and reported a total of 696 stalking incidents; the latter figure exceeds the number of victims because 15 percent of the women experienced more than one case of stalking during the survey period. Of these 696 stalking incidents, 166 (24.7 percent) involved e-mail. Thus, 25 percent of stalking incidents among college women could be classified as involving cyberstalking.⁽⁵⁾

Current Efforts to Address Cyberstalking

The law enforcement response

Cyberstalking is a relatively new challenge for most law enforcement agencies. The first traditional stalking law was enacted by the state of California in 1990 - less than a decade ago. Since that time, some law enforcement agencies have trained their personnel on stalking and/or established specialized units to handle stalking cases. Nonetheless, many agencies are still developing the expertise and resources to investigate and prosecute traditional stalking cases; only a handful of agencies throughout the country have focused attention or resources specifically on the cyberstalking problem.⁽⁶⁾

Law enforcement response: awareness and training are key factors

Based on recent informal surveys of law enforcement agencies, it appears that the majority of agencies have not investigated or prosecuted any cyberstalking cases. However, some agencies - particularly those with units dedicated to stalking or computer crime offenses - have large cyberstalking caseloads. As noted above, the New York Police Department's Computer Investigation and Technology Unit and the Los Angeles District Attorney's Stalking and Threat Assessment Team estimate that 40 and 20 percent of their caseloads, respectively, involve cyberstalking-type cases.

The disparity in the activity level among law enforcement agencies can be attributed to a number of factors. First, it appears that the majority of cyberstalking victims do not report the conduct to law enforcement, either because they feel that the conduct has not reached the point of being a criminal offense or that law enforcement will not take them seriously. Second, most law enforcement agencies have not had the training to recognize the serious nature of cyberstalking and to investigate such offenses. Unfortunately, some victims have reported that rather than open an investigation, a law enforcement agency has advised them to come back if the cyberstalkers confront or threaten them offline. In several instances, victims have been told by law enforcement simply to turn off their computers.

Another indication that many law enforcement agencies underestimate the magnitude of the cyberstalking problem is the wide disparity in reported cases in different jurisdictions across the country. For example, one state attorney general's office in a midwestern state indicated that it received approximately one inquiry a week regarding cyberstalking cases and that it is aware of approximately a dozen prosecutions last year alone. In contrast, the state attorney general's offices in neighboring states indicated they have never received an inquiry into this type of behavior. Although one would generally expect some disparity in differing jurisdictions, the size of the disparity suggests that some law enforcement agencies do not have the training or expertise to recognize the magnitude of the problem in their jurisdictions.

Law enforcement response: jurisdictional and statutory limitations may frustrate some agencies

Some state and local law enforcement agencies also have been frustrated by jurisdictional limitations. In many instances, the cyberstalker may be located in a different city or state than the victim making it more difficult (and, in some cases, all but impossible) for the local authority to investigate the incident. Even if a law enforcement agency is willing to pursue a case across state lines, it may be difficult to obtain assistance from out-of-state agencies when the conduct is limited to harassing e-mail messages and no actual violence has occurred. A number of matters have been referred to the FBI and/or U.S. Attorney's offices because the victim and suspect were located in different states and the local agency was not able to pursue the investigation.

The lack of adequate statutory authority also can limit law enforcement's response to cyberstalking incidents. At least 16 states have stalking statutes that explicitly cover electronic communications,⁽⁷⁾ and cyberstalking may be covered under general stalking statutes in other states. It may not, however, meet the statutory definition of stalking in the remainder. In many cases, cyberstalking will involve threats to kill, kidnap, or injure the person, reputation, or property of another, either on or offline and, as such, may be prosecuted under other federal or state laws that do not relate directly to stalking.

Finally, federal law may limit the ability of law enforcement agencies to track down stalkers and other criminals in cyberspace. In particular, the Cable Communications Policy Act of 1984 (CCPA) prohibits the disclosure of cable subscriber records to law enforcement agencies without a court order and advance notice to the subscriber. See 47 U.S.C. 551(c), (h). As more and more individuals turn to cable companies as their ISPs, the CCPA is posing a significant obstacle to the investigation of cybercrimes, including cyberstalking. For example, under the CCPA, a law enforcement agency investigating a cyberstalker who uses a cable company for Internet access would have to provide the individual notice that the agency has requested his/her subscriber records, thereby jeopardizing the criminal investigation. While it is appropriate to prohibit the indiscriminate disclosure of cable records to law enforcement agencies, the better approach would be to harmonize federal law by providing law enforcement access to cable subscriber records under the same privacy safeguards that currently govern law enforcement access to records of electronic mail subscribers under 18 U.S.C. 2703. Moreover, special provisions could be drafted to protect against the inappropriate disclosure of records that would reveal a customer's viewing habits.

Law enforcement response: the challenge of anonymity

Another complication for law enforcement is the presence of services that provide anonymous communications over the Internet. To be sure, anonymity provides important benefits, including protecting the privacy of Internet users. Unfortunately, cyberstalkers and other cybercriminals can exploit the anonymity available on the Internet to avoid accountability for their conduct.

Anonymous services on the Internet come in one of two forms: the first allows individuals to create a free electronic mailbox through a web site. While most entities that provide this service request identifying information from users, such services almost never authenticate or otherwise confirm this information. For these services, payment is typically made in advance through the use of a money order or other non-traceable form of payment. As long as payment is received in advance by the ISP, the service is provided to the unknown account holder. The second form comprises mail servers that purposefully strip identifying information and transport headers from electronic mail. By forwarding mails through several of these services serially, a stalker can nearly perfectly anonymize the message. The presence of both such services makes it relatively simple to send anonymous communications, while making it difficult for victims, providers, and law enforcement to identify the person or persons responsible for transmitting harassing or threatening communications over the Internet.

Law enforcement response: specialized units show promise in combating cyberstalking

A growing number of law enforcement agencies are recognizing the serious nature and extent of cyberstalking and taking aggressive action to respond. Some larger metropolitan areas, such as Los Angeles and New York, have seen numerous incidents of cyberstalking and have specialized units available to investigate and prosecute these cases. For example, Los Angeles has developed the Stalking and Threat Assessment Team. This team combines special sections of the police department and district attorney's office to ensure properly trained investigators and prosecutors are available when cyberstalking cases arise. In addition, this specialized unit is given proper resources, such as adequate computer hardware and advanced training, which is essential in investigating and prosecuting these technical cases. Similarly, the New York City Police Department created the Computer Investigation and Technology Unit. This unit provides regular training for police officers and prosecutors regarding the intricacies of cyberstalking investigations and prosecutions. The training includes understanding how chat rooms operate, how to obtain and preserve electronic evidence, and how to draft search warrants and subpoenas.

The programs in New York and Los Angeles both ensure that enforcement personnel receive proper training and have adequate resources to combat cyberstalking. Other jurisdictions are also taking steps to combat cyberstalking. One of the critical steps is learning how to trace communications sent over computers and the Internet. Traditional law enforcement techniques for surveillance, investigation, and evidence gathering require modification for use on computer networks and often require the use of unfamiliar legal processes. Law enforcement at all levels must be properly trained to use network investigative techniques and legal process while protecting the privacy of legitimate users of the Internet. These techniques are similar to those used in investigating other types of computer crime. Just as a burglar might leave fingerprints at the scene of a crime, a cyberstalker can leave an "electronic trail" on the web that properly trained law enforcement can follow back to the source. Thus, technological proficiency among both investigators and prosecutors is essential.

At present, there are numerous efforts at the federal and state levels that focus solely on high technology crimes. These units do not focus on cyberstalking alone, but they have the necessary expertise in computers and the Internet to assist in the investigation of cyberstalking when it arises. For example, the Federal Bureau of Investigation (FBI) has Computer Crime Squads throughout the country, as well as the National Infrastructure Protection Center in Washington, to ensure cybercrimes are properly investigated. Additionally, they have Computer Analysis and Response Teams to conduct forensics examinations on seized magnetic media. Similarly, in 1996 the Justice Department established the Computer Crime and Intellectual Property Section within the Criminal Division. These units have highly trained personnel who remain on the cutting edge of new technology and investigative techniques. In addition, each U.S. Attorney's office contains experienced computer crime prosecutors. These individuals -- Computer and Telecommunications Coordinators -- assist in the investigation and prosecution of a wide variety of computer crimes, including cyberstalking. In addition, at the state level, several attorneys general have established special divisions that focus on computer crimes.

Although high-tech expertise is essential, police and prosecutors have developed other strategies for helping victims of cyberstalking. An Assistant U.S. Attorney reported that in two recent cases of e-mail harassment, he asked an FBI agent to confront the would-be harasser. The agent advised that such behavior might constitute a criminal offense. In both instances, the harassment stopped. Such strategies, however, are no substitute for prosecution under federal or state law in the appropriate circumstances.

A critical step in combating cyberstalking is understanding stalking in general. In many instances, cyberstalking is simply another phase in an overall stalking pattern, or it is regular stalking behavior using new, high-technology tools. Thus, strategies and techniques that have been developed to combat stalking in general often can be adapted to cyberstalking situations. Fortunately, many state and local law enforcement agencies have begun to focus on stalking, and some have developed special task forces to deal with this problem. In addition, the Attorney General submits an annual report to Congress entitled "Stalking and Domestic Violence." This report compiles valuable information about what the Department of Justice has learned about stalking and stalkers and is a valuable resource for law enforcement agencies and others.⁽⁸⁾

Cyberstalking is expected to increase as computers and the Internet become more popular. Accordingly, law enforcement at all levels must become more sensitive to cyberstalking complaints and devote the necessary training and resources to allow proper investigation and prosecution. By becoming technologically proficient and understanding stalking in general, agencies will be better prepared to respond to cyberstalking incidents in their jurisdictions. In addition, state and local agencies can turn to their local FBI or U.S. Attorney's office for additional technical assistance. Also, computer crime units and domestic violence units should share information and expertise, since many cyberstalking cases will include elements of both computer crime and domestic violence. Finally, law enforcement must become more sensitive to the fear and frustration experienced by cyberstalking victims. Proper training should help in this regard, but law enforcement at all levels should take the next step and place special emphasis on this problem. Computers and the Internet are becoming indispensable parts of America's culture, and cyberstalking is a growing threat. Responding to a victim's complaint by saying "just turn off your computer" is not acceptable.

Victims and support organizations

Because cyberstalking is a relatively new criminal phenomenon, very little public attention and resources have been committed to addressing this crime. Consequently, victims of online harassment and threats, often in collaboration with victim service providers and advocates, have had to step in to fill the void by developing their own informal support networks and informational web sites to exchange information about how to respond to these crimes effectively.

Victim service providers report that the Internet is rapidly becoming another weapon used by batterers against their victims. Just as in real life, abused women can be followed in cyberspace by their batterers, who may surreptitiously place their target under surveillance without her knowledge and use the information to threaten her or discredit her by putting misinformation on the Internet. Victim service providers recommend that victims make copies of all e-mails sent by the batterer as evidence of his stalking and advise a victim to let the stalker know that she does not want to have any further contact with him. SAFE House, a domestic violence victim service provider in Michigan, suggests that victims change their passwords often; refrain from telling anyone what the password is; do not use a password or other identifying information that the batterer/stalker can guess; set up a program that requires a password even to get on the computer; be sure to clear out the history information if programs such as ICQ, AOL Communicator, and Excite PAL, are used; remember that many chat rooms have archives that can be accessed later on by anyone; be careful about what is said in chat rooms and use an alias that is only known to good friends; be aware that if the screen name of the assailant is known, he can be blocked from tracking victims through a buddy list on AOL; and, consult the ISP about the best way to secure their account.

A focus group convened on October 30, 1998, by the Office for Victims of Crime, a component within the U.S. Department of Justice, sought to identify the needs of stalking victims, including victims whose stalkers used the Internet to track and to harass their victims. The victims at the focus group emphasized that although the response of law enforcement and victim service providers is important, stalking victims need a wide range of services from doctors, mental health providers, day care providers, welfare and child protection workers, school staff, and employers. In addition, the focus group participants indicated that community awareness and understanding of what constitutes stalking behavior is critical to the support and well-being of stalking victims. Finally, all of the stalking victims reported that the consequences of not being believed or supported, or having their fears viewed as exaggerated or unrealistic, can be devastating. Some victims feel isolated and alone, are made to believe that the stalking is their fault, lose primary relationships, or fear losing their jobs. These issues are just as relevant to cyberstalking victims as they are to victims of offline stalking.

Adequacy of Existing Laws

Although stalking has been a problem for many years, only in this decade has it received significant attention from lawmakers, policy officials, and law enforcement agencies. In 1990, California became the first state to enact a specific stalking law. Since that time, all 50 states and the District of Columbia have enacted stalking laws.

State cyberstalking laws

Less than one third of the states have anti-stalking laws that explicitly cover stalking via the Internet, e-mail, pagers, or other electronic communications. California, for example, only recently amended its stalking statute to cover cyberstalking. This law was used in the prosecution of a 50-year-old former security guard who pleaded guilty on April 28, 1999, to one count of stalking and three counts of solicitation of sexual assault after using the Internet to solicit the rape of a woman who rejected his romantic advances. While the general stalking statutes in some states may cover cyberstalking, all states should review their laws to ensure they prohibit and provide appropriate punishment for stalking via the Internet and other electronic communications.

Federal cyberstalking laws

Federal law provides a number of important tools that are available to combat cyberstalking. Under 18 U.S.C. 875(c), it is a federal crime, punishable by up to five years in prison and a fine of up to $250,000, to transmit any communication in interstate or foreign commerce containing a threat to injure the person of another. Section 875(c) applies to any communication actually transmitted in interstate or foreign commerce - thus it includes threats transmitted in interstate or foreign commerce via the telephone, e-mail, beepers, or the Internet.

Although 18 U.S.C. 875 is an important tool, it is not an all-purpose anti-cyberstalking statute. First, it applies only to communications of actual threats. Thus, it would not apply in a situation where a cyberstalker engaged in a pattern of conduct intended to harass or annoy another (absent some threat). Also, it is not clear that it would apply to situations where a person harasses or terrorizes another by posting messages on a bulletin board or in a chat room encouraging others to harass or annoy another person (as in the California case, discussed infra.).

Certain forms of cyberstalking also may be prosecuted under 47 U.S.C. 223. One provision of this statute makes it a federal crime, punishable by up to two years in prison, to use a telephone or telecommunications device to annoy, abuse, harass, or threaten any person at the called number.⁽¹⁰⁾ The statute also requires that the perpetrator not reveal his or her name. See 47 U.S.C. 223(a)(1)(C). Although this statute is broader than 18 U.S.C. 875 -- in that it covers both threats and harassment -- Section 223 applies only to direct communications between the perpetrator and the victim. Thus, it would not reach a cyberstalking situation where a person harasses or terrorizes another person by posting messages on a bulletin board or in a chat room encouraging others to harass or annoy another person. Moreover, Section 223 is only a misdemeanor, punishable by not more than two years in prison.

The Interstate Stalking Act, signed into law by President Clinton in 1996, makes it a crime for any person to travel across state lines with the intent to injure or harass another person and, in the course thereof, places that person or a member of that person's family in a reasonable fear of death or serious bodily injury. See 18 U.S.C. 2261A. Although a number of serious stalking cases have been prosecuted under Section 2261A, the requirement that the stalker physically travel across state lines makes it largely inapplicable to cyberstalking cases.

Finally, President Clinton signed a bill into law in October 1998 that protects children against online stalking. The statute, 18 U.S.C. 2425, makes it a federal crime to use any means of interstate or foreign commerce (such as a telephone line or the Internet) to knowingly communicate with any person with intent to solicit or entice a child into unlawful sexual activity. While this new statute provides important protections for children, it does not reach harassing phone calls to minors absent a showing of intent to entice or solicit the child for illicit sexual purposes.

Thus, although current statutes address some forms of cyberstalking, there are gaps in current federal and state law. As outlined in the Recommendations below, States should review their existing stalking and other statutes to determine whether they address cyberstalking and, if not, expeditiously enact laws that prohibit cyberstalking.

Federal legislation also is needed to fill the gaps in current law. While most cyberstalking cases will fall within the jurisdiction of state and local authorities, there are instances - such as serious cyberharassment directed at a victim in another state or involving communications intended to encourage third parties to engage in harassment or threats - where state law is inadequate or where state or local agencies do not have the expertise or the resources to investigate and/or prosecute a sophisticated cyberstalking case. Therefore, federal law should be amended to prohibit the transmission of any communication in interstate or foreign commerce with intent to threaten or harass another person, where such communication places another person in fear of death or bodily injury to themselves or another person. Because of the increased vulnerability of children, the statute should provide for enhanced penalties where the victim is a minor. Such targeted, technology-neutral legislation would fill existing gaps in current federal law, without displacing the primary law enforcement role of state and local authorities and without infringing on First Amendment-protected speech.

Excerpted from http://www.usdoj.gov/criminal/cybercrime/cyberstalking.htm