It Was Wrong of an Illinois Republican to Do What He Did – But Here’s Why We Still Shouldn’t Outlaw Catfishing

[Originally published in The Independent]

To catch a catfish, you will have to cast a wide net in the digital ocean. Too wide.

Matt Hancock said new laws will make Britain the "safest place in the world" to be online

Nick Sauer, a Republican state representative from Illinois, has resigned after his ex-girlfriend alleged he created a fake Instagram account using her likeness. The account, she claims, used nude pictures of her to bait men into online sexual conversations. What Sauer has alleged to have done is commonly called “catfishing” –using a false online identity to lure people into relationships. Sauer is the catfish, and the fake Instagram account with the nude pictures was the bait.

Creating a fake identity online is not illegal in the United States. This high-profile case, however, may initiate calls for its criminalisation. I believe this would be a mistake.

The justification for a catfishing law is clear and understandable. By creating a fake identity and communicating through that identity, a person can victimise someone in any number of ways. I can think of several. Fake identities can be used to develop an intimate or romantic relationship with a person. Once the catfish has established a level of trust, the victim may divulge emotionally or personally compromising information. If the allegations brought against Sauer are true, then he has deceived men into communicating about sexual matters that they would likely want to keep private.

Sometimes the motives are ultimately financial. A victim is asked to provide money to bail someone out of a difficult situation. Thus, creating a fake identity is the first step in the infamous romance scams that cost people millions of dollars around the world each year. Fake identities can also be used by adults to lure minors into sexual relationships. This is an odious crime and fortunately is comparatively less common than the others I mention here.

It seems justifiable, then, that creating a fake identity is a first step towards the eventual victimising of someone, and therefore it should be criminalised.

But the ability to create a false identity is fundamental to a liberal, democratic society in the 21st century.

Here are a few scenarios:

A young person may be considering a change of identity – gender, religious, political.  They may wish to explore this identity away from their current social networks. They may want to connect with and interact in online forums that explore aspects of the new identity. They will need the freedom to create a new persona and interact with others without obligating themselves. A law prohibiting the use of false online identities would restrict freedom of expression.

Or, consider a journalist or whistleblower who wants to share sensitive information about government or corporate misconduct without revealing their identity. Speaking truth to power may require creating a fake Facebook or Twitter account. If creating a false identity is criminalised, then they will be constrained in how they can communicate this sensitive information. A law prohibiting the use of false online identities would restrict freedom of speech.

To catch a catfish, you will have to cast a wide net in the digital ocean. Too wide.

Many of the actions facilitated through the creation of a false identity are already criminalised. Fraud – stealing money through deception and defamation – using the real name or likeness of a person as in the allegations made against Sauer, are both illegal.

A better solution, then, is to preserve the right to create a false identity online and instead invest in educating the public and training local law enforcement to investigate cybercrimes. The American narrative surrounding online crime has focused disproportionally on how to protect government and corporate networks. Billions of taxpayer dollars are invested in upgrading computer networks, providing research grants to cybersecurity researchers developing technologies to be used by government and corporations, and funding scholarships for students who will inevitably work in these venues. By and large, these are wise investments.

However, what gets lost in the shuffle are the cybercrimes visited upon everyday individuals. Only a tiny fraction of taxpayer dollars are devoted to digital literacy programs and the training of local law enforcement. If we educate our citizens so that they can better detect catfishing attempts and other types of online deception, we can preserve our civil liberties.


The difference between cybersecurity and cybercrime, and why it matters

A Texas woman in her 50s, let’s call her “Amy,” met a man online calling himself “Charlie.” Amy, who lived in Texas, was in a bad marriage. Charlie said he was a businessman and a Christian, and wooed her. “He was saying all the right things,” Amy later told the FBI. “He was interested in me. He was interested in getting to know me better. He was very positive, and I felt like there was a real connection there.” Early on, Charlie told her he was having some problems with his business and needed money. She wanted to help.

From 2014 to 2016, she sent him US$2 million – often in installments of a few thousand dollars at a time, always hoping and expecting to get paid back. After she alerted the FBI, two Nigerian citizens were arrested near Houston – both pleaded guilty to wire fraud charges in connection with Amy’s relationship with Charlie. The person who played the character of Charlie has not been identified.

This story is a cautionary example of a crime that happens online. But most advice for avoiding online dangers – like having long passwords, using two-factor authentication and encrypting data – wouldn’t have helped Amy.

The crime that befell her has nothing to do with cybersecurity. It’s cybercrime, a human-centered crime committed in a digital environment. There are more of these each year: In the U.S. in 2016, 298,728 complainants reported losing more than $1.3 billion in various types of cybercrimes, including romance scams but also involving fraudulent online sales, extortion, violent harassment and impersonation scams, among others. As a social scientist who studies online behavior and as the program coordinator for one of the few cybercrime undergraduate programs in the United States, I find it unfortunate that problems like Amy’s get relatively little national attention, especially compared to cybersecurity.

Understanding the differences

Cybersecurity is not merely a set of guidelines and actions intended to prevent cybercrime. The two types of problems differ substantially in terms of what happens and who the victims are, as well as the academic areas that study them.

Cybersecurity is ultimately about protecting government and corporate networks, seeking to make it difficult for hackers to find and exploit vulnerabilities. Cybercrime, on the other hand, tends to focus more on protecting individuals and families as they navigate online life.

The U.S. has created several initiatives to improve its cybersecurity, including investments in cybersecurity education and expanding efforts of government agencies.

Unfortunately, upgrading official networks and training future generations of cybersecurity professionals will not necessarily benefit people like Amy. Technical solutions won’t solve her problems. Social science research into human behavior online is how to help millions like her learn to protect themselves.

Little research

One of the few studies on romance scams like the one that ensnared Amy suggests that there are three stages to these types of cons. It starts with the criminal engaging in intense online communications with the victim. In Amy’s case, Charlie undoubtedly contacted her repeatedly as their relationship began. That built her trust and lowered her defenses – and commanded much of the time and energy she had for social interaction.

Once the victim is isolated from other interpersonal social experiences, the illusion of connection and interdependence can deepen. Charlie no doubt kept this illusion alive any way he could, taking as much of Amy’s money as he could. In the third and final stage, the target finally sees through the veil and learns that it’s all been a scam. That’s when Amy, urged by her financial advisor, suspected fraud and called the FBI.

More research on cybercrime could help deepen scholars’ and investigators’ understandings of how these social science problems play out online. To my knowledge there are just four cybercrime programs at residential four-year colleges. With more effort and investment, academics and law enforcement could learn more and work better together to identify and protect the real people who are at risk from these online criminals.