DETERRENCE THEORY
Embedded in utilitarian philosophical principles (Beccaria, 1963 [1764]; Bentham, 1970 [1785]), deterrence theory advances the view that fear of sanctions and punishments in- hibit the involvement of individuals in deviance and crime (Cusson, 1993; Gibbs, 1975; Paternoster, 1987). Focusing on the cost aspect of the cost–benefit equation, this classic theory emphasizes the influence of the perceptions of sanctions severity, certainty, and celerity in generating effective deterrence. However, during the last three decades, this theory has been advanced in three important ways. First, deterrence scholars now dis- tinguish between the effect of punishments and sanction threats on punished offenders (i.e., specific deterrence) and the effect on the general public (i.e., general deterrence) (Paternoster and Piquero, 1995). Second, prompted by the seminal work of Becker (1968), contemporary scholars differentiate between the unique influence of objective (i.e., ac- tual risks of punishment and apprehension) and subjective sanctions (i.e., individual per- ceptions of the certainty, severity, and celerity of punishment) on the probability of an individual to offend (Paternoster, 1987). Finally, contemporary theoreticians distinguish between the ability of sanction threats to prevent criminal involvement completely (ab- solute deterrence) and the effect of punishment threats in reducing the frequency and severity of individual offending (restrictive deterrence) (Gibbs, 1975; Jacobs, 2010). Sur- prisingly, although extensive research has evaluated how the former two dimensions of deterrence shape involvement in crime by an individual (Pratt et al., 2006), only meager research has examined aspects of restrictive deterrence (Paternoster, 1987) and its impact on the expression of crime (Gallupe, Bouchard, and Caulkins, 2011; Jacobs, 1993, 1996a).
Restrictive deterrence was described by Gibbs (1975) as “the curtailment of a certain type of criminal activity by an individual during some period because in whole or in part the curtailment is perceived by the individual as reducing the risk that someone will be
of user names and passwords in their attempts to access a system, sidestepping the countermeasure of locking out a single account for failed password attempts.
punished as a response to the activity” (1975: 33). According to Gibbs (1975), restric- tive deterrence applies to offenders who committed an act of crime at least once and is concerned primarily with reduction in the frequency of offending. Specifically, because offenders believe that they will be punished for their offending at some point in time, they reduce the frequency of their offending to delay this point and exacerbate detection efforts (probabilistic deterrence).
More recent works refined these insights by Gibbs (1975) in two important ways. First, several scholars (Jacobs, 1996a; Tittle, 1980) proposed that restrictive deterrence could be a function of both specific and general deterrence. Similarly to ex-offenders, individuals who had never previously committed an act of crime also could employ restrictive deter- rence strategies while committing their first offense. Second, Jacobs (2010) proposed that along with reducing the frequency of their offending, offenders restrict the scope of their deviance using other strategies that are consistent with restrictive deterrence, including reducing the seriousness of criminal acts, engaging in situational measures that reduce the risk of detection, and switching the locations and timing of criminal events (particu- laristic deterrence).
Although Gibbs contended that the “deterrent effect of punishment is largely restric- tive” (1975: 34), systematic empirical investigations of this concept are still preliminary and relatively scarce (Jacobs, 1993, 1996a, 1996b; Jacobs and Cherbonneau, 2012; Jacobs and Miller, 1998; Gallupe, Bouchard, and Caulkins, 2011; Paternoster, 1989; Wright and Decker, 1994). Specifically, most of the prior research that has dealt with this concept has been qualitative in nature (Jacobs, 1993, 1996a, 1996b; Jacobs and Cherbonneau, 2012) and has drawn on relatively small samples (Beauregard and Bouchard, 2010; Jacobs, 1996b; Jacobs and Cherbonneau, 2012). Thus, whereas these studies have been crucial to our understating of the adoption of situational measures by offenders that reduce the risk of detection during the course of criminal incidents, they have not generated a direct link between the presence of sanction threats in the environment and the restriction of the scope of criminal activities by the offenders. Moreover, these studies have revealed little regarding the relationships between the presence of deterring cues in the environment and the progression of a criminal event. We attempt to bridge this empirical gap by ex- amining the effect of deterring messages (i.e., warnings) on the progression and duration of system trespassing incidents.
DETERRENCE AND WARNINGS
Advancing the view that a system of deterrence is a communication mechanism that informs potential offenders about the probability of someone detecting their criminal act and their likelihood of being punished for their criminal behavior, Geerken and Gove (1975) proposed that a successful deterrence process is determined by the degree to which a deterring message is conveyed to a target audience. Consistent with the assertions of Geerken and Gove (1975), we contend that posting warnings represents one important avenue for transmitting coherent deterring messages to potential offenders (Clarke, 1997; Cusson, 1993). Indeed, extensive research has assessed the effectiveness of warning signs in preventing the occurrence of criminal incidents (Coleman, 2007; Decker, 1972; Eck and Wartell, 1998; Goldstein, Cialdini, and Griskevicius, 2008; Green, 1985; Schultz and Tabanico, 2009; Schwartz and Orleans, 1967; Slemrod, Blumenthal, and Christian, 2001; Wenzel and Taylor, 2004). However, results from these studies
RESTRICTIVE DETERRENT EFFECTS OF A WARNING 37
have been mixed. A few of these works have suggested that warnings are effective in deterring illegal behavior like claim padding of insured persons (Blais and Bacher, 2007), thefts of Jobseekers’ Allowance unemployment checks (Tilley, 2005), and unsafe driving (Rama and Kulmala, 2000). In contrast, other studies have indicated that warning and deterring signs carry no effect on prostitution (Lowman, 1992), theft of cable television signals (Green, 1985), and illicit parking meter use (Decker, 1972). Still other research has demonstrated that the presence of warning signs may encourage the development of petty crimes like pickpocketing (Ekblom, 1991; Grabosky, 1996). In an effort to explain this perverse effect, Grabosky (1996) suggested that in some cases, warnings may advertise the unacceptable behavior, excite potential offender curiosity, and entice the rebellious nature of the offenders.
Importantly, although most of these studies have assessed the effectiveness of warn- ings in preventing the occurrence of a criminal event, almost no studies have investigated the effect of warning signs on the progression and duration of a criminal incident (for an exception, see Green, 1985). In line with the claims by both Gibbs (1975) and Jacobs (2010), we believe that differentiating between the occurrence and progression of a crim- inal event is of theoretical importance because although sanction threats may not prevent the emergence of a criminal incident, they may still alter its characteristics. Specifically, it could be the case that the presence of sanction threats in the environment may not cause offenders to abort the criminal event (Cusson, 1993) but simply cause offenders to change their course of criminal action (Green, 1985; Guerette and Bowers, 2009; Jacobs and Cherbonneau, 2012).
Moreover, whereas the relationships between deterring cues and crime had been ex- amined extensively in the physical world (for instance, Sherman and Weisburd, 1995), no prior study has investigated the impact of warnings on deviant behaviors that take place in cyberspace. However, extensive theoretical literature has debated the application of denial (i.e., physically preventing an attacker from obtaining a threatening technology), prevention (i.e., the use of defensive measures to disrupt an attack), and futility (i.e., using means to minimize the effect of a successful attack in the system) strategies for deterring the development of cyber attacks (Elliott, 2011; Geers, 2012; Goodman, 2010; Harknett, 1996). Although some theoreticians have proposed that because of the anonymity inher- ent in the Internet and the difficulty associated with tying cyber criminals to their crimes, the role of deterrence is minimal in the context of cyberspace (Blank, 2001; Harknett, 1996); others have proposed that attributing cyber attacks to specific individuals is not necessary for deterring the activities of cyber criminals (Goodman, 2010). Unfortunately, despite this theoretical scholarship, no empirical initiatives have been launched to assess the effectiveness of punishment threats in cyberspace. Thus, drawing on the assumption that exposure to deterrent messages is the first necessary condition to deter cyber ag- gression (Geerken and Gove, 1975; Goodman, 2010), we explore the impact of warning banners posted on computer systems on the progression and duration of system trespass- ing incidents.
THIS STUDY
One important recommendation, proposed by the National Institute for Standards and Technology for minimum-security controls in governmental, industrial, and private agen- cies (NIST, 2009), encourages information technology (IT) managers in governmental
