'Guilt' tactics to reduce cybercrime have limited impact

Deterring criminal behavior by prompting employees with messages to reconsider their "wicked ways" can work, but success also depends on individuals, cultures and the current laws.

Deterring criminal behavior by prompting employees with messages to reconsider their "wicked ways" can work, but success depends on individuals, cultures and current laws.

Guilting employees and citizens so that they will not commit insider theft, fraud or piracy could work but only to a limited extent, and could even stir up potential legal implications.

Last month, Japan's Ministry of Internal Affairs and Communications announced it uploaded files appearing to contain popular copyrighted material on peer-to-peer (P2P) file sharing networks such as Winny and Share. Once downloaded, the file is revealed to be a message appealing users to reconsider their "wicked" ways.

The ministry also added this was a test to see how effective it can be to deter filesharing, and to generate "copyright awareness".

Such "guilt" tactics could be useful in curbing insider theft and fraud within organizations, as well as piracy and cybercrime on a national level, Joseph Steinberg, CEO of Green Armor Solutions, observed.

These messages can be appear as pop-up bars, just before employees access sensitive and critical information on their companies' system and networks, or on peer-to-peer file sharing networks similar to the move of the Japanese government, he explained.

Nelson Lee, medical director and psychiatrist of The Psychological Wellness Centre, agreed. Stirring emotion and guilt has already been used widely in advertising and has worked and this strategy is not new, he explained.

Large impact unlikely, possible legal implications
Not all will improve or correct their behavior after such a move though, Steinberg noted. It may work with "casual downloaders", and people who are conflicted about their actions, but not on cybercriminals "without a conscience", he remarked.

"The big question is whether people who get the warning will be scared to continue downloading out of fear or getting caught and into trouble," Steinberg said.

The affected personnel is also seen as a big corporation, and may not induce as much emotion as for example, an advertisement of someone in an area of famine, Lee pointed out.

Furthermore, Japan's culture is different compared to cultures in other parts of the world, Steinberg pointed out. It is not possible to extrapolate if this guilt strategy would work globally, based on the reaction of people in Japan to these guilt messages, he explained.

He added in some countries, peer-to-peer networks have terms of usage which prohibit posting materials with misleading filenames, or prohibit intimidating or otherwise adversely interacting with other users, any party who employs this strategy may violate the law.

Make message personalized with emotional connection
The key to using such a strategy to evoke strong emotions such as guilt lies in "connectedness", with a touch of personalization, Lee explained.

For example, a message to an employee collaborating with an external party for fraud or cybercrime must not focus on the ramifications on the company, but instead, impact on the employee and possibly his fellow colleagues or department who he may be "emotionally connected" to.

Employees of organizations ZDNet Asia spoke too, were apathetic about their companies using guilt tactics to curb cybercrime within the organization.

Civil engineer Bryan Tan, noted he would not be affected if his company used the guilt strategy on him and talked about the impact of his actions on the corporation. "[But] if the message discusses potential damage to me, my colleagues, family members or friends, I might feel the guilt," Tan said.

However, social media marketing executive, Jael Chua was against the move. "It is like emotional blackmail and I don't think companies should use it on their employees," she said.