An Analysis of Crowdsourcing and the Boston Marathon Bombings

doi:10.1093/bjc/azv118 BRIT. J. CRIMINOL. (2017) 57, 341–361 Advance Access publication 5 December 2015

DIGILANTISM: AN ANALYSIS OF CROWDSOURCING AND THE BOSTON MARATHON BOMBINGS

Johnny Nhan*, Laura Huey and Ryan Broll

This paper explores the aftermath of the Boston Marathon bombing incident and how members of the general public, through the online community Reddit, attempted to provide assistance to law enforcement through conducting their own parallel investigations. As we document through an analysis of user posts, Reddit members shared information about the investigation, searched for information that would identify the perpetrators and, in some cases, drew on their own expert knowledge to uncover clues concerning key aspects of the attack. Although it is the case that the Reddit cyber-sleuths’ did not ultimately solve this case, or provide significant assistance to the police investigation, their actions suggest the potential role the public could play within security networks. Keywords: Boston Marathon bombing, investigation, security networks, general public

Introduction On 15 April 2013, two bombs exploded near the finish line of the Boston Marathon, killing three people—including an 8-year-old boy—and injuring more than 170 others in a shocking event that captured the world’s attention. What followed was one of the largest, most sweeping investigations and manhunts in US history. The suspects were identified, and then located, as a result of one of the most coordinated, technologically sophisticated efforts by local, state and federal law enforcement. For example, the investigation employed a variety of forensic and other technologies, including surveillance video, explosive and blood pattern analysis, and helicopters with infrared cameras. The pursuit ended four days later, with one suspect, Tamerlan Tsarnaev, killed during a standoff with police, and the other, Dzhokhar Tsarnaev, captured in dramatic fashion. A significant part of the aftermath of the Boston Marathon bombing was the con- vergence of police, citizens and technology playing significant roles in a real-time hunt for the perpetrators (Montgomery et al. 2013). Alongside the official investigation led by law enforcement officials was a parallel investigation conducted by a growing movement of online sleuths, often referred to as cyber-vigilantes, or ‘digilantes’. These groups, organically formed in ad hoc fashion, harness the power of collective knowledge and resources—‘crowdsourcing’ (see Howe 2006)—towards a common purpose. In the Boston Marathon case, cyber-sleuths were pooling information and resources in order to assist the police in their criminal investigation of the bombing. While the events in Boston mark a notable example of this activity, digilantes have been playing a growing role in online and real-world investigations. For example, in 2014, outraged social media users helped Philadelphia Police identify and find suspects who brutally assaulted a gay couple by matching online Facebook profile pictures of people

*Johnny Nhan, Department of Criminal Justice, Texas Christian University, TCU Box 298720, Fort Worth, TX 76102, USA; [email protected]; Laura Huey, Department of Sociology, University of Western Ontario, London, Ontario, Canada; Ryan Broll, Department of Sociology and Anthropology, University of Guelph, Guelph, Ontario, Canada. 341

© The Author 2015. Published by Oxford University Press on behalf of the Centre for Crime and Justice Studies (ISTD). All rights reserved. For permissions, please e-mail: [email protected] NHAN ET AL. who checked in at the restaurant where the beating took place with surveillance video (Shaw 2014). This example shows how Internet communities can serve as ‘additional eyes and ears’ of the police in an age where demands for efficient service with increasingly fewer resources are strained by new communications and analysis technologies (Marx 2013). Despite its apparent growing value for police, citizen involvement in police investigations is not without controversy. For example, the question of whether public online assistance to police was considered a form of neighbourhood watch or a dangerous witch hunt was posed when, following the suicide of Amanda Todd’s after extensive bullying, Internet hacking group Anonymous publicly released personal information (‘doxing’) on the wrong individual suspected of harassing Todd (Davison 2012). Analyzing patterns of public and private participation in online cyber-policing can give insight into the boundaries of active and passive security roles in the new security framework that has emerged online (Huey et al. 2013), as well as provide insights into when and where those boundaries should exist. To help flesh out this analysis, within this paper we utilize data collected from Boston Marathon bombing threads in a popular online forum to examine efforts by members of the general public to identify and locate the perpetrators. Our analysis of member posts highlights the complex and nuanced role the public sometimes seeks to play in generating online- based investigations. It also speaks to the need of law enforcement and public policy makers to recognize that the proverbial genie is out of the bottle: the Internet has created an environment in which the public can and will choose to play a role in public criminal and other investigations that capture its interest. In essence, we argue from the data that there is clearly a need for public officials to create regulatory and other strategies by which they can direct public involvement in ways that reduce the potential for harm—such as that occurs through the misidentification of individuals as ‘suspects’—while maximizing opportunities for generating useful tips, having communities serve as ‘eyes and ears’ and other activities of investigational and other use to law enforcement. In the pages that follow, we begin by contextualizing the role of general public using the nodal governance theoretical framework, which views security as being distributed across a network of public, private and hybrid institutions. Next, we discuss the research methods employed in this study—namely, data were drawn from an extensive review of more than 20,000 comments posted by users on the online community Reddit in the days after the Boston Marathon bombings. The discussion then turns to a presenta- tion of the results of our analysis. Most users’ posts were general comments about the event—expressing sympathy for victims and outrage at the terrorist attack—but others focused on sharing information about the attacks, such as personal videos and photographs. A smaller, but especially important number of posts aimed to support the ongoing police investigation. In these posts, users’ shared real-time information about the investigation, scoured photographs and videos in an attempt to identify suspects, and used their own expert knowledge to identify key features of the attack. Although the success of the Reddit cyber-sleuths investigation was limited (i.e. they failed to identify the bombers), the Boston Marathon attack was the first terrorist event in America in which a large swathe of the general public attempted to advance a police investigation through their own efforts. We conclude by considering both the strengths and the limitations of public involvement in this area, before offering some recommendations as to

342 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS how to public officials could and should maximize the benefits of public participation, as well as reducing the potential for harm.

The Varieties of Online Policing The evolution of police has been historically demarcated into different eras that reflect distinct changes in their core function. Kelling and Moore (2005) construct three his- toric eras based on police mandates and functional priorities: The political era during the mid to late 1800s, where police focused on maintaining the social order that were often political in nature, the reform era during early to mid-20th century, which sought to eradicate corruption through adherence to law enforcement and a professional demeanour, and the community era from the 1970s onward, which maintains a crime control function but seeks community support and engagement through community-driven crime prevention and problem-solving strategies. A fourth era of policing suggested by the authors can be described as the information era of policing. Driven by demands of the information age and urbanization with larger officer-citizen ratios since the 1970s, police officers have become ‘knowledge workers’ who collect and process information (Ericson and Haggerty 1997). Modern officers, for instance, access information from mobile data terminals during stops before exiting their vehicles to assess the potential risk of the encounter (Manning 2008). Despite incorporating information technology into their case management and investigative practices, police find themselves being unable to meet growing demands for service. New forms of crime created by the Internet, varying from hacking and distributing destructive viruses to manifestations of more traditional crimes, such as identity theft and harassment (e.g. cyberbullying), have outpaced law enforcement’s ability to control crime. Thus, a series of private actors—ranging from individual citizens to large corporations—have emerged who singularly and collectively play a role in the provision of security online (Wall 2007). To aid conceptualizing the complexities of security provision—in both the online and ‘real’ worlds—a new model of security was introduced derived from Castells’ (1996; 2010) concept of the network society, where information networks shape social structures and activities. The nodal governance theoretical framework is based on the idea of distributed security in a non-hierarchical network consisting of security actors, or ‘nodes’. In a computer network, a node is a point of connection to a network, where information can be shared or accessed. Nodal governance nodes are security actors (institutions and groups) that share assets and work collaboratively for security purposes. Burris et al. (2005: 37–38) describe nodes as having a set of four essential characteris- tics: (1) mentalities, (2) technologies, (3) resources and (4) institutions, or structures in which nodes can mobilize resources, mentalities and technologies. These nodal resources are used to exert influence over a security network. Nodal influence in a security network is not equal, with some nodes exerting more influence than others. Dupont (2006: 97–104) lists the types of resources (capital) as metrics that determine the influence of a node in a network: (1) economic capital, or the monetary resources of a node, (2) political capital, or ability to mobilize governmental resources, (3) cultural capital, or ‘actionable knowledge’, (4) social capital, or social relations with other nodes and individuals, and (5) symbolic capital, or centrality of a node to represent the other nodes.

343 NHAN ET AL.

Nodes in any given network can include a variety of security actors, such as the police. Within the nodal governance model, police organizations are considered one node in a larger security network that may also include private policing organizations, hybrid public-private security firms and members of the general public. This ‘plural’ model of security democratizes once police-exclusive functions of security into shared responsibility and resources (see Wood 2006). Power within the new networked model of security is diffused to each actor, some of which may exert more power than others. Police, for instance, sometimes exert substantial power stemming from their cultural and social capital of representing the ‘moral order’ of society, and their symbolic capital related to their ability to mobilize state-sanctioned legitimate power and resources, including the use of deadly force (See Dupont 2004; 2006). The arrangement of security nodal networks can be established or ad hoc and scalable. The London Metropolitan Police, for example, coordinated security for the 2012 London Olympics using a large-scale nodal security network that utilized public–private security partnerships and ubiquitous surveillance (Bennett and Haggerty 2011). At a smaller scale, security alliances can form between police and citizens. For example, one cornerstone of community policing, an operating philosophy still embraced by most departments in varying degrees today, is information sharing and partnerships with police and citizens. Perhaps the newest form of police–citizen collaboration is the use of social media by police. Some departments today are engaging the public through social media sites, such as Facebook and Twitter. The nature of these interactions, however, have reinforced the traditional model of police as knowledge brokers, in that social media serves mainly as a means of disseminating and collecting information rather than engaging in public discourse. UK police forces, for instance, have used Twitter merely to supplement current channels of communications such as public service announcements and public requests for supplemental pictures and videos to aid in their investigations (Crump 2011). However, another use of social media by police involves ‘crowdsourcing’: Distributing labour to a large group of people—over the Internet—to achieve a particular task or goal that might otherwise tie up the resources of an organization. One example of such crowdsourcing in the policing world is public monitoring of CCTV systems over the Internet, which has expanded the surveillance capabilities in the United Kingdom as more eyes are placed on identifying suspicious activities and suspects (Trottier 2014a). Another example is the Vancouver Police Department’s posting of images of individuals alleged to have partici- pated in that city’s 2011 Stanley Cup riots through a Facebook page, where visitors were invited to report anyone they recognized (Schneider and Trottier 2011). Although these forms of citizen engagement in online policing-related activities have attracted some researcher attention (Tapia et al. 2014; Trottier 2014b), the phenomenon of digilantism or ‘civilian online policing’ (Huey et al. 2013) has yet to generate significant interest on the part of researchers or the police. As we demonstrate in the analysis to follow, this lack of enthusiasm on the part of police agencies does not place a damper on some citizens’ desires to get involved online as ‘eyes and ears’ for the police.

Online Vigilantism and Crowdsourcing The largely passive role by the general public in nodal policing arrangements in the terrestrial world has typically meant that when members of the public experience a

344 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS problem, they contact the police with the expectation of some type of policing action. However, in the online world, law enforcement efforts have been more significantly more circumscribed as a result of a number of factors. The result has been a perceived policing deficit that has given rise to various forms of Internet vigilantism, including the creation of groups who harness the power of crowdsourcing to find wrongdoers and mete out justice. The first known large-scale vigilante effort originated in China in 2006, when members of a group known as ‘human-flesh search engine’ renrou( sousuo yinqing) tracked down a woman who was shown in a video stomping a kitten to death with her stiletto heels (Downey 2010). Within six days, the woman was fired from her job after the woman’s name, location, phone number and employer was made public by cyber sleuths who were able to track her down to a small remote province by examining the video’s background. The human-flesh search engine example highlights the potential security capital of the public node when mobilized. In particular, it illustrates how public groups can, through countless connections across the web, draw upon a significant volume and diversity of individual knowledge and expertise to achieve their aims. The ability to physically search for information and persons through networks, and to use those same distributed resources across to interpret and apply information collected, reveals the potential strength of crowdsourcing in relation to crime and justice phenomenon. To understand this phenomenon more accurately, it is important to also consider the cultural mentalities or ethos underlying both the development and subsequent use of the Internet. As both a social and physical space, the Internet is non-hierarchical and its users have traditionally approached it as a communitarian site governed by a largely libertarian values. In its ‘Declaration of Independence of Cyberspace’, Internet rights advocate group Electronic Frontier Foundation (EFF) founder John Barlow (1996) asserted cyberspace as independent from legal and geographic bounds, stating, ‘Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications’, adding, ‘legal concepts of prop- erty, expression, identity, movement, and context do not apply to us’. The power of this philosophy can be perceived in the ‘wiki’ model of information production and dissemination, which is an open-source model in which mass collaboration produces extremely creative and robust knowledge and works derived from online communities. For example, minutes following 2005 London subway ‘tube’ bombings, a Wikipedia user created an entry that detailed the event. Nearly 2,500 volunteers edited and added information to the page that day, resulting in a comprehensive account of the events with full references to news sites, demonstrating the transformative power of crowdsourcing (Tapscott and Williams 2010). Despite the potential breadth and depth of knowledge and expertise, the public node is far from perfect. For instance, online ‘hacktivist’ group Anonymous tracked down and publicly released personal information (‘doxing’) on a suspect they believed to be responsible for the sexual exploitation of 15-year-old Canadian teen Amanda Todd, who committed suicide after enduring relentless cyberbullying when a screen capture of her flashing her breasts on her webcam was spread by her harasser among her social networks (see Dean 2012). Unfortunately, in this instance, Anonymous identified the wrong person who was subjected to much harassment and threats, himself. The successes and failures of the public node have raised some fundamental questions that this paper explores and some larger theoretical issues beyond its scope. Some of 345 NHAN ET AL. these questions include: Is digilantism is more harmful than good? What are the limits of law and law enforcement? How does digilantism conflict with issues of privacy? Do digilante activities serve to reinforce the collective community that can strengthen networks? Finally, is cyberspace a consequence-free environment for digilante groups to operate under? Our study addresses, at least in part, this growing list of issues by using empirical evidence gathered from one online community during the Boston Marathon Bombings.

Method of Inquiry Threaded discussion analysis was chosen as an appropriate measure of sentiments and collective action following the Boston Marathon bombing based on previous studies of communications within online groups (Malesky and Ennis 2011; Van Hout and Bingham 2013a; 2013b; Huey et al. 2013). During the Boston Marathon bombing, users of the popular online community Reddit created a number of Boston Marathon themed posts, titled ‘Boston Marathon Explosions: Live Update Thread #_’ (labelled 1–21) to discuss the event in real time. A main series of 20 continuous discussion threads were created as the unofficial forum for the site from the time of the bombing on 15 April 2013 to the capture of the suspects on 20 April 2013. Note that the researchers excluded thread 21 from coding, which was created after the official capture of the suspects and contained mainly congratulatory comments. When each thread was determined to be too large by site moderators, the thread would be locked for further comments and a user would create a continuation of the thread (i.e., the next numbered thread from 1–21). In each thread, anonymous users made thousands of comments, ranging in nature from general opinions of the event to in-depth analysis of the bombings. A substantial amount of ‘popular comments’ were automatically opened by the site for viewing without clicking for further comments. Top comments were voted on by community members, who can indicate whether a comment is good or bad by clicking on an up-arrow or a down-arrow. The threads contained an average of 1,034 popular comments (excluding responses to these comments) and, in total, the researchers examined and coded over 20,000 anonymous user comments. Two researchers independently coded the popular comments in each thread using a thematic analysis approach, and then cross-checked the coding for accuracy. Themes in user posts were initially identified through open coding, creating a total of 20 thematic categories. These categories included: ‘support for victims’, ‘investigation-related information’ and ‘media criticism,’ among others. These themes were solidified, and appropriate sub-themes identified and linked, through a second, more focused coding. The results were then analyzed in both qualitative format and using descriptive statis- tics. As our focus in this paper is on the role that the public played in trying to assist police in identifying and locating suspects, for this paper we draw primarily on our analysis of the theme of ‘investigation-related information’.

Overview of Results Reddit-threaded discussion data revealed several main categories in which users par- ticipated in the online discussions. First, the vast majority of participants simply used 346 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS the forums as a means of self-expression. Second, participants sought to share and distribute news and other information, including a small number of Boston residents that provided real-time information from the scene. Third, some users offered direct or indirect assistance, such as offering to drive others to another location or offering up spare bedrooms to stranded visitors or family members of victims. Fourth, a group of users discussed topics directly related to the ongoing investigation, which included efforts at analyzing available information in order to identify and assist law enforcement in apprehending the suspects. Table 1 shows the majority of comments (94.0 per cent) were general comments about the event. These ranged from outrage at the terrorist act to words of sympathy for the victims. A smaller number of individuals (3.7 per cent) asked general questions, such as for updates or facts about the event, or sought specific information, such as how to locate a specific marathon participant. A noteworthy number of forum participants (1.7 per cent) criticized mainstream television news coverage, often while lauding the speed and accuracy of the Internet as a source of information. On the contrary, mainstream news outlets were strongly criticized for sensationalism and inaccuracy of information. For example, one community member typical of the message board sentiment as indicated by 163 ‘likes’ by community members, expressed, On this note, don’t listen to a word the NY Post says in regard to these explosions. Not that you should anyways. They have been sensationalizing and implicating racial connections where there are simply none known yet. (i.e. ‘A 20 YO [year old] Saudi national is currently being detained in a hospital as a suspect’. This is bullshit, police have called them out on it). A very small number of individuals (0.001 per cent) made racist comments, usually by linking the terror suspects to Muslim or Middle Eastern ethnicities. These comments were quickly deleted by forum moderators or buried by forum users, who were quick to sanction the statement as being ignorant. Note that deleted racial comments were indicated by replies to the comment that sanctioned the comment for being racist. These comments are user-reported to forum moderators and administrators. This process shows the self-regulating nature of message boards and is not altogether surprising. Indeed, research has shown that people tend to distance themselves from those who do not align with their moral beliefs (Skitka et al. 2005), and self-policing has been observed elsewhere in online communities (e.g. see Wall and Williams 2007 study of Second Life and other virtual communities).

Table 1 Nature of comments

Nature of discussion N %

General comment 14,539 94.0 General question 572 3.7 Criticism of mainstream media 262 1.7 Seeking specific information 85 0.5 Racist commenta 14 0.001 Total 15,472 100 aMost racist comments were deleted by moderators or buried by users through down-voting. 347 NHAN ET AL.

The public node of Reddit users acted as a real-time information hub (see Table 2). Of discussion posts involving the sharing of information, a large number of users submitted news links from traditional news outlets (29.8 per cent), such as large television networks and newspapers, prompting many to forgo watching television news and, instead, obtain information from the board directly. Many users also listened to police scanners and emergency broadcast channels (19.1 per cent) and were thus able to provide information to members of the online community before news outlets reported the same information. In addition, a smaller number of community members present in Boston submitted photos (16.0 per cent) and videos (3.2 per cent) taken themselves.

Public Security Assets An analysis of the threaded discussions reveals unique security assets held by the public. The distributed and open nature of public forums, such as Reddit, attract individuals from a variety of professional backgrounds and interests. Whereas most law enforcement must cultivate and develop its expertise from within its ranks to tailor to emergent crimes, such as cybercrime (see Nhan 2010), or rely on small specialized sub- units within federal agencies economic and white-collar crimes, such as the FBI and IRS (see Friedrichs 2010), members of public forums are professionals in a wide range of fields, which include IT professionals and accountants. In fact, Reddit’s site contains sub-forums dedicated to specific interests that range from financing and computer security to religion and politics. We see this wide variety of skills and expertise put to use during the Boston Marathon bombing investigation on the Reddit forums. In one post, a member claiming to have a background in military forensics gives detailed information on explosives and explosives investigations, stating: There are dozens of different ways to make explosives, and they all involve specific and well known chemical mixtures. You can perform a range of tests from the size and severity of the blast and burn marks on materials, to chemical traces on the ground, right through to chemical traces on the shrapnel. It’s also very common for home made [sic] devices to explode in an incomplete or inefficient fashion, leaving traces behind. You are also quite likely to find evidence of the detonating device. How this is made and triggered (it can even have finger prints on it) is a huge clue. The member goes on to explain the investigative steps and methods in great detail in relation to the explosives used in Boston. Similarly, another forum member claiming to have a professional background in explosives states:

Table 2 Discussions related to information shared combined threads

Type of information N %

Boston users’ news 162 4.4 Photos 592 16.0 Videos 120 3.2 Direct news link 1,104 29.8 Secondary news link 1,023 27.6 Hearsay news/police radio 708 19.1 Total 3,709 100

348 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS

From the couple of reports I’ve read about what remnants were recovered, I think the devices were possibly crude DTMF (dual tone multi frequency) triggered devices. Without seeing the top of the circuit board that was pictured in the Daily Mail pic dump, I can’t be sure. Anyways, this would lead me to believe that the devices were RCIEDs (Remote Controlled Improvised Explosive Devices), rather than a device that was triggered by a mechanical/electrical/chemical timer…Source: my field of work involves devices like this. I’ve seen a lot of them. Underscoring the variety of expertise on the forums, other members in unrelated fields found themselves to be useful during the unofficial investigation. One forum member who is a radio-controlled (RC) car enthusiast was able to help identify the triggering mechanism used in the bombing. He stated, ‘I am an RC modeller and one of the chips in the photos looks similar to ones use for RC cars. Shared my ideas here: [link to sub- reddit forum]’. More remotely, a member working for a tire distributor found himself useful when trying to identify the suspect with the hat worn by one of the bombing suspects. He responded to a picture by stating: Hmm I work for a Tire Distributor and you get this hat for free for completing their Bridgestone ‘procert’ testing. I actually have one in the mail on the way right now. I’m sure there’s other places you can buy them but I just thought I’d throw that out there. He was urged by forum members to immediately report his findings to the FBI. Although these members cannot be verified in terms of their expertise and only represent a small number of individuals (n = 16) in our data, information shared can be a valued security asset not only a technical standpoint, but from the diversity of the expertise, as shown by the proclaimed professional tire distributor. The overall power of a nodal security network to respond to crime online or in the real world is often limited by inter-nodal frictions stemming from political and cultural incompatibilities. In principle, law enforcement and the general public share similar views as to what constitute desirable outcomes for reprehensible crimes, such as the Boston Marathon bombing. Law enforcement’s symbolic capital, in the form of its centrality and leadership in the network, and political capital, derived from its ability to government resources, are complementary to the public node’s cultural capital, exempli- fied in its expertise in a broad subject matter, and itssocial capital, related to the expan- sive subnetworks of connected individuals participating worldwide. Again, in principle, these forms of capital create a very broad and deep reservoir of actionable knowledge. However, the Boston example shows separate, parallel investigations being conducted by both nodes, with no information reciprocated by law enforcement and little direc- tion given to the public. The unidirectional flow of information duplicates resource output and undermines more robust collaborative efforts. Public–police inter-nodal relational limitations can be explained by the long history of police–citizen mistrust developed through police professionalism. Manning (2005: 195) characterized the mentality of the occupational subculture as a ‘siege mentality’, with postulates that include (1) People cannot be trusted; they are dangerous; (2) You must make people respect you; and (3) Everyone hates a cop. Van Maanen (1978) further illustrates this point by describing police perceptions of the public as oscillating between ‘know nothings’, ‘suspicious persons’ and ‘assholes’. These negative mentalities towards the public are compounded by potential legal issues of co-opting the public for active assistance. For instance, Huey et al. (2013) found that many police organizations

349 NHAN ET AL. refused the help of well-intentioned online groups actively aiding officers in identifying and apprehending sexual offenders.

Cyber-sleuthing: Civilian Investigations Online In the aftermath of the Boston Marathon bombings, many Reddit users assumed the unofficial role of cyber-sleuth by acting as participants in the ongoing law enforcement investigation. These civilian investigators worked to compliment the official investigation and manhunt by serving as an extra set of ‘eyes and ears’ for law enforcement. Combing through hundreds of pictures and videos, when a Reddit user identified information that may be pertinent to the FBI or Boston Police Department, he or she was encouraged to report it to law enforcement. At the same time, forum users discour- aged other members from becoming too actively involved in the investigation, such as by actively pursuing suspects. As shown in Table 3, in the days after the bombing nearly 1,500 threads were created to share information related to the ongoing investigation (89.3 per cent of all investigation-related threads). Many other threads (4.2 per cent) were devoted to sharing information about the suspected bombers. Most often, these posts attempted to identify the suspects from photographs of the crown and blast area. Participants in these threads often drew attention to suspicious persons in the photographs whom users believed may have been implicated in the bombings. For many community members, this meant perusing photographs and videos for potential suspects in order to find and piece together information that law enforcement may have missed, indicative of the underutilization of the public node’s social and cultural capital. In one such typical post, one member commented: What seems really interesting to me is they are on the move away from where the first bomb was placed. Notice the Bright orange jacketed guy it the very top corner, against the barrier. He is cut off from the edge in the first photo but using him as reference you can see most of the people around him stay in the same location (Red hood, White hood, white cap2). In the next picture white cap and shiny blue are 35–40 people down from orange jacket and moving out of the enclosed space, towards the second blast location. Orange and most people around him seem to remain near the Netherlands flag … Looking at an aftermath photo, it seems like the bomb was place right in this very location, near the brick cobblestone stripe. It is as if he placed it down right after this pic was taken! Similarly, forum members conducted a virtual crime scene investigation by combing through the details of many photos of the blast posted on the Internet. For example, in one typical post, a member states,

Table 3 Discussions related to investigation

Nature of discussion N %

Investigation related 1,439 89.3 Suspect information 67 4.2 Technical information 6 0.04 Expert knowledge 16 1.0 Law enforcement link 84 5.2 Total 1,612 100

350 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS

There is a lot more debris on the ground in the second photo, its also hard to tell from so far away. Remember, different angles give different depths to objects, so that burn mark may be further to the right in the second picture. Edit: Actually, if you zoom in, it almost looks like some sort of light-weight debris caught in the tree fluttering at the exact moment of the picture being taken. I’m probably wrong, but it just caught my eye. Oftentimes, when ‘relevant’ information was identified, community members reported it to the police. Other users provided contact information or direct links to reporting by law enforcement (5.2 per cent). A small number of users (1.0 per cent) claimed to have expert knowledge in the type of explosive used and provided information on different technical aspects of the bombing (0.04 per cent). For example, one claimed that, based on his analysis, the bombs could only have been made by individuals with detailed knowledge of explosives: Just saw the video. From the smoke analysis I believe it was not a high velocity explosive. Color, density and amount of smoke suggests fertilizer was used also the size of the fire blast vs amount of smoke also suggest this. Looking at the windows broken, but with some pieces of glass still left attached is also consistent of a low velocity explosive. High amount of lower leg injuries were probably caused by objects on the ground (like chairs, bricks, fences etc) propelled by the blast-wave. Nails or anything consistent enough to be used as shrapnel may have been added to the bomb. However to have that horizontal projection would require a highly skilled bomb maker that would never use a low velocity explosive. Also it would be very unlikely have that effect just by chance. A later poster offered an alternate theory: ‘looking at the pictures, it seems to be a low- velocity explosive with shrapnel embedded (ball bearings, maybe nails, other bits of metal, things like that). Basically a pipe bomb’. He added: ‘I have also seen references that the bomb was placed in a trash can, which would have further slowed the explosion and shrapnel’. Based on these unfounded observations, the individual drew the following conclusion: ‘Basically, it seems like they were intended to injure more than kill’. Others similarly speculated that, because of where the bombs were placed, the perpetrators’ goal may have been to maim the runners’ legs’. Another discussion thread included a lengthy description and analysis of the type of pressure cooker used to create the bomb: Going off the other picture with markings… 6 L: (So maybe that means 6 Liters?) CE marking.—This means it was made 1993 or later and is sold in the European Economic Area. UL Listed marking. Though UL has lots of markings none of which seem to match exactly. Possibly a number relating to the UL certification, but I can’t make it out. Ending in ‘77?? 0 55/1.05 –ar SS 1.6 ba- It’s hard to make out much from the photo, but that may help in searching or at least verifying findings. This post was followed up by numerous replies going into great detail about the pressure cooker. As a result of their cyber-sleuthing, Reddit users were quickly able to state they knew the brand and model of the pressure cooker. Using photographs taken from the area in 351 NHAN ET AL.

Photo 1 Pressure-cooker backpack which the first bombs were set off, an individual with a backpack was deemed to be the likely carrier of a pressure cooker and therefore a suspect of interest to cyber-sleuths (Photo 1). Although some posters focused on technical aspects of the crime in order to identify the perpetrators and understand their motives, others sought a different route. These posters were more interested in discussing whether the attacks were linked to an organized violent extremist group or were instead the work of a so-called ‘lone wolf’ actor. Although different in content from other forms of speculation offered online, these posts similarly were phrased in ways that suggested the poster had some deeper knowledge and/or experience of the field of violent extremism. ‘Honestly, my gut screams ‘domestic’ on this, and has since this afternoon’, one individual posted, ‘I don’t know why I feel that way. As soon as it happened, my head said that this sounds more like a McVeigh than an organized terror group’. Another poster, who cited no particular expertise in the area of terrorism, but still presented what was taken as informed opinion, responded to a query as follows: ‘Why has no one taken credit for the bombings? Terror groups typically confirm the attacks soon after, since they are using the attacks to push an agenda’. Another asserted, ‘Taking credit is more of a foreign terrorist thing. Domestic groups tend to try to hide their involvement’. 352 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS

In addition, forum members performed informal background checks on every suspect presented by other users, law enforcement or mainstream media. To illustrate, when Fox News reported a link between a ‘suspicious’ individual and a raid by FBI agents, this information was duly reported by a poster, who then searched for ‘clues’ on the man’s identity and posted a recent news article purportedly on this same individual: Moroccan man in suspicious vehicle (earlier scanner chatter) is being connected (by Fox, so take this with a grain of salt) to the raid at 364 Ocean. I Googled ‘Moroccan’ and ‘364 Ocean’ (I swear, I’m not racist), and found articles about a ‘Moroccan Man’ who was arrested last year … acting suspicious, then attempting to burn down his house. After doing more fact-checking, he then subsequently retracted his earlier statement, noting: ‘It’s very much not the same guy, it’s just a coincidence’. Often, users looked up information posted on social media sites on the suspected person and their friends. Many went as far as to look up their shopping history on Internet retail site Amazon. com. A very small number of members presented conspiracies on motives and government involvement, comments that were often quickly dismissed by others as untrue and speculative. The Boston investigation highlights several key aspects of the positive potential of employing a distributive crowdsourcing model of information gathering and dissemination. The public’s social and cultural capital provides for both breadth and depth of knowledge many topics given the sheer number of individuals who are experts, professionals and hobbyists in their respective fields and interests. Despite the potential for robust investigative resources, a lack of guidance and active feedback from law enforcement increases the likelihood that such efforts are redundant or subject to error.

The Mishandling of ‘Clues’ As the preceding discussion of the ‘pressure cooker backpack’ demonstrates, over the course of their cyber-investigations Reddit posters focused their attentions on a number of purportedly suspicious activities and individuals. Despite being well intentioned, in several notable instances online discussion gave way to rampant speculation, often to real or potentially disastrous effect. Within this section, we explore two of these effects: The mislabelling of innocent actions as suspicious activities and, more worrisome still, the misidentification of innocent individuals as legitimate suspects. One of the forms of suspicious behaviour that drew significant attention from cyber-sleuths pouring over photos of the Marathon was the wearing of backpacks. Unfortunately, as some Reddit members lamented, there were a great number of individuals carrying backpacks at the event. One drew the attention of a poster, who speculated that, based on the purported style of backpack (‘military tactical’) he could be dismissed as a suspect on the ground that he ‘maybe some sort of undercover’. The image of the same man generated a very different response from another user: ‘I said this guy looks suspicious hours ago’. In one thread, while some Reddit users were mocking similar cyber-sleuthing activities by media outlets and by rival group, 4Chan, other members were drawing their own conclusions based on the same images taken at the race. Again, the ‘pressure cooker backpack’ individual figures in posts as someone looking and behaving

353 NHAN ET AL. suspiciously. As Photo 2 below illustrates, one theory provided as to why this individual might be a viable suspect is that the backpack he was carrying earlier is not visible in a later photograph. Although some posters raised the possibility that the backpack was heavy and might have been temporarily carried in front by its owner, such sug- gestions were shot down by other Reddit users. A further ‘clue’ debated by posters is the head position of the individual with the backpack and where his gaze would have been directed. In the first picture, he is clearly not looking at the race course and some interpreted this action as indicative of a lack of interest in the race and therefore proof that he had another, more nefarious, purpose for being at the scene. As one poster explained: ‘I’ve looked at all the photo dumps and have concluded that this is our primary suspect. The guy in the white hat. If I see a picture of the guy in the blue athletic gear without his bag, then he’s for sure the second suspect’. Some Reddit users went further and, based on pure speculation, identified specific individuals they thought were viable suspects in the bombings (see the example of the ‘Moroccan man’ above). The most egregious example of this occurred when Reddit users mistakenly identified Sunil Tripathi, a missing American student, as a perpetrator (Shontell 2013). As a result, Tripathi’s mother began receiving threatening messages (Kang 2013). Tripathi’s body was subsequently found in the Providence River; the young student had apparently killed himself before the bombings occurred (Kang 2013).

Trying to Harness (or Rein in) Civilian Efforts: Police Work Online Unidirectional information flow from Reddit users to law enforcement severely limits the robustness of the security network, even if both nodes have similar desirable outcomes. In the case of the Boston Marathon bombing, both nodes sought to identify and apprehend the suspects. Despite this compatibility, without a bidirectional flow of

Photo 2 Suspicious bags 354 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS information, law enforcement efforts were mostly spent on directing a passive node, rather than engaging an active node. During the Boston Marathon investigation it was not only civilians who were active on social media, law enforcement was present as well. Members of law enforcement agencies were, however, engaged in a very different set of tasks. Although it is the case that they too were searching for clues related to the identity and activities of the perpetrators, agents of the Federal Bureau of Investigation (FBI) were specifically tasked with observing and redi- recting civilian efforts at information gathering—that is, they were attempting to harness citizen digilante efforts into a potentially useful form of crowdsourcing and to curb rampant and potentially dangerous speculation (Hollander 2013; Simpson 2013). As a number of media sources report, the FBI’s efforts at ‘damage control’ were not entirely successful. One of the first and most important steps taken by the FBI to regain control of the investigation in social media was to release photos of the suspects. This action was taken directly in response to an article in the New York Post that misidentified an innocent individual as a suspect and to Reddit users’ review of a stream of photos from the scene, which law enforcement rightly feared was resulting in further public misidenti- fications Simpson( 2013). The FBI (2013) also issued a media release chastising media outlets for facilitating speculation: Contrary to widespread reporting, no arrest has been made in connection with the Boston Marathon attack. Over the past day and a half, there have been a number of press reports based on information from unofficial sources that has been inaccurate. Since these stories often have unintended conse- quences, we ask the media, particularly at this early stage of the investigation, to exercise caution and attempt to verify information through appropriate official channels before reporting. Although never publicly confirmed, it is also very likely that FBI also took the further step of contacting Reddit’s then general manager and asked to have certain threads containing highly speculative comments shut down and to have tighter moderator con- trols placed on thread and post contents on any discussions related to the investigation. Moderators also began directing posters to not only post photos related to the attack to a specific thread but to also share information directly with law enforcement (see Photo 3). In the case of the Boston Marathon bombings, law enforcement’s engagement with forum users and administrators stands in stark contrast to its lack of engagement in the past with other citizen groups, which has sparked past vigilante efforts. In Boston, the police’s engagement, instead, reinforces its symbolic capital as a position of centrality in the network. Another action taken by the FBI to redirect public efforts was to assign agents to directly monitor social media sites. The first post of a newly opened Reddit account belonging to ‘dropPoliceFed’1 stated: Yes, the FBI and other federal CT (counterterrorism) investigators know about this thread. I have been following social media since the explosion. Of note, it appeared on Reddit prior to CNN. Some of the information here is correct—and some, well not so correct. PLEASE forward all videos and images from the marathon if you were there. They will be reviewed by the investigators. (oh, I am using a one time account at this time).

1The ‘dropPoliceFed’ account was opened on 15 April 2013—the day of the attack. This user made a total of nine posts exclu- sively on Boston Marathon bombing threads. The bulk of these posts were directed at asking people to send pictures to law enforcement. The account has since been inactive. 355 NHAN ET AL.

Photo 3 Contact the police

Other posts made by this account similarly reminded Reddit users to direct information to law enforcement. For instance, the third thread in a series entitled ‘Boston Marathon Explosions—Live Update’ contained the following post by ‘dropPoliceFed’: Redditors: Please get the word out that anyone who has original videos, pictures or images taken during the marathon - please forward to the FBI Boston. [email protected] Please do not edit the original file. We are using the original date time stamps of the images. Any image taken along the entire race would be appreciated, but especially near the finish line at any time today. Maybe crowd sourcing will help catch the suspects. Thanks! In another thread, dropPoliceFed also stepped in to correct an erroneous statement by another poster who claimed that the FBI would search and seize the computers of individuals who shared photos of interest to law enforcement. uh, what? The FBI does not need to obtain the images off the original in order to utilize the image in court. First the images are being used to recreate the event and possibly identify a suspect(s). If an image/ video is used for court purposes - the person who took the photo may be called in to testify to the circumstances that the photo/video was taken. These images are being provided to the FBI voluntar- ily and do not require a subpoena. Law Enforcement is NOT going to anyone’s house to search or seize their computers—well, unless they are a suspect. Tensions between the FBI and Reddit forum users during the Boston Marathon investigation reflect larger inter-nodal conflicts between law enforcement and the private sector. The ad hoc collaboration was a one-time occurrence rather than a sustained relationship between two nodes. This ephemeral nature reflects fundamental differ- ences between the two nodes with different mentalities and security assets. Law enforcement, with its symbolic and political capital, serves only one function: To investigate and

356 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS apprehend suspects for the purpose of legal processing using state-granted powers and resources. The mentality of the public node can be problematic for sustained inter-nodal relationships. Public anti-authoritarianism, coupled with a personal sense of right and wrong, often conflict with legal standards Barlow( 1996). For some types of crimes, this inability to sustain inter-nodal security relations between the public and law enforcement nodes is even more contentious. Nhan (2010) found that in corporate hacking cases, police and public nodes have divergent goals that are exacerbated by cultural and structural frictions. For example, law enforcement’s mandate to apprehend suspects via intrusive computer forensics were largely found to be an undesirable outcome for many companies, who prioritized protecting their public image of having strong security and not provoking further attacks. The temporary, ad hoc Boston Marathon bombing security network resulted in two unintended outcomes. First, it underscored and reinforced police symbolic capital of centrality in many security networks (for an exception, see Nhan and Huey 2008; Nhan 2010). Without strong and active leadership to guide and provide active feedback on investigations, even an army of diversified experts, professionals and enthusiasts can be led astray. Second, using a Durkheimian analysis, it failed to create social solidarity between the two nodes. Specifically, it failed to establish a structuralorganic solidarity of inter-nodal dependency based on complementary security capital despite having a common external threat (see Durkheim 2014).

Conclusions The Boston Marathon bombing incident was a pivotal moment in citizen participation in policing. It was the first time online communities were actively involved in conducting their own investigation into a terrorist attack concurrently with the official police investigation. The result of this was an ad hoc nodal network of various law enforcement agencies, emergency workers, and the general public managed via the Internet. While the general public, in this instance, was not successful in their efforts (e.g., several ‘suspects’ were incorrectly identified), the Boston Marathon bombing shows the potential for the general public—or informal cyber-sleuths—filling several deficiencies in the law enforcement system by serving as a resource, communications and news hub, or a forum for finding support, and serving as additional ‘eyes and ears’ for law enforcement. Although the capital possessed by the law enforcement node is static, the general public’s capital is more fluid and may vary based on the composition of the group of cyber-sleuths. Previous involvement of the general public in supporting police investigations in cyberspace have largely been at the behest of police organizations or in the form of cyber-vigilantism. For example, following the Vancouver Canuck’s loss to the Boston Bruins in the 2011 National Hockey League Stanley Cup Final, disgruntled fans rioted in downtown Vancouver. Almost 20 vehicles, including police cruisers, were overturned and set ablaze, store windows were smashed and substantial looting occurred. Many rioters were arrested on scene, but in the days that followed pictures of the incident were posted on social media by rioters and bystanders alike. The Vancouver Police Department quickly issued a call for the public’s assistance in identifying rioters in the

357 NHAN ET AL. pictures posted to social media. The general public complied, and many others were arrested in the following weeks. The Vancouver riots represent a highly successful use of crowdsourcing by the police. In other instances, the value of the general public as a security stakeholder has yet to be realized, with police reluctant to accept any active involvement in investigations as more of a liability than real asset (see Huey et al. 2013). Amateur cyber-sleuths may increase pressure on already strained police resources by producing an overabundance of ‘tips’ for the police to investigate. Likewise, Internet users, in the case of the Boston Marathon event, have shown that simply having more ‘eyes and ears’ does not neces- sarily translate into better effectiveness. Among several individuals a misidentified as the bomber was Brown University student, Sunil Triphathi (Van Grove 2013). On the other hand, police failure to fully involve the general public and reciprocally share information regarding ongoing investigations can frustrate well-meaning digilantes (for an example of such frustrations relating to cyberbullying investigations, see Broll and Huey 2014). Such frustrations may increase the likelihood of potentially problematic and even dangerous forms of vigilantism, such as Anonymous’ use of doxing in the Amanda Todd case and the infamous Chinese human flesh search engine. Data extracted from Reddit forum posts reveal several patterns among community participation that reflect a growing demand for public sector involvement and recognition of the public as a legitimate security node. Law enforcement willingness to accept the public as an active participant within security networks, however, remains uncertain. This uncer- tainty needs to be addressed because Reddit is just one of many online communities in which cyber-sleuthing and other such related activities organically emerge when tragic events occur, and these activities can serve important functions. Regardless of their real or perceived value, online communities of ‘digilantes’ are here to stay. Perhaps the failure of the general public to identify the Boston Marathon bombers reinforces the police perspective. However, if there is a public desire to collectively ‘assist’ the police in ongoing investigations, there is likely little the police can do to stop such efforts. Not only is there likely little that law enforcement and public policy makers can do to block public efforts, but it may not be in their best interests to do so. In fact, with the evolving distributed nature of crime in the information age, old models of geographi- cally defined policing are increasingly outmoded and avenues for crime expanded. Thus, police agencies would be better advised to develop strategic policies and practices aimed at proactively recognizing and employing members of the public as additional crime detectors and, potentially, as valued experts in specialized fields. Police management of public online investigational activities might not only potentially generate more useful information but minimize negative impacts (such as the misidentification of suspects). Assigning police officials to work with community moderators and even monitor especially prominent websites—as seems to have occurred on Reddit in the aftermath of the Boston Marathon bombings—may be a useful first step. Select moderators can be used to ensure that overly inflammatory posts or those that may expose unverifiable ‘suspects’’ identities are quickly removed, and officers can preliminarily review posts that seem promising and remind users to report important evidence to the proper authorities. In comparing the role of cyber-sleuths in the investigations in Vancouver and Boston, an important point of distinction emerges: in Vancouver, the public’s assistance was sought out by the police, whereas in Boston the general public took it upon themselves 358 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS to undertake a parallel investigation. This distinction highlights an often conflicting role for the public in the viewpoint of police—whether to passively serve as more ‘eyes and ears’ as in the case of Boston or take on more active roles as security partners, as in the case of Vancouver. Crowdsourcing proved more effective in Vancouver than in Boston, perhaps suggesting unique benefits when police are able to employ cyber- sleuths to fill organizational holes; the same benefits may not be realized when the general public duplicates police activities. Internet users, in the case of the Boston Marathon event, have shown that simply having more ‘eyes and ears’ does not necessar- ily translate into better effectiveness. Although resources are dispersed throughout nodal security networks, the police tend to maintain a position of authority, or centrality, in cyberspace (author cite). When possible, therefore, police agencies could focus the public’s attention on key areas of the investigation in which they are most in need of support. This approach proved effective in response to the Vancouver riots and could have been utilized after the Boston Marathon bombings. For example, releasing a brief description of the suspects may have focused the public’s efforts in combing through photographs and may have reduced the number of false identifications. This approach would also serve to minimize the number of unnecessary tips received by the police. At the same time, it also requires the police to recognize the general public as a more complete partner in the provision of security. In neither case, however, the police have not utilized the ‘expertise’ of the public by tapping into the full range of professional knowledge and resources, underscore perhaps the entrenched culture of mistrust towards non-police entities developed throughout professionalism. The present study should serve as a preliminary examination of the potential of the public as a security partner in investigations led by mainstream law enforcement agencies. Although it is a less than ideal model of research, it provides a snapshot of the of online digilante groups at the moment of the incident, revealing mentalities and actions that are reflecting of aggregates of individuals coming together for a common purpose. Future research should include other forums and the interaction between law enforcement and private nodes, perhaps employing Wood’s (2006) comprehensive methodical nodal mapping exercise that identifies assets and mentalities of each node.

References Barlow, J. P. (1996), ‘A Declaration of Independence of Cyberspace’, available online at https://projects.eff.org/~barlow/Declaration-Final.html. Bennett, C. J. and Haggerty, K. (2011), ‘Introduction: Security Games: Surveillance and Control at Mega-events’, in C. J. Bennett and K. Haggerty, eds, Security Games: Surveillance and Control at Mega-events, 1–19. Routledge. Broll, R. and Huey, L. (2014), ‘“Just Being Mean to Somebody Isn’t a Police Matter”: Police Perspectives on Policing Cyberbullying’, Journal of School Violence, 14: 155–76. Burris, S., Drahos, P. and Shearing, C. (2005), ‘Nodal Governance’, Australian Journal of Legal Philosophy, 30: 30–58. Castells, M. (1996), The Rise of the Network Society: The Information Age: Economy, Society and Culture, Vol. 1. Blackwell.

359 NHAN ET AL.

——. (2010), The Rise of the Network Society: The Information Age: Economy, Society and Culture, Vol. 1, 2nd edn. Wiley-Blackwell. Crump, J. (2011), ‘What Are the Police Doing on Twitter? Social Media, the Police and the Public’, Policy & Internet, 3: 1–27. Davison, J. (2012), ‘Online Vigilantes: Is ‘Doxing’ a Neighbourhood Watch or Dangerous Witch Hunt?’, CBC News, available online at http://www.cbc.ca/news/technology/ online-vigilantes-is-doxing-a-neighbourhood-watch-or-dangerous-witch-hunt-1.1132015. Dean, M. (2012), ‘The Story of Amanda Todd’, The New Yorker, available online at h t t p : // www.newyorker.com/culture/culture-desk/the-story-of-amanda-todd. Downey, T. (2010), ‘China’s Cyberposse’, The New York Times, available online at h t t p : // www.nytimes.com/2010/03/07/magazine/07Human-t.html?pagewanted=all&_r=0. Dupont, B. (2004), ‘Security in the Age of Networks’, Policing & Society, 14: 76–91. ——. (2006), ‘Power Struggles in the Field of Security: Implications for Democratic Transformation’, in J. Wood and B. Dupont, eds, Democracy, Society and the Governance of Security, 86–110. Cambridge University Press. Durkheim, E. (2014), The Division of Labor in Society, Original work published 1893, trans- lated by W. D. Halls. Free Press. Ericson, R. V. and Haggerty, K. D. (1997), Policing the Risk Society. University of Toronto Press. Federal Bureau of Investigation (FBI). (2013), ‘No Arrest Made in Bombing’, FBI website, available online at http://www.fbi.gov/boston/press-releases/2013/ no-arrest-made-in-bombing-investigation Friedrichs, D. O. (2010), Trusted Criminals: White Collar Crime in Contemporary Society, 4th ed. Wadsworth. Hollander, C. (2013), ‘What You Need to Know About Reddit, the FBI and the Boston Marathon Suspects’, The National Journal, available online at http://www.nationaljournal. com/domesticpolicy/what-you-need-to-know-about-reddit-the-fbi-and-the-boston-marathon-suspects-20130417. Howe, J. (2006), ‘The Rise of Crowdsourcing’, Wired Magazine, 14: 1–4, available online at http://archive.wired.com/wired/archive/14.06/crowds.html. Huey, L., Nhan, J. and Broll, R. (2013), ‘‘Upity Civilians’ and ‘Cyber-Vigilantes’: The Role of the General Public in Policing Cyber-Crime’, Criminology & Criminal Justice, 13: 81–97. Kang, J. (2013), ‘Should Reddit Be Blamed for the Spreading of a Smear?’, New York Times Magazine, available online at http://www.nytimes.com/2013/07/28/magazine/should- reddit-be-blamed-for-the-spreading-of-a-smear.html?pagewanted=all&_r=2&. Kelling, G. L. and Moore, M. H. (2005), ‘The Evolving Strategy of Policing’, in T. Newburn, ed., Policing: Key Readings, 88–108. Willan. Malesky Jr., L. and Ennis, L. (2011), ‘Supportive Distortions: An Analysis of Posts on Pedophile Internet Message Board’, Journal of Addictions & Offender Counseling, 24: 92–100. Manning, P. K. (2005), ‘The Police: Mandate, Strategies, and Appearances’, in T. Newburn, ed. Policing: Key Readings, 191–214. Willan. ——. (2008), The Technology of Policing: Crime Mapping, Information Technology, and the Rationality of Crime Control. New York University Press. Marx, G. T. (2013), ‘The Public as a Partner? Technology Can Make Us Auxiliaries as well as Vigilantes’, IEEE Security & Privacy, September/October, available online at h t t p : // web.mit.edu/gtmarx/www/marx-publicas.html. 360 ANALYSIS OF CROWDSOURCING AND BOSTON MARATHON BOMBINGS

Montgomery, D., Horwitz, S. and Fisher, M. (2013), ‘Police, Citizens and Technology Factor into Boston Bombing Probe’, The Washington Post, available online at http://www. washingtonpost.com/world/national-security/inside-the-investigation-of-the-boston- marathon-bombing/2013/04/20/19d8c322-a8ff-11e2-b029-8fb7e977ef71_story.html. Nhan, J. (2010), Policing Cyberspace: A Structural and Cultural Analysis. LFB Publishing. Nhan, J. and Huey, L. (2008), ‘Policing through Nodes, Clusters, and Bandwidth’, in S. Leman-Langlois, ed., Technocrime: Policing and Surveillance, 68–87. Willan. Schneider, C. and Trottier, D. (2011), ‘The 2011 Vancouver Riot and the Role of Facebook in Crowd-Sourced Policing’, BC Studies, 175, 57–72. Shaw, E. (2014). ‘Philly Hate Crime Suspects Tracked Down by Anonymous Twitter Hero’, Gawker, available online at http://gawker.com/philly-hate-crime-suspects-tracked- down-by-anonymous-tw-1635661609/all. Shontell, C. (2013), ‘What It’s Like When Reddit Wrongly Accuses Your Loved One of Murder’, Business Insider, available online at http://www.businessinsider.com/ reddit-falsely-accuses-sunil-tripathi-of-boston-bombing-2013–7. Simpson, C. (2013), ‘F.B.I. Released the Tsarnaevs’ Photos because of Reddit and the Post’, The Wire, available online at http://www.thewire.com/national/2013/04/ fbi-released-tsarnaev-brothers-photos-because-reddit-and-post/64416/. Skitka, L. J., Bauman, C. W. and Sargis, E. G. (2005), ‘Moral Conviction: Another Contributor to Attitude Strength or Something More?’, Journal of Personality and Social Psychology, 88: 895–917. Tapia, A., LaLone, N. and Kim, H. (2014), ‘Run Amok: Group Crowd Participation in Identifying the Bomb and Bomber from the Boston Marathon Bombing’, in S. Hiltz, M. Pfaff, L. Plotnick and P. Shih, eds, Proceedings of the 11th International ISCRAM Conference, 265–74. University Park, Pennsylvania. Tapscott, D. and Williams, A. D. (2010), Wikinonomics: How Mass Collaboration Changes Everything. Penguin. Trottier, D. (2014a), ‘Crowdsourcing CCRV Surveillance on the Internet’, Information, Communication & Society, 17: 609–26. ——. (2014b), ‘Police and User-led Investigations on Social Media’, Journal of Law Information and Science, 23: 75–91. Van Grove, J. (2013), ‘Reddit Regrets Role in ‘Online Witch Hunt’ for Misidentified Suspect’,CNET , available online at http://www.cnet.com/news/ reddit-regrets-role-in-online-witch-hunt-for-misidentified-suspect/. Van Hout, M. C. and Bingham, T. (2013a), ‘‘Silk Road’, the Virtual Drug Marketplace: A Single Case Study of User Experiences’, International Journal of Drug Policy, 24: 385–91. ——. (2013b), ‘‘Surfing the Silk Road: A Study of Users’ Experiences’,International Journal of Drug Policy, 24: 524–9. Van Maanen, J. (1978), ‘The Asshole’, in P. K. Manning and J. V. Maanen, eds., Policing: A View from the Streets, 221–37. Random House. Wall, D. S. (2007), Cybercrime: The Transformation of Crime in the Information Age. Polity. Wall, D. S. and Williams, M. (2007), ‘Policing Diversity in the Digital Age: Maintaining Order in Virtual Communities’, Criminology and Criminal Justice, 7: 391–415. Wood, J. (2006), ‘Research and Innovation in the Field of Security: A Nodal Governance View’, in J. Wood and B. Dupont, eds, Democracy, Society and the Governance of Security, 217–40. Cambridge University Press.

361