Policing Cybercrime: The Challenges Part
DAVID WALL: Hello. My name is Professor David Wall. I’m Professor of Criminology at the Centre for Criminal Justice Studies at the University of Leeds. I’m going to talk today about policing cybercrime and the challenges that we are experiencing in the policing of cybercrime. And I must point out that when I use the term policing, I actually mean it very broadly. I’m not just talking about the policing agencies. I’m talking about all of the different organizations and agencies and the individuals, including you and me, who are involved
in managing, regulating, and policing cybercrimes. [A Culture of Fear] The problem with cybercrime is that it’s a complex issue. So is policing it. And one of the big problems that we have to deal with is the culture of fear that exists around cybercrime. We expect to be frightened by it. We can see this in the news press, the media reporting of it, the sensationalized media
reporting. And this culture of fear has financial origins and also cultural origins. It goes back to the science fiction stories, the cyberpunk literature, but also to this relentless mission on the part of some of the cybersecurity industries to frighten us in order for us to part with our money to pay for protection. And we need to make sense of all this. At the moment, public fears of cyber, crime are between 10 and 100 times greater
than the actual chance of victimization. We know this from the various crime surveys, victim crime surveys. And one of the problems in terms of policing is that this culture of fear creates demands for security that the police and government can’t actually deliver. The police actually need to learn to say no sometimes, in my view. And very often, because of the political side of policing– that they have to respond, particularly to some of the social network media crimes– we find that they’re focusing on policing what I call the reassurance gap, the gap between what people are demanding, and the gap between that
and what they can actually deliver. [Prosecuting Cybercrime] If we look at the computer misuse statistics, the statistics from the legislation that’s used to prosecute cybercrimes, what do we find? On the one hand, we are prepped by this by the reports of the cybersecurity organizations, particularly the cybersecurity industry, which tells us that there may be two, three million cyber threats
in circulation at any one time. The trouble is that these are not victimizations and harms. And when we start to look at the prosecutions under the Computer Misuse Act, we actually find something very less. There’s approximately 350 prosecutions in about 25 years. And about 79% of those led to some form of conviction. That’s a bit of a gap between the two.
And why should we have that gap? Well, the answer is quite simple. For a start, prosecutions are an unreliable indicator of success because of attrition, because of the inability to investigate sometimes, but more importantly, because there are lots of different types of cybercrime, many different victims. There are different types of offenders, different types of regulators. Crime itself– and this is important to the understanding
of cybercrime– is both technical and experiential. In other words, many cyber crimes are technically a crime, but they’re, in effect, just a breach of scientific rules. And it would be very, very hard to prosecute an individual for some of those crimes. The fact that a site was logged onto that was illicit, or the fact that someone accidentally
tried to get onto a site which they’re not supposed to go to. That’s very different from the experience of crime, where the person is actually harmed by the experience. Many cybercrimes are actually prosecuted under other laws. So you may have a computer fraud, but actually the computer side of the prosecution just disappears and the focus is on prosecuting the fraud.
Similarly, with other types of computer crime. There’s also a tendency to under report a lot of computer intrusions, particularly by businesses and organizations who are desperate to protect their reputations. Many banks are reluctant to report losses through fraud. And this is why the banking sector itself employs UK payments to whom they submit their data, and it’s processed anonymously so we can get an understanding of what’s happening to the banking sector without actually identifying
a bank. So it actually helps its reputation rather than damages it. And individuals are reluctant to report victimization sometimes because they may have been doing something on a site they shouldn’t have been on. Or, more often, the losses are very, very small in numbers. So we can explain why there are so few prosecutions under the Computer Misuse Act. But of course, computer misuse really
deals with hacking and related intrusion offenses. One of the big challenges for police in recent times has resulted from social network media and the sort of behavioral problems that have been experienced by people. [Prosecutions Under the Communications Act 2003] So as we see, a very, very small numbers of prosecutions under the Computer Misuse Act, we see very, very large numbers of prosecutions under the Communications Act 2003, especially Section 127, which deals
with various forms of bad behavior, effectively, online. And in contrast to the 350 prosecutions in 25 years in the Computer Misuse Act, we have something like 16,000 prosecutions in the nine years between 2004 and 2013. And a lot of this is due to demands upon the police to resolve online communications issues. Sometimes these are very, very serious threats
to the individual’s person, which harms them, upsets them. Other times it’s behavior which should have been dealt with by a responsible other. Let me give you a classic example, which is based in truth. A friend of a person in our family, his girlfriend came back from holiday, put a picture of herself coming out of the sea, like in a James Bond movie, in a bikini, and said,
hey, boys, what do you think? Guess what? My son’s friend, best friend, said, you look gorgeous. And a sort of flirty, witty banter ensued. And my son’s friend got increasingly jealous. And these are 15-year-old kids. So what happened was, he said some words to the effect that, if you pursue this, I will track you down, actually paraphrasing
Liam Neeson in the film Taken. And he said, I will track you down and use my skills to kill you. OK. So we understand that that’s sort of irony, the parody. But I’m afraid his parents didn’t. They just saw the words, I’m going to kill you. They were very concerned about this exchange, looking at face value, reported it to the teacher. The teacher didn’t know what to do,
reported it to the Head of Year. Didn’t know what to do, reported it to the headmaster, who again was a bit unsure about this, because was only seeing a selection of this exchange. It went to the police. The police didn’t know what to do. They asked the Crown Prosecution Service. Clearly there was no direct intent to murder. Otherwise, that would have been a different affair. But there was a case here under Section 127
of the Communications Act. So the police went and arrested this boy. But they misunderstood the communications and thought they were after a murderer, and went in heavy-handed. And you can almost imagine this sort of building up. And then, of course, once this poor boy was put in custody, the facts came out, the whole thing started to unravel. And when he refused to take even a caution for this, which I think probably quite wise in this particular circumstance,
the case was dropped. And everyone was a little bit embarrassed about this. And it was a learning process. But what you start to see here is how a little lack of understanding can build up into something a lot more serious. So one of the problems here is that this is the sort of thing that police forces, particularly local police agencies, are having to deal with. And we see this rise in prosecutions
under the Communications Act. And in many ways, some of these should not have been brought. And this was the point that Keir Starmer make, who was the Director of Public Prosecutions. His concern was that the criminal justice system would become swamped with these sort of offenses. So on December 20, 2012, he introduced some guidelines for people to read before using and making prosecutions
under the Communications Act. And when you start to look at the prosecution rates, they do drop a bit, but not very much. And the problem at the moment is that a lot of police time and resources is caught up in these Section 127 prosecutions, when many should not be brought. [Social Networks and Cybercrime] There’s a lot of social network aggravated frauds as well, and a lot of social network aggravated crimes, in particular assaults, where Person A insults Person B online, and Person B goes to Person A’s house
and beats them up. But there’s a bigger issue here is, if the Internet was taken away, would that assault have taken place? The answer is probably it would have, yes, because there’s usually some previous bad blood between them. The other issue– and this is wrapped up with the Section 127 offending– is trolling online. There are groups of people out there who take pleasure in upsetting others,
and they don’t realize the impact of their actions. And that upsets people dreadfully. So this is the nature of the impact of cybercrimes on policing. And we have to be very careful, of course, to be very distinctive and very explicit about what cybercrime we’re actually dealing with, because frauds are very different to bad behavior in the Section 127 offenses, which are completely different to the Computer
Misuse Act offenses. The upshot, though, is that the police need to engage with the public more and to bring in other sectors. And this is important because what we’re starting to find is– particularly in the policing of sex offenders where the police are seen to be failing– we have a rise in the number of online vigilante groups. And it’s important that there’s one source of law and one set of agencies that deal with that law
and enforcing it. [Key Points] [A culture of fear surrounding cybercrime A gap between offenses and convictions ‘The Communications Act 2003’ Social networks and cybercrime] So in this tutorial, I’ve talked about what are the problems of policing cybercrime in the UK, and what are the policing challenges? In the next section, I’m going to talk about how we can address those issues. [SAGE VIDEO]
This transcript will review social networks and cybercrime in the social behavioral perspective.
Apply criminological theories discussed throughout the course to apply an explanation for cybercrime and explain deterrent factors that may be incorporated based on these theories. Bring in complications towards prosecuting cyber-crime internationally.
350-450 words excluding references, APA format and a minimum of 3 references