Having established the extent of the respondents’ participation in the practice of sexting, this section investigates further the nature of the behaviour of those who had
participated. While it has been established that the activity is itself, in any form, a threat to the participant’s personal information security and online privacy, aspects of the behaviour that enhance the risk are examined. As in the previous section,, the focus is primarily on sending rather than receiving behaviour.
In Question 92, ( ‘Did you do this …’), respondents were asked as a follow up to the preceding question on their involvement, to supply answers relating to their behaviour when sexting, the results of which are given in Table 6.2.
Table 6.2: Frequencies of specific sexting behaviour
Request Behaviour Count(n=258) Frequency %
By request 26 10.08
Without being requested 10 3.88
More than once? 15 5.81
Because you felt pressurised to do so 4 1.55
To an older person 8 3.10
To a younger person 7 2.71
Not Applicable 217 84.11
Other (option available for open-ended answer) 10 3.88
In terms of risk the numbers are low, but as previously established the activity itself is a risk to personal information security and online privacy and the answers received serve to illuminate this. While participating by request would seem perhaps one of the more innocuous methods of doing so, the risk in losing control over the material sent has been established. A greater risk is that there are respondents who indicated that they sent explicit material without being requested to do so. This shows an increased risk of compromise or misuse of the material due to no negotiation regarding the receiver’s use, storage or distribution of the material, as would perhaps more likely be the case if
the material was requested. The fact that some respondents (5.81%) engaged in the activity more than once showed that they were either unaware of the risks, or chose to ignore them.
The number of respondents who answered that they had felt pressured to send an explicit picture or video was low; 4, or 1.55% of all respondents. While it could be considered positive that the majority of those participating in the activity were doing so apparently free of duress, respondents who did participate under any degree of duress would potentially have an even lesser chance of maintaining their privacy, owing to the potential absence of a trust relationship with the receiver.
While not necessarily under duress, a concerning (in terms of risk) result was obtained by analysing the responses to Question 96 (which dealt with the distribution of explicit material of someone else), in conjunction with the results shown in Table 6.1 for this behaviour. This indicates that 8.91% of respondents had distributed material of someone else without that person’s consent, compared to 3.49% who had received consent to distribute. While the values are relatively low in overall terms, high numbers are not necessary for participants, even unwitting ones to be at risk of compromise via non-sanctioned distribution. Even the granting of consent for someone else to distribute compromising material to a third party or parties is high risk behaviour, and one that would need to be investigated in more depth in future research.
Table 6.3 reveals who the receivers of explicit images or videos were for those respondents who had indicated that they had sent such material of themselves. The information in Table 6.3 was compiled from the answers to Question 93, which tasked the respondents with providing an answer to ‘Who did you send it to?’ The majority of respondents (12.79%) had sent material to either a boyfriend or girlfriend, which implied a degree of trust, which as previously emphasised could be temporary. This is because once such a relationship has ended, the trust aspect could be broken, and the sender would be at a potentially high risk of having their material distributed to third parties, or used in other compromising ways. The percentage of those sending material within what could be termed a situation or relationship of trust was increased to 18.21% when adding those who had sent to a friend. While this is relatively positive considering that 84.11% of respondents had provided ‘non-applicable’ as the answer, it
could be argued that as noted previously, trust relationships can break down and potentially pose an equal if not greater risk in terms of vindictive or non-sanctioned re- distribution of the material.
Table 6.3: Targets of specific sexting behaviour
Recipient Count (n=258) Frequency % Your boyfriend 15 5.81% Your girlfriend 18 6.98% A friend 14 5.43% An acquaintance 5 1.94%
Someone met online and not in person 6 2.33%
Not Applicable 217 84.11%
Other (option available for open-ended answer) 5 1.94%
The greatest risk in terms of behaviour drawn from Table 6.3 is that six respondents had sent explicit material to someone that they had never actually met. Sending to significant others has some risk associated with it, for example what happens to the material following the break-up of a romantic relationship or friendship. The risk is greatly increased however when the sender has no knowledge of the receiver other than via online means (either through information obtained from the stranger themselves through communication, or information available online, neither of which would necessarily be truthful). While not numerically or statistically significant, the fact that there were six respondents who admitted to doing this was in itself reinforcement of the need for education regarding the risks of participation in this activity as outlined previously.
Possibly the primary threat to respondents in terms of sexting outside of a romantic relationship is the social engineer (whether witting or unwitting, since fellow learners may play the role of social engineer in terms of the behaviour outlined below without being aware of the formal name for it). Previously defined in Chapter 2, in terms of direct relevance to sexting, it is worth emphasising here the manipulative nature of the social engineering. Particularly pertinent is the fact that the actions of the social engineer are seldom in the other person’s best interest.
The latter point holds immediate relevance to information security in general, and certainly directly to sexting, where a person known or unknown (whether fellow learner or someone external) to the learner could persuade them to take an action , in the form of sending compromising material of themselves, which would certainly not be in their best interest. Those learners who sent explicit material to people whom they had not met other than online, could well have been the victims of social engineering, deliberate or otherwise. Learners could also be vulnerable to an aspect of social engineering called pretexting. Taking this attack vector into consideration, a strong emphasis should be placed on the idea that not everyone online is who or what they appear to be, and learners should therefore be warned against, for example an alleged peer (age and/or interest wise) with whom they become familiar online, for that person may in fact be neither the age nor the gender that they claim to be.
In terms of the risk of social engineering, 13.56% or only 35 respondents out of the 258 claimed familiarity with the term as shown in Table 4.2. While the survey provided no measure of their actual knowledge or understanding of the term, it could be said that in terms of perceived awareness alone the risk level amongst this group of respondents to various forms of social engineering attacks is relatively high conceptually. However, the relatively low figures of (sexting) engagement with people not known to them physically could indicate a greater awareness of the dangers of dealing with, in sexting terms only, such strangers. If so, this could be considered positive behaviour, when viewed in the context of the findings shown in Chapter 5, which revealed high levels of interactions with strangers.
6.1.3 SUMMARY
The number of sexting participants was low, and the majority of participants sent images to people known to them, with whom it could be said there was some kind of trust relationship, whether implied, tacit, or vocalised. While the practise did not appear to be endemic in this respondent group, the risk to the individual(s) involved is not reduced by low numbers, owing to the potential impacts of participation and the recommendation regarding the importance of mitigating this risk through education remains. The importance of addressing the consequences of indulging in this practice cannot and should not be underestimated.