Risky Business: Why People Feel Safe in Sexually Expicit On-Line Communication
Address:Department of Communication, Purdue University, Liberal Arts & Education Building, 2114, West Lafayette IN 47907-1366, USA.
This article defines contextualizes basic types of CMC as electronic counterparts to other forms of communication. It then discusses the ways in which message privacy and security can be compromised in the electronic environment and reports a survey study of individuals who engage in potentially embarrassing forms of CMC via USENET newsgroups. The questionnaire asked respondents how risky they perceived their communications to be and why they felt secure enough to engage in “risky” communication. Survey results were equivocal on the question of user perceptions of privacy, but indicated that the perceived risk was low in this sample group. Finally, the chapter discusses implications and proposes an agenda for future research.
I wanna feel your viscosity, honey,
Melt my rheological mind;
Let your female forcefield vortex
Deform my male spacetime.
Nick Herbert, “Does She do the Vulcan Mind Meld on the First Date?”
Flaming and Fantasizing in Cyberspace
Cybersex, computer dating, and net sex are prevalent buzzwords in popular press and daytime talk shows. As the tongue-in-cheek excerpt above suggests, computer users are enthusiastically exploring “safer sex” alternatives. Exchanges of pornographic pictures, X-rated email, and computer chats that are nothing less than sexual encounters are wildly popular, and magazines such as Boardwatch run numerous ads for sexually explicit BBSs. Clearly, in the electronic environment, embarrassment or even disaster can occur as the result of a mere keystroke. Knowing this, why would a user engage in computer-mediated communication (CMC) that creates personal or professional risk? The study described in this chapter asks computer users who participate in potentially embarrassing CMC how risky they perceive their communications to be and why they feel secure enough to engage in those actions. First, this paper provides basic definitions and contextualizes CMC.
From Fliers to Fiber Optics: Communicating in the computer age
The symbolic nature of electronic communication is well recognized (e.g., Short, Williams, and Christie, 1976; Sitkin, Sutcliffe, and Barrios-Choplin, 1989). In fact, the symbols of CMC are limited and tend to constrain the discourse in ways unique to the medium. CMC systems usually support only a “low-end ASCII” character set. This means the communicator is restricted to American upper and lower case letters and numerals, and some commonly-used mathematical and punctuation symbols (e.g., “$,”“%,”“(),”“+,” etc., omitting umlauts and other European characters). Therefore, the sender and receiver must rely on a fairly narrow set of predetermined symbols with which they endeavor to create and share meaning.
As a form of interpersonal communication, all varieties of email and public boards lack many cues that serve to regulate social interaction (Culnan and Markus, 1988: 426-427). Here, the medium is the message, not in the McLuhan sense, but in a structurationist sense (e.g., Contractor and Eisenberg, 1990; Giddens, 1976; Poole and McPhee, 1983; Riley, 1983). The medium's symbolic meaning becomes both a product of and a constraint upon the communication process, as illustrated by the emergence of an infant “email etiquette,” (Shapiro and Anderson, 1985) complete with symbols and conventions that, while continually evolving, are largely accepted system-wide, and often inter-system. Abrasive, even abusive electronic communication is common enough to have been dubbed “flaming,” a term unique to the medium.
Although electronic groups may consist of unseen members who do not occupy shared physical space and who interact asynchronously, Finholt and Sproull (1990) report that they tend to behave like social groups. Furthermore, communicators develop social alliances, and heavy users actually tend to form new friendships via computer-mediated means (e.g., Hellerstein, 1985). In other words, shared meaning in cyberspace seems to include a unique user behaviors as group norms and practices emerge. In some cases, those behaviors are of a nature usually reserved for intimate encounters (e.g., Furniss, 1993), both on bulletin boards and in private email.
While public bulletin boards typically are read by groups of people who share similar interests, email can be used to communicate one-to-one or one-to-many. Person-to-person, “private” email is the computerized equivalent of correspondence in the federal postal system (colloquially known as “snail mail” in high-tech circles). The email user composes a message and sends it via a computer network to a recipient or several recipients at other locations. But unlike the postal system, or the telephone system, for that matter, the law does not fully protect privacy of email. User accounts are protected under the Electronic Communications Privacy Act (ECPA) of 1986, which amends the federal wiretap law and makes accessing stored electronic messages by breaking into an electronic system or exceeding authorized access a criminal offense (Hernandez, 1987). But a manager, investigator, or system administrator (sysop) with global access to the computer system (God powers) is capable of monitoring any electronic message. Furthermore, recipients can and do forward email with the touch of a button to other users, and the messages may be captured and archived on computer disks without the knowledge of the original author. It is the naive user who ignores the reality that somehow, somewhere, someone can read and preserve privately posted messages. Email privacy can be compromised in other ways, too, if a user is unwise or careless. Krol (1992) lists four ways in which computer security is compromised, in descending order of likelihood: (i) choosing bad passwords; (ii) importing corrupt software by valid users; (iii) entering through misconfigured software; and (iv) entering through an operating system security flaw. He cautions the user to remember that computers, not people, crack passwords, and most of those attempts are based on words from the dictionary. Indeed, some systems will not permit users to use dictionary words as passwords. But some universities use Social Security numbers for user passwords, making email security more of an illusion than a reality.
Various systems impose different balances of privacy and censorship. Some systems, most notably CompuServe, have a reputation for maintaining correspondent privacy. Pornographic, scanned, full-color photographs are sent with great abandon and enthusiasm between some CompuServe subscribers with no recrimination nor interest from CompuServe staff. Other systems, ostensibly valuing standards over privacy, go so far as to censor “private” messages. The widely-used Prodigy network, for example, has been under fire for maintaining a policy of censorship (Lewis, 1990: p. F8). For subscription services like CompuServe and Prodigy, of course, these decisions probably are economically based. Unless a user subscribes to limited “Basic Services,” CompuServe charges for connect time. Sending and receiving heavy graphics or “chatting” (described later in this paper) keeps the user online. Prodigy is altering its billing system, but it historically has not charged for connect time and has no realtime “chat” modes. Its focus is family, and it encourages online shopping to generate revenues. But no matter how computer services remain fiscally viable, the issue of privacy is problematic for all systems. Indeed, “system administrators seeking to deliver misaddressed electronic mail can hardly avoid reading the messages” (Turner, 1991: A13). Miller (1992: p8F N) suggests that employees should “assume [email security] …doesn't exist.” In other words, the term “email privacy” is an oxymoron.
Privacy problems also arise on the systems known as electronic bulletin board services (BBSs). Typically operated privately, these bulletin boards post messages that are the electronic counterparts to those pinned on physical bulletin boards. The messages are readable for all who care to call the service and log onto the system. Some systems permit “private” messages on the bulletin boards, which makes them invisible to the casual reader, but readable to the intended recipient (and the sysops). One might say they are posted on the bulletin board in electronic envelopes, which, although sealed, are by no means secure. Clearly, the security of both forms of electronic communication is questionable, particularly if not encrypted–and most email messages are not.
Rights and Responsibilities: Thorny questions for system administrators and users
Where does system responsibility end and user right to privacy begin?Kahn (1989) describes the all-too-common phenomenon of a computer user dialing up a local BBS, logging in with her secret password, and being “deluged with lewd electronic mail from complete strangers and hostile messages from persons with whom she believed she was on friendly terms” (p. 1). The BBS user eventually realizes she is the victim of a computer “hacker” or “phreaker;” her password was pirated, and someone has been electronically impersonating her.
Let's assume our local BBS user is enraged by the public humiliation of the offensive public messages. Is he justified in suing the sysop and/or the owner of the BBS for defamation? Most BBSs, the university BBS included, are run at a loss by volunteers (Riddle, 1990). Must the sysop monitor all messages and be responsible for those in poor taste or of a defaming nature? High volume boards make message-by-message monitoring nearly impossible.
Many organizations, including academic institutions, are struggling with issues of balance between system security and system standards vs. freedom of speech and privacy. This problem is made thornier by the popularity of email lists, often with huge memberships, that are devoted to adult topics. On the Internet, for example, four of the fifteen most popular newsgroups focus on sexual topics, including erotic arts, stories, and bondage (Reid, 1993). Turner (1991: A13) notes that in local, university-owned systems, “The kinds of messages once limited to lavatory walls are now causing problems on campus computer networks–for reasons that may have as much to do with technology as with moral standards.”
In addition to security compromises, much of what feels like a private interaction between user and computer is, in fact, very public on many computer systems. Unix systems, for example, support a command that allows users to determine who else is on the system at a given moment. The IRC, often accessed under pseudonyms or handles, permits callers to determine the real electronic mailing addresses of other users. It is even possible to obtain information about users after they have left the system, and falsifying one's true mailing information can lead to access denial. Many private BBSs make available lists of recent callers and the times they called. Some even list, in terms of bytes, how much a caller has posted to the system.
Privacy difficulties arise from user error, as well as from external monitoring. The user always is a mere keystroke away from disaster, and can send a message to the wrong party, or even to large groups of people, with a single typographical slip-up: “One job-seeker mistakenly sent his resume and a letter to a 1,000-person mailing list rather than to the hiring manager, [inadvertently] divulging salary demands and why he wanted the job” (Keubelbeck, 1991: E2).
Anyone using CMC undoubtedly is aware of the flurries of media attention paid to the issue of security and privacy in electronic mail systems (e.g., Anderson, Johnson, Gotterbarn, and Perolle, 1993; Keppel, 1990; Moore, 1992; Reynolds, 1990). Organizations and individual users, alike, are discovering the complexities of communicating in a unique medium. Horror stories abound (e.g., Lewis, 1990; Solomon, 1990; Keubelbeck, 1991).
Michael F. Cavanagh, executive director of the Electronic Mail Association in Arlington, VA, sees the problem as one of balance, and suggests that “The juxtaposition of that LAPD situation and the public's right to know what was on the tapes with the issue of how to have a secure workplace illustrates how complex the issue is” (Keubelbeck, 1991: E2).
The corporate sector toes a similar fine line between electronic supervision of employees and invasion of their rights. Miller (1992) notes that although it's against the law for organizations to monitor employee telephone conversations, even on a company-owned phone, the regulations concerning email are less clear. A case that may change this is reported by Kapor (1992) and Ratcliffe (1992) concerning Borland International, Inc. and Symantec Corporation. Eugene Wang, a Borland employee, left the company and to join Symantec. Borland claims to have found memos in Wang's MCI mail to Symantec–memos written prior to Wang's departure that include Borland proprietary information. When Borland executives turned over Wang's mail messages to local police, the messages were used to obtain search warrants to enter Wang's home and that of Gordon Eubanks, the Symantec chief executive officer. Ratcliffe (1992) speculates that Wang and Eubanks would argue violation of the ECPA, although Borland indicates that as owner of the account, the search was legal. Kapor points out that although current law protects messages while they are in transmission over public services, this case may help define the degree to which employers can search employees' stored email messages.
Gender issues, too, are emergent in organizational CMC. One case study that appears in Harvard Business Review raises the issue of an employee being sexually harassed by a superior. The dilemma: if a manager discovers evidence of such harassment in the employee's electronic mailbox (a not uncommon practice; many organizations argue that the mailbox is company property), at what point does justice lie between reporting the incident and protecting the employee's right to privacy (Niven, Wang, Rowe, Taga, Vladeck, and Garron, 1992)? As technological advances continue, the legal, ethical, and moral issues intensify.
Desperately Seeking Solutions
A number of authors are grappling with legal and ethical solutions for privacy issues in CMC. Anderson, et al. (1993) describe nine case studies for applying the Code of Ethics of the Association for Computing Machinery (ACM) in practice. Included in the Code are stipulations requiring that unauthorized or inappropriate access to data be prevented, and that organization leaders should determine if systems are adequate to protect privacy. In response to consumer concerns, software developers are designing programs to keep email private. Two new titles, for example, are “Privacy Enhanced Mail” and “Pretty Good Privacy” (Wallich, 1993). One proposed solution in dealing with electronic evidence of sexual harassment involves coaching the employee in handling the situation (Niven et al., 1992). But employees still have a right to know that their electronic correspondence may be monitored. Loebl (1992) suggests that employers can deal, at least in part, with employees' privacy issues by including an addendum of the organization's policy on privacy and computer security in the employee manual. BBSs, of course, walk similar ethical tightropes.
Riddle (1990) attempts to sort out the legal responsibilities and rights of BBS administrators. He considers four key areas: (i) what, if any, role might electronic bulletin boards play as press, in terms of First Amendment rights; (ii) what decision rules might apply to system operators concerning their liability for defamation when defaming material is posted by users; (iii) other liability for message content; and (iv) how search and seizure may or may not apply to electronic bulletin board services. Since state laws vary, though, the issues for bulletin board services remain problematic. The laws clearly are lagging far behind the technology. Some BBSs post a login message that informs users that their participation is not private.
Solutions to ethical problems, too, are slippery. Researchers, apart from legal considerations, are wrestling with the ethics and moral responsibilities of sampling text from public bulletin boards and mailing lists (e.g., ProjectH, 1992a; ProjectH, 1992b). One solution is to draw samples that email recipients forward to the researcher, although the original sender may be unaware that the document is so used (e.g., Wambach, 1991). Although disguising identifiers may prevent recognition of the author, this approach does not address the question of intellectual propriety or informed consent. Another solution (e.g., McCormick and McCormick, 1992) triangulates methods with logon warnings that CMC can be read by other parties as well as deleting all identifiers from the text. To date, however, ethical approaches are as varied as the number of researchers, and the discourse as diverse as computer users.
The review of literature suggests that many privacy issues stem from the fact that the content of messages is of a personal or embarrassing nature for the writer. But clearly, the computer is not a secure medium for private communication. And equally clearly, users who do not practice “safe email” are at risk of embarrassment or professional disaster. As the use of electronic mail increasingly replaces other channels of communication such as surface mail, telephone, and in-person meetings (Schaefermeyer and Sewell, 1988), resolution of these concerns becomes more critical. This speaks to the issue of caution (or lack of it) exercised by cyberspace inhabitants. The question is whether these caution levels relate to user perceptions of privacy, and what makes them feel secure enough to engage in intimate virtual activities in the midst of online strangers. Why would users knowingly expose themselves to embarrassment, professional hazards, or even legal action by writing email messages of a personal or compromising nature? These considerations lead to two research questions:
|RQ1||To what extent do users who engage in risky forms of CMC perceive the medium to be private?|
|RQ2||How users who engage in risky forms of CMC come to feel secure enough to do so?|
This study is an online survey of users who engage in risky CMC via the Internet. The literature indicates that, although still relatively new as a data-gathering tool, researchers are beginning to use CMC for online research and analysis (e.g., Allen, 1987; Guthertz and Field, 1989; Huff and Rosenberg, 1988; Kaplan, 1991; Rafaeli and Tractinsky, 1989; Rafaeli and Tractinsky, 1991; Rice, Sell, and Hadley, 1990; Vasu, 1990). Thus, the method is both appropriate for the medium under study and follows research precedents. Because it supports newsgroups of a sexually explicit nature that could be personally or professionally embarrassing or compromising to participants, the Internet offers an excellent arena for surveying individuals who engage in risky CMC.
All of the data were gathered via questionnaires sent to individuals whose mailing addresses were readily available to anyone with Internet access as return addresses in publicly posted, unmoderated newsgroup messages. The study surveyed authors of messages appearing in seven “alternative” unmoderated newsgroups that addressed sexually explicit (and potentially personally or professionally risky) topics: alt.sex, alt.sex.bestiality, alt.sex.bondage, alt.sex.fetish.fa, alt.sex.wanted, alt.sex.wizards, and rec.arts.bodyart. All questionnaires were sent to individuals via an anonymous server, which stripped all identifying information in the headers of outgoing and incoming messages, and assigned anonymous numbers for addresses. Since an active effort was required to respond, all participation was entirely voluntary.
Risky CMC appears similar to that of other high-risk behaviors in health or safety practices. Thus, questionnaire items were drawn from the literature that addressed such risky behavior. Numerous studies show that, despite the risk of AIDS, individuals engage in risky sexual behaviors, and scholars cite a variety of underlying factors, including risk-taking (Sherr, Strong, and Goldmeier, 1990), sensation seeking (Horvath and Zuckerman, 1993), social or sexual anxiety (Hobfoll, Gayle, Gruber, and Levine, 1990), social responsibility (Baldwin and Baldwin, 1988), gender (e.g., Goldman and Harlow, 1993; Ford and Norris, 1993), and low self-concept (Perkel, Strebel and Jourbet, 1991). Other studies concerning risk and seat belt usage consider gender differences (Tipton, Camp, and Hsu, 1990), and habits and attitudes (Mittal, 1988). Jonah (1990) reports that age is a factor, and that drivers under 24 years old not only engage in risky driving, but in other risky behaviors as well. This last factor may be of particular interest, as high-tech, computer-savvy young adults are attracted to cyberspace. The survey instrument asked users a total of 32 questions about these factors and about their perceptions of system security and their own technical skills, to determine how or if they feel secure in their risky CMC (the questionnaire appears in Witmer (1997).
An analysis of variance (ANOVA) was used to determine if there were differences between men and women in their perceptions of newsgroup participation. A standard multiple regression was performed between dependent variables (DVs) identified through factor analysis, and age and length of newsgroup participation as the independent variables (IVs).
Of the 238 survey instruments sent, 38 were returned because the addresses were invalid, the recipient's site did not accept the user name or address, or other electronic routing problems prevented delivery. Fifty-two respondents representing all seven newsgroups returned questionnaires. This 26 percent response rate may be deceptively low, however, since the technical problems of posting through the anonymous server might have created undetected delivery problems.
As might be expected considering the sensitivity of the context in which participants were contacted, the questionnaire elicited a variety of reactions, which ranged from “Who the hell *are* you?” to offers of more information on groups that engage in bestiality or bondage within a specific geographic area. Several people expressed awareness that they received bogus surveys where the senders were simply out to “get their jollies.” Some of these responded based on the information in the questionnaire, but others requested further information.
The reason most often expressed for participating in the newsgroups was to exchange ideas (44.2 percent). An additional 21.2 percent indicated they participated out of curiosity and 11.5 percent said they did so to kill time. Only 7.7 percent of the respondents indicated they participated in their newsgroups to meet social needs, and one individual indicates it is for a thrill. Additional reasons varied widely, from frivolous to ponderous.
An exploratory factor analysis was performed on 25 questionnaire items drawn from literature on risky behaviors and computer privacy. The scree test indicated a five-factor solution, which accounted for 54.8 percent of the variance. The five factors were extracted using varimax rotation, with a cutoff of .45. (The factor loadings appear in Witmer (1997).
Six of the variables failed to load on any factor, which reflected heterogeneity of the items on the questionnaire. Two factors were discarded because they were not internally reliable, as reflected by Cronbach's coefficient alpha of .53 and .50. The three factors that were retained were internally consistent and well-defined by the variables, with alpha values ranging from .70 to .87.
The four variables that loaded on the first factor were respondent agreement with posts on the newsgroup, closeness of relationships formed with other members of the newsgroup, and degree to which respondent felt stimulated by computer-mediated discussions and face-to-face discussions of the newsgroup subject. This factor generally addressed Social Needs that respondents might seek to meet through participation in the newsgroup. The second factor included seven variables: levels of anxiety in face-to-face discussions or computer-mediated discussions of the newsgroup topics, perceived likelihood that a hacker might access the respondent's email account, perceived risk of participation in the newsgroup, importance of system privacy, likelihood that the respondent's professional life might be helped or hurt if participation in the newsgroup were made public, and general feeling of security. These variables broadly addressed the respondent's perception of Security in participating in the newsgroup. The third factor consisted of three variables: perceived likelihood that people other than those addressed or the sysop might read or repost messages, and perceived privacy of the medium. This factor was labeled Privacy.
A 2 (gender) × 3 (Social Needs, Security, Privacy) ANOVA indicated no significant differences between men and women in their perceptions of newsgroup participation. A standard multiple regression was performed between Social Needs, Security, and Privacy as the DVs, and age and length of newsgroup participation as the IVs. Only the regression on length of newsgroup participation approached significance, F(3,43)=2.68, p = 059, predicting 16 percent of the variability in the three factors (Adjusted R2=.10). Length of newsgroup contributed significantly only to the prediction of Social Needs (beta=.346, p = 019).
The first research question asked the extent to which users who engage in risky forms of CMC perceived the medium to be private. The responses to this survey were equivocal on the three variables that comprised Privacy as extracted from the factor analysis. In general, survey participants seem neutral or undecided about the privacy of computer-mediated forms of communication. Respondents were evenly divided between the likelihood or unlikelihood of unintended others reading or reposting their messages and only 25% believed it was likely or extremely likely that the sysop might read their messages. Nearly half (47%) believed the medium to be private. Another 17.6% had no opinion on the privacy of CMC. The rest of the sample, only 35.3%, perceived CMC to be public or extremely public. This finding is surprising, since all the users surveyed were selected as a result of posting to public newsgroups, and their posts can be read by anyone with Internet access (if the newsgroup isn't censored at the local site).
The data suggest a clearer answer to the second research question concerning how users who engage in risky forms of CMC feel secure enough to do so. Most respondents (57.7%) considered privacy unimportant or extremely unimportant, and another 25% were neutral concerning the importance of privacy. These data suggest that privacy is not a serious issue for respondents who post on the lists. One respondent, for example, indicated that the activities in which he engaged were “no secret.” None believed their activities on the newsgroup might harm their careers, and they generally felt secure across all other variables comprising Security (means ranged from 3.5 to 4.2). In addition, 73.1% considered their proficiency levels above average or expert. Thus, respondents tended to feel personally and technically secure in their CMC, and felt that they had little or nothing to lose if their activities were discovered by unintended others. This, then, indicates that the perceived risk is low among users who engage in risky CMC on these newsgroups.
This study serves as a beginning to answering the question of how users come to feel secure in engaging in risky CMC. The small sample size limits generalizability to all system users, as does the narrowly-defined frame from which the sample was drawn. It does, however, provide a sense of the relatively low importance of system security for individuals who engage in risky CMC, and their general confidence in their own expertise. The publicly disclosive behavior may be magnified as a result of the relative youth of the respondents. A larger sample with a wider range of ages might indicate more conservative attitudes in older respondents. Future studies should include other sample populations to determine if risk is perceived differently between groups who engage in self-disclosive behaviors via CMC.
Additional studies should address similar issues in private email. Evidence exists that users send “private” messages that can and do have devastating effects when seen by unintended eyes. Future studies might address the extent to which users of email (via the Internet, local area network, or BBS) perceive risk and to what extent they equivocate in their email messages. An interesting point of comparison might include the use of equivocal language in other forms of written discourse. These and other questions concerning the ways in which users present their identities to an electronic world are intriguing scholars around the world. Certainly, the question of virtual intimacy and sexuality is of increasing interest as it makes newspaper headlines (e.g., Burgess, 1993; Schwarz, 1993) and talk shows. The information highway is here, and becoming more crowded every day. It is opening new doors to a mediated human interaction that transcends time and space, and is perceived to offer a relatively safe sexual outlet in this age of AIDS and fear.