Defining Objectives for Preventing Cyberstalking

. Cyberstalking is a significant challenge in the era of Internet and technology. When dealing with cyberstalking, institutions and governments alike have a problem in how to manage it and where to allocate resources. Hence, it is important to understand how individuals feel about the problem of cyberstalking and how it can be managed in the context of cybersecurity. In this paper we systematically interviewed over 100 individuals to interpret their values on cyberstalking. Keeney’s [21] value focused thinking approach is then used to convert individual values into objectives which form the basis for planning to curb cyberstalking and for institutions and governments to allocate resources prudently.


Introduction
Stalking has been well recognized in the academic and practitioner literature; however with the advent of newer technologies such as social media a new threat has emerged, cyberstalking.An increased reliance of individuals on interpersonal contact has resulted in a corresponding increase in possibility of interpersonal intrusion, referred to as cyberstalking [27].Institutions and government bodies struggle to manage cyberstalking due to a lack of understanding of the phenomenon.The problem question is twofold: First, what are the objectives to ensure protection against cyberstalking.Second, what priority areas should institutions focus on to ensure that cyberstalking is minimized.In this paper we present a comprehensive set of individual value based objectives which can form the basis for strategic planning to prevent cyberstalking.Theoretically we are informed by the value focused thinking concept purported by Keeney [19].The paper is organized into five sections: introduction, literature pertinent to cyberstalking, the theoretical and methodological aspects of this research, the fundamental and means objectives for minimizing cyberstalking and finally in the limitations and future research directions.

A Review of Existing Cyberstalking Literature
The internet is beneficial in connecting us globally on all fronts and is available in nearly every corner of the globe [17].It is also the cause of many unique crimes such as cyberstalking because it is cheap, easy to use, and the anonymity it offers in seeking out victims and avoiding detection [22].Cyberstalking is a type of crime in which there is no face-to-face contact between victims and offenders [10].According to McFarlane & Bocij [27], there are four types of cyber stalkers: the Vindictive Cyber stalker, the Composed Cyber stalker, the Intimate Cyber stalker and the Collective Cyber stalker.
In the past, cyberstalking victims have not had success in being recognized as victims by law enforcement agencies due to a lack of enforcement training and expertise [34].A study that analyzes cyber stalking crimes, legislative intervention measures, and preventative initiatives created specifically to curtail this emerging global crime was undertaken by Pittaro [36].The study concluded that cyberstalking is a serious and growing problem, but proper training and guidance could allow law enforcement agencies can track the stalkers online [22].However, educating society is still the most effective approach to bringing awareness about cyberstalking and enacting initiatives prevent this Internet based crime.[34].California was the first state in the USA to adopt stalking laws in 1989 [51].Since then stalking laws in general have been adopted elsewhere, but cyberstalking is related to one's behavior in cyberspace as opposed to the physical world [3].Therefore, it is suggested that there should be an investigation of these regulations and ways to adapt new regulations to apply in cyberspace and how these regulations can help prevent cyberstalking.
While cyberstalking is still in its infancy, it is expected to increase significantly as the Internet becomes more popular [16].For this reason, there are studies such as the one by Spitzberg and colleagues [8,9,41,42,43] that conducted pilots and introduced the concept of cyber-obsessional pursuit (COP).Further, new research extended these earlier pilot studies to develop and refine measures of cyberstalking victimization [44].Another study by Goodno [12] examined how differences in state and federal law create gaps in stalking statutes increasing the difficulty in prosecuting all aspects of cyberstalking and suggests ways to close these gaps.Finally, the study also examines the potential issues in criminalizing cyberstalking and how these issues might be resolved by changing the laws so they address the newer cyber security crimes as a result of cyberstalking.Additional work with respect to cyberstalking has sought to develop and adapt a lifestyle-routine activities theory [38] to explain opportunities for victimization in cyberspace environments where traditional conceptions of time and space are less relevant.A related earlier study on the extent and nature of Cyberstalking victimization from a lifestyle/routine activities perspective by Reyns [37] also corroborates the theory.Findings from this study indicate that the number of differing factors such as the number of online social networks an individual owns or low self-control are significant predictors of cyberstalking victimization, suggesting moderate support for lifestyle/routine activities theory in explaining cyberstalking [37].

Methodology
In order to identify values one must ask the concerned people [21].Within the literature, there is a significant variance in the number of individuals that should be interviewed.As an example, Hunter [15] used the interviews of 53 people from two different organizations to do a content analysis to elicit individual conceptions.However, Phythian & King [35] used two managers who were experts in assessing tender enquiries to identify key factors and rules that influence tender decisions.Additionally, Keeney [21] obtained interviews from over 100 individuals to obtain their values to develop objectives that influenced Internet purchases.For this study, over 100 persons of varying background and experience were interviewed to identify general values for managing cyber stalking related information security.
The following three-step process is used to identify and organize the values that an individual might have with respect to cyberstalking [19]: First, interviews are conducted which elicit the values an individual might have within a decision context.Second, individual values and statements are converted into a common value format, such as an objective oriented statement.Then similar objectives are grouped together in order to form clusters of objectives.Finally, the objectives are then classified as either fundamental to the decision context, resulting in a fundamental objective, or simply a means to achieve the fundamental objectives, or what's called a means objective.

Identifying values
To begin, interviews are conducted with the concerned peoples as a process of identifying values.At the beginning of each interview, the purpose is clarified and context and scope of the interview are established.The core objective is to understand the fundamental objectives for preventing cyberstalking.To set the decision context, we emphasize that the scope for eliciting these values is limited only to individuals.After defining the scope of the interview, explanations are provided to the interviewee so that they can understand what 'cyberstalking' is to establish a common understanding.Cyberstalking is thusly defined as 'the use of the internet, email, or other electronic communications devices to stalk another person' [48].It is made clear to respondents that the goal is to understand values that people might have with respect to cyberstalking.To identify these values four questions are posed about their personal values toward cyberstalking and those of individuals who commit acts of cyberstalking.The questions were: What do you think are your values and wishes in order to prevent cyberstalking?What values might lead you to behave in a certain manner towards cyberstalking?What kind of information do you think people use to engage in cyberstalking?What personal values lead people to use this information for their own benefit while cyberstalking?All questions were open-ended.As individuals can express values differently, so difficulty exists with the quiescent nature of the values, so different probing techniques are used to identify latent values.Keeney [19] suggests words like trade-offs or consequences etc. as useful in making implicit values explicit.

Structuring values
Once values have been identified, value structuring and objectives development begins.
Step one is that all statements are restated in a common form with duplicates are removed, then common form values are considered and converted into sub-objectives.According to Keeney [21], an objective is constituted of the decision context, an object and a direction of preferences, which in this case is cyberstalking.With all values systematically reviewed and converted into subobjectives a number of sub-objectives that deal with a similar issue exists.By carefully reviewing the content of each of these sub-objectives, clusters are developed that group similar ones together and then each cluster of sub-objectives is labeled by its overall theme that becomes the main objective.

Organizing objectives
The list of sub-objectives and corresponding clusters initially include both means and fundamental objectives so we must differentiate the two.This is accomplished by repeatedly linking objectives through means-ends relationships then specifying the fundamental objectives.To identify fundamental objectives, the question is asked, 'Why is this objective important in the decision context?[19].'If the objective is an essential reason for interest in the decision context, then the objective is a candidate as a fundamental objective.If the objective is important due its implications with respect to some other objective, then it is a candidate as a means objective.This is termed by Keeney [20] as the 'WITI test.'

Objectives for Preventing Cyberstalking
In this section we present fundamental and means objectives for preventing cyberstalking.In our research we found twenty total objectives: five fundamental objectives and fifteen means objectives.In this section we discuss the fundamental and means objectives and how these can collectively contribute to the prevention of cyberstalking.

Fundamental Objectives for Preventing Cyberstalking
The five fundamental objectives identified in this research include: Protecting Online Interactions; Establishing cyberstalking security procedures, Ensuring technical security, Developing strong value systems and Defining intermediaries to minimize cyberstalking.The fundamental objectives resonate well with what has been defined in the literature and the main characteristic for cyberstalkingrepeated event, invasion of personal privacy, evidence of threat and/or fear [44].Scholars term stalking as a form of Obsessive Relational Intrusion (ORI), which is the unwanted pursuit of intimacy [8,9].
FO1 Protecting Online Interactions.Respondents found protection of online interactions to be defined as both precautionary and regulatory objectives.Exercising caution when meeting people online is fundamental, however it is also important to ensure that protection mechanisms exist in online forums; however the means are addressed in some of our means objectives.A response by one respondent noted: "It is the responsibility of Internet Companies to ensure safety in an online forum through regulation and technical means."In an interesting paper, Chik [6] discusses international cyberstalking regulatory considerations.He notes that there are two basic types of anti-stalking legislations -the list model and the closed model.The list model lists types of offences and provides certainty, but is rather restrictive.An alternative is the general prohibition model, which is used in some US states and UK.Chik argues that the more open general prohibition model is the favored option [6].
FO2 Establishing cyberstalking security procedures.Respondents felt that good cyberstalking security procedures will go a long way in ensuring security and safety.Cyberstalking security procedures can include an identification of appropriate authentication measures or availability of cyberstalking prevention tools.A respondent noted: "There is no way to tell which site provides adequate security and which one has loose controls, I wish we had a way to do this."Website trustworthiness is an important topic area and has been well researched.
At the advent of e-commerce, online vendors were facing similar challenges.Moores and Dhillon [29] found that web assurance seals did help in ensuring a trusting relationship with the consumers.They note: "The relative success of the privacy seals suggests that many sites recognize the issue of privacy and strive to uphold the highest standards.These sites are not the problem.The problem is with those sites that violate their stated obligations, those sites that make no commitment, and those sites that actively seek to exploit the data they collect." FO3 Ensuring technical security.The role of technologies in ensuring security in cyberstalking cannot be underestimated.Unequivocally our respondents made a call for investing in safe browsing technologies and increased abilities to monitor online security settings.Ability to create online filters to block negative behavior was also considered important.One respondent noted: "Now-a-days it is virtually impossible to ensure that the filters are installed properly.People need a high level of competence.Why can't the technologies be made simple and easy to use?" Technical means to ensure online security and its benefits in preventing cyberstalking incidents has been noted by Goldberg [11], who summarizes the problem as one dealing with secure Internet routing.Goldberg notes that secure Internet routing can be achieved through simple cryptographic whitelisting techniques, which can prevent attacks such as prefix hijacks, route leaks, and path-shortening attacks.Some of these attacks are the basis for website compromises, which can then subsequently lead to increased incidents of cyberstalking.
FO4 Developing strong value systems.Early detection of negative behaviors can come about through strong family values and the related social pressures.In a study by Pereira and Matos [33] the complexity of family values is reviewed as well as their impact on cyberstalking.In particular Pereira and Matos found fear following victimization plays a major role in management of cyberstalking [33].
One respondent noted: "I have been cyberstalked.Support from my family was critical in helping me carry on with life." FO5 Defining intermediaries to minimize cyberstalking.This fundamental objective is somewhat related to the fundamental objective of ensuring secure procedures.Critical to trust forming relationships is the role of intermediaries.
Cybersecurity insurance research has suggested that it is indeed possible to minimize threats by appropriately focusing on insurance practices.Pal et al [32] note: "To alleviate this issue a security vendor can enter the cyber-insurance ecosystem and via a symbiotic relationship between the insurer can increase its profits and subsequently enable the cyber-insurer to always make strictly positive profits keeping the social welfare state identical.As a special case the security vendor could be the cyber-insurer itself (p.8)."

Means Objectives for Preventing Cyberstalking
MO1 Increase responsibility of social media sites.This objective pertains to organizations responsible for creating, maintaining, regulating and implementing social media sites.These organizations have an obligation to ensure their sites are safe in order to prevent cyberstalking.Many organizations consider this a corporate social responsibility (CSR) and make efforts to shape CSR policies to present themselves as good corporate citizens [28] and the importance of CSR has been emphasized by many in the literature [5].
MO2 Increase safe information sharing.This objective addresses the need for users to have more tools to safely share information on the Internet and social media sites can provide those tools.Types of tools that could be included are increased privacy settings or private web browsing methods.Responses indicate support for this belief such as; "I want more privacy settings and ways to protect my information if I choose to share it." MO3 Increase law enforcement.This objective deals with ensuring useful laws exist to protect online users from cyberstalking.One study analyzed was the police use of Twitter, including the structure of networks and the content of the messages [7].The study concluded that due to the constraints of police culture, Twitter has been used cautiously as reinforcement for existing means of communication [7].Responses such as; "law enforcement needs to be more involved in monitoring and policing social media activity" show users want an active law enforcement approach to help prevent cyberstlaking.
MO4 Increase awareness of cyberstalking consequences.This objective addresses the consequences for cyberstalking, specifically making people aware of the negative effects on victims and society as a whole.A survey response supporting this is "as a society we need to increase awareness about the harmful effects of cyberstalking" which speaks to the lack of awareness.
MO5. Minimize trolling.This objective deals with discouraging people from posting offensive content in their online postings.A study by Hopkinson [14] researched the practice of trolling in online discussion forums and its findings suggest that the definition of trolling varies depending on the discussion topic [14].The study found a paradoxical view of trolling in that it is considered destructive and have a negative connotation, but cases exist where it can have a positive constructive effect [14].
MO6 Decrease tracking ability.This objective deals with ensuring that your current location is unknown to people from whom you wish to remain hidden from.For example, Facebook had a program, which sent messages to users' friends about what they were buying on Web sites; it had to retract this feature after protest from a number of their users due to complaints about sharing without permission [45].To prevent features like these from being abused for cyberstalking, the ability of companies and individuals to track people online needs to be minimized.

MO7 Increase deterrence.
This objective deals with the use of punishment as a threat to stop or prevent people from engaging in cyberstalking.Individuals behave rationally to maximize their utility and commit crime when the expected utility of law breaking far exceeds the expected disutility of punishment [18].So to promote obedience and discourage crime communities should adopt a policy to raise the price of crime.Deterring cyberstalking was a common response, for example, one of our respondents said; "Well-defined laws and stricter enforcement of cyber stalking laws would help prevent cyberstalking." MO8 Ensure online social responsibility.Organizations and individuals alike have a significant stake in achieving this objective to prevent cyberstalking.There are conflicting views from certain studies whether "Doing Good Always Leads to Doing Better" [39]; however organizations and individuals should proactively take responsibility for making online experiences positive by following basic and fundamental norms of conduct and behavior.

MO9 Personal accountability.
Accountability protects public health and safety, facilitates law enforcement, and enhances national security, but it is more than a bureaucratic concern for corporations, public administrators, and the criminal justice system [2].In our study we found that respondents have given significant importance to this aspect where one respondent said, "I believe each person is responsible for taking steps towards preventing cyberstalking.That means being mindful of what personal information you share about yourself on the Internet." MO10 Increase ability to control personal information.Users desire the ability to control their personal information; how it is shared, stored and distributed over the Internet.Information available online about consumers is striking and the media is filled with horror stories about the misuse of personal information, such as the availability of information most people consider confidential like social security numbers or their home location [40].Many respondents felt this way with one responding; "I want as many options on social media as possible to prevent as much personal information from being publicly available." MO11 Ensure monitoring of children.This objective deals with the ability to monitor children's online activity and behavior.This is a difficult objective that is highly complex.For example, a national study in Great Britain on children and their parents used focus group interviews and observation of children's use of the internet to reveal the following: Parents seek to manage their children's internet use, but face challenges in helping their children use internet safely.Disagreement between parents and children exists as most children do not want restrictions and have take measures to hide their online activity from their parents demonstrating a gap in the understanding between parents and children on these issues [25].Their policy recommendations were; direct children and young people towards valuable content, develop online advice resources with young people etc. [25].
MO12 Reduce opportunities for online victimization.This objective emphasizes the importance of safe browsing and online behavior in order to reduce the opportunity an offensive act can be undertaken by someone.For example, cyberbullying is one major issue in schools and communities due to the emotional, psychological, and even physical harm to which victims can be subjected.One study looked at general strain theory to identify the emotional and behavioral effects of cyberbullying victimization [13].Data collected indicated that cyberbullying is a potent form of stress that may be related to school behavior problems and delinquent behavior offline [13].Another study from a national survey of teenagers in the UK (N=789) analyzed the demographic factors that influence skills in using the Internet and then sought to determine whether these skills make a difference to online opportunities and online risks [26].Findings show that those who take up more opportunities encounter more risks and vice versa.Further, those groups inclined to gain more opportunities also encounter more risks [26].
MO13 Increase Regulation of Online Social Networks.This objective deals with agencies and government organizations monitoring online social networks and determining the rules and actions that need to be taken to prevent cyberstalking.One study investigated a sample (n = 704) of college students to understand online disclosure and withdrawal of personal information [47].
Findings show little to no relationship between online privacy concerns and information disclosure on online social network sites as students manage unwanted audience concerns by adjusting profile visibility and using nicknames but not by restricting the information within the profile [47].This behavior suggests that people can still easily gain access to all the free information on Internet, hence why our study suggests social network organizations adopt various counter-measures.
MO14 Increase mental health screening.Mental health can adversely influence one's ability and judgment to conduct themselves properly online.A survey study of 371 British students showed that 18.3% of the sample was considered to be pathological Internet users, whose excessive use of the Internet was causing academic, social, and interpersonal problems [30].This would lead one to consider that Internet usage, cyberstalking and mental health are a connected and important area of concern.
MO15 Cyberstalking education.Cyberstalking and its negative affects are not well known to many people.One study of note was done using students from two universities, which gathered their responses to a cyberstalking scenario as well as their use and experiences with the Internet [1].Then the study conducted an analysis and comparison of students who reported having been stalked to those who had been cyberstalked [1].An interesting finding was that male students were statistically more likely than female students to have been cyberstalked [1].Additionally, for individuals who were cyberstalked, the stalking perpetrator was most likely to be a former intimate partner [1].

Further research, Limitations and Conclusions
Based on the research presented in this paper, there are three broad categories, which exist for future research opportunities.The first opportunity is that the list of objectives identified in this research can be subjected to psychometric analysis using separate large samples.This can help, for example, in developing a model for measuring cyberstalking by organizations on social media sites.A second opportunity exists for intensive research to be undertaken to establish relationships between particular fundamental and means objectives; however, while Keeney [19] contends that fundamental and means objectives are related and an implicit; logical relationships appear to exist between the fundamental and means objectives, but specific relationships need to be researched.The final opportunity is such that further quantitative work should be carried out to assess how the subscales of means and fundamental objectives relate to each other.
The findings of this research lay a suitable foundation for developing multidimensional measures and protections against cyberstalking.For example, Keeney [21] conducted an extensive study, which interviewed over 100 people to assess their values with respect to Internet commerce.And based on this work, Torkzadeh & Dhillon [46] were then able to develop instruments, which measured factors that influence Internet commerce success.Much in the same way, the research presented within this paper has established values and objectives that would be a basis for measures and protections against cyberstalking.Within the IS domain, many examples exist of research that involves in-depth qualitative research aimed at the development of theoretical concepts which includes research on organizational consequences of IT [31], relationship between IS design, development and business strategy [49] and communication richness [24].
In the cybersecurity field, the topic of cyberstalking is constrained by the absence of well-grounded concepts that are developed in a systematic and a methodologically sound manner as the topic itself is still a newer concept.The fundamental and means objectives that are presented in this paper make a contribution towards the development of theory specific to cyberstalking and measures and protections from it, a largely overlooked IS research stream.This research was only the first step to identify means and fundamental objectives as it relates to cyberstalking values.The next step in this research is to conduct a quantitative study as was done earlier by Torkzadeh & Dhillon [46] to come up with an instrument that measures fundamental objectives as it relates to cyberstalking as there is a need to develop theory that is IS specific [4].
As with most qualitative research, this study is subject to some limitations.The process of identifying values from interview data is largely subjective and interpretive and while as researchers we maintain a professional distance, there is always a possibility that some of our own biases may influence the results; however, we were conscious of this during all three phases.The previous basis for this research and the critical reflections of the interviewee's statements was useful in helping us show how these various interpretations emerged in the research [23].
For this reason, it is believed that being aware of the intellectual biases actually helped us to be objective within our analysis of the data.Further, Walsham [50] recognized this to be an issue when carrying out intensive research and in regard to the role of the researcher wrote; "the choice should be consciously made by the researcher dependent on the assessment of . . .merits and demerits in each particular case (p.5)."It is our goal that in strictly following the value-focused thinking method and being conscious that our interpretations should not serve to influence our research, it can provide confidence in the outcome of this study.
In conclusion, the research presented in this paper examines the relatively unexplored area of cyberstalking in the field of information systems.This qualitative investigation, which used value-focused thinking, revealed 75 subobjectives, grouped into five fundamental and 15 means objectives, which are essential for developing measures and protections against cyberstalking.The objectives developed in this study are grounded socio-organizationally and provide a way forward in developing measures and protections against cyberstalking.Therefore, this is a significant contribution as previous research in this area is underdeveloped and as such falls short of being able to propose tangible measures and protections against cyberstalking.