In this era of technological development, the internet has played a foundational role serving to underpin both modern communication and commerce. It, along with the now nearly ubiquitous smart phone; have been arguably amongst the most quickly adopted technologies in history. According to the Pew Research Center, in the year 2000 just over 52 % of adults in the U.S. used the internet and over 90 % of adults use it today. (Pew Research Center , 2019 )The smart phone (or a portable phone with the internet enabled), which scarcely existed before for the early 2000s; had a U.S. adoption rate of just 35 % in 2011 which rose to an 85 % adult adoption rate by 2018. (Pew Research Center , 2019 ) Just as in prior periods of innovation, criminals have taken advantage of novel technologies and crime has followed people as they migrated their communications, commercial processes, and their very lives onto the internet.

Digital or cyber crimes have generally been split into two categories; those crimes that if not for the digital environment would not be possible or “cyber-dependent” such as distributed denial of service attacks (DDOS) that repeatedly bombard a network or website with so many requests that it inhibits its functionality or malware insertion and those crimes such as fraud, theft, child exploitation, stalking, and harassment that are “cyber enabled”. (McGuire & Dowling , 2013 ) Those definitions are quickly becoming distinctions without a difference as nearly every interaction in society is mediated by a digital device. Even crimes such as shoplifting and homicide, often have digital evidence associated with them. Lockard’s Exchange Principle, one of the oldest associated with the pursuit of forensic science states that “every contact leaves a trace” and the same holds true to a degree for digital spaces where potential evidence often goes unexploited. There is currently a convergence between cyber and physical environments that is challenging the fundamental construct of policing; from training to what crimes get investigated and how; to the core of traditional policing models. While police are adapting to the recent societal changes  as they did other modes of transportation and communication, those changes are advancing much more rapidly than in other eras.

Cyber crime is increasingly prolific. In the UK, Anderson et al found that when crime victimization surveys were evaluated for 2018, approximately half of all property crime is internet/online base taking into account reported victimizations. (Anderson, et al., 2019, p. 22) In a change 2012 when they first visited the issue of cyber crime , the authors noted that “ The claim by police forces and government officials that crime overall was falling was wrong; physical crime was falling while online crime was rising.” (Anderson, et al., 2019, p. 26 ) The shift is not surprising given the widespread adoption of internet technology and the plethora of methods as well as the relative ease by which individuals can commit criminal acts online. In attempting to quantify the economic impacts of cyber crime, Anderson et al catalogue a wide array of potential crimes that involved the use of a computer to commit that range from email based schemes(advanced fee fraud, business email compromise, phishing emails to harvest user names and passwords) to online banking fraud, romance schemes, to ransomware some of which had become less significant since they were first examined in 2012. (Anderson, et al., 2019) However, for the majority criminal activities that were evaluated, the costs of which in some categories ran into the billion dollar range;  were either new or on the rise as online activity has transitioned from fixed to mobile services combined with the increase in the use of social media making it much easier to reach victims. (Anderson, et al., 2019, p. 19 )

If it is true that knowing is half the battle; the ways in which cyber crime is measured leaves much to be desired. In the United States, crime rates are currently calculated on a geographic basis based on a subset of criminal activity. The current reporting system is known as the Uniform Incident Report (URC) – Summary Reporting System (SRS). The system is scheduled for an upgrade to the National Incident Based Reporting System (NIBRS) by January 2021 to increase the number of crimes that are recorded and reported in detail to the FBI from 30 different offenses to 52 group A offences and 10 group B offenses. (Federal Bureau of Investigation , 2020) There are several potential issues with the current even with this upgraded system for measuring cyber crime. The collection of this data is based on voluntary submissions from the nation’s 18,000 law enforcement agencies. Generally, the way that a crime is recorded starts with a report from a responding local law enforcement officer. A variety of factors including whether or not the officer has the technology at their disposal to record all of the incident fields or crime types and the ability accurately describe the event factor into the usefulness of the data.

Under the current system 16,207 law enforcement agencies submit SRS crime statistics and 7,073 currently submit the enhanced NIBRS figures. (Cobb, 2020, p. 624 )While these two examples are not unique to cybercrime, if an officer is not as familiar with digital or cyber crime it is be easier for them to mischaracterize an incident. Additionally, in the case of identity theft, one of the most common cyber related crimes the issue of where to report paramount. (Cobb, 2020, p. 613 ) The victim might live in one jurisdiction, the crime might have occurred in another, and the perpetrator or end user of the data (which may not be the same person) might live in another jurisdiction still. In many cases, unless the victim of the crime can establish a criminal nexus to the jurisdiction in which the crime is reported, a report will not be taken.  While NIBRS will enable the collection of corporate victim information, it still largely does not encompass the totality corporate victimization. (Cobb, 2020, p. 619 ) Through U.S. victimization surveys Cobb, like Anderson; found that the evidence however incomplete; points to a potentially staggering issue finding that “In 2016, identity theft cost Americans $17 billion in 2016, possibly more than losses due to household burglary, motor vehicle theft, and property theft combined…also noting that also highlights some potential limitations of victim surveys as a source of crime metrics. For a start, that report was not published until January of 2019, even though everyone knows that one of the most notable characteristics of cybercrime is the speed at which it evolves.”  More reliable metrics would likely illuminate the true nature of the crime problem facing society and highlight the issue for policy makers. Though, the lack of metrics, however problematic; may just be a lagging indicator of the lack of law enforcement resources and orientation to combat cybercrime and process digital evidence generally.

Even with the changes to the current operating environment, much of what constitutes law enforcement activity is still based on the Peelian policing paradigm in the UK and “broken windows” and its successor model of problem-oriented policing in the United States. The Peelian Policing model being defined as “ bureaucratically organized agency formed locally but partly funded by government to keep the dangerous classes off the streets, maintain order and enforce law”. (Wall, Revised 2011 ) The model would designed to help deploy law enforcement resources. None of these technologies were designed evolve with the advent of radio cars, crime mapping, and sophisticated predictive policing models such as COMPSAT and PREDPOL for “crimes against governments and businesses that are not specifically spatial in a way that is linked to a local police jurisdiction” such as cybercrime. (Cobb, 2020, p. 625 ) Police forces are generally conservative institutions that are slow to change institutional culture to adapt to changing societal needs. One of the ways that policing organizations seek to react to new threats without having to change the conduct of the whole organization is to create “specialized units” which tend to corral expertise. (Wall, Revised 2011 ) Online child exploitation was one the challenges that police began to respond to early on as people moved online. Ever since the days of the crackle of the dial up modem that would bring American consumers to first internet services providers AOL, Prodigy, and Compu-serve; individuals have sought to exploit children online. Even before increased bandwidth made internet pornography ubiquitous individuals were using chat rooms to lore minors into the real world in order to be sexually exploited. In 1998, the United States Department Justice began a nationwide program setting up Internet Crimes Against Children (ICACs) Task Forces comprised of local, state, and federal officers to investigate and prosecute child exploitation that in some way connected to the internet. (U.S. Department of Justice, Office of Justice Programs , 2020 ) This was the first foray into public policing of online behavior at scale and in many ways served to define what the police response to digital crime would be in the US. The ICACs would come to be synonymous with digital crime with their specialized skills set apart from the rest of policing more generally. The ICACs were initially very adaptive to the various changes in technology utilized by individuals to commit acts of child exploitation shifting from the child luring schemes of the early chatrooms, to the rise of bulletin boards and commercial websites trafficking in indecent images, and to peer to peer file sharing of the 2000’s. However, this adaptive spirit due to a variety of reasons did not transfer to other crimes.

The siloed nature of this expertise appears to be impacting enforcement as evidenced by a digital crime needs assessment conducted for the cities of Charlotte, North Carolina and Savannah, GA. According to the surveys taken by serving police officers “Almost half of the respondents had no opinion on whether cybercrime was being taken seriously enough in law enforcement, and nearly 73% believed that cybercrime should be dealt with by a special unit”. (Flory, 2016, p. 13 ) As Flory would note, this is a potential troubling development as a patrol officer is most often the first person at a crime scene and that initial preservation of evidence is key in potential future prosecutions. (Flory, 2016) Within the same survey, however, the majority law enforcement officers also though that there should be an increase in the prosecution of cyber crime. (Flory, 2016) There is a perception of a lack of consequences when it comes to cyber crime that is not present to the same extent with traditional criminal enterprises. It is estimated that fewer than 1% of cyber criminals (excluding those that trade in explicit images of children or non-consensual pornography) are arrested which translates into approximately 3 arrests for every 1000 reported cybercrime incidents compared to clearance rates of 18% for other property crime and  46 % for violent crime. (Eoyang , et al., 2019 , p. 3) Third Way, a bipartisan US based think tank also found that according to the Federal Bureau of Investigation (FBI)  that it only based 9 cases on FBI Internet Crime Compliant Center data even they received 298,728 complaints (none  of which are included in NIBRS data) in FY16. (Eoyang , et al., 2019 , p. 8 ) This highlights the issue that even well-equipped agencies are not making the type of impact that the cybercrime problem appears to call for. For example, the United States Secret Service (USSS), an organization that is nominally in charge protecting the integrity of the US financial system, only brought 251 cybercrime cases in 2016. (Eoyang , et al., 2019 , p. 8 ) Special Agent Matt O’Neil Director of the USSS Global Investigations Center put it best when he said “Somebody said one time…before you take us cyber security professionals too seriously understand that we are the Chicago Cubs or the losing team…I can’t say that anymore because the Cubs are good”. (O’Neil, 2019 )

There are a number of possible steps that can be taken to improve the law enforcement response to cybercrime. Cybercrime is listed as Tier 1 national security threat on the same level as terrorism in the UK and as a top criminal priority of the FBI in the US. It appears, however; that cyber crime still does not get the same budgetary consideration as counter-terrorism and the UK Cybercrime Cyber Security program saw one third of its budget transferred to counterterrorism. (Eoyang , et al., 2019 )Investment in cyber crime enforcement is one way to help increase the likelihood that subjects caught. Increased training and funding to buy equipment could be a boon to those efforts. Where though should the money be invested? There is a tremendous amount discussion about how to increase international cooperation in cyber crime investigations due to their ‘borderless nature’ through various agreements and legal processes. What if the money would be better spent recruiting, hiring and training a different type local police officer not focus on traditional public order offenses but on digital investigation?

While international cooperation is essential, the origin and investigation of much of the online criminal activity may well be an issue situated closer to home. Currently it appears that an assertion by Ross Anderson of Cambridge University that “it’s difficult to get anything done because the scammers are overseas, and those cases have to be referred to police units in London who have other things to do. Nothing joins up and, as a result, we end up with no enforcement on cybercrime, except for a few headline crimes that really annoy ministers” is true to the extent that cybercrime investigations have tended to go after the biggest fish such as the Silk Road Market Place and Carders Market because almost no one looks at the digital broken windows. (Anderson, 2017) In examining the US state of Indiana as of 2016, there was no instruction block for digital crime investigation within their basic law enforcement training program. (Flory, 2016) My own research has examined the police basic training programs of all 50 states and none included a block longer that 8 hours for cyber crime. For the states in which I was able to obtain a full peace officer basic training curriculum with the hours allotted; 22 states have no mandatory cyber crime training block, 6 states had 1 hour, 5 states had 2 hours, 1 state had 4 hours, 1 had 7 hours, and 1 state had a block of between 1 and 8 hours. The lack of inclusion of cyber crimes in the foundational course for police sets a tone from the beginning that cyber crimes are neither routine nor particularly important. A cybercrime needs study was conducted for a major police force in the UK recently revealed several potential ways forward. The process might start with the call taking center where initial police contacts are made “so that they can more effectively advise callers and preserve digital evidence”. (Schreuders, et al., 2020, p. 323) The process would then move through an integrated intelligence function which took into account the unique aspects of cyber related investigations with additional support for front line teams in order to better identify digital evidence opportunities. (Schreuders, et al., 2020) In New York City there was a pilot program designed challenge the notion that digital crime was ‘ too technical and too international’ for local police to investigate. (Kaste, 2020 )An application was deployed for police officer to capture the right interview details getting the right information to detectives and instead of overseas scammers they are finding that “A whole lot of it is knuckleheads from the Bronx.” (Kaste, 2020 )

Cyber crime is one of the fastest evolving criminal threats faced by law enforcement. In order to counter the threat local law enforcement should be trained and deployed to investigate more cases of lower level cyber crime. This approach could improve both reporting and statistics by increasing the confidence of the public that these types of cases will be investigated with suitable outcomes for victims. Society can no longer rely on a few premier law enforcement agencies cybercrime cases alone as that has been a failed endeavor.

Bibliography

Anderson, R., 2017. The Threat. [Online]
Available at: https://www.edge.org/conversation/ross_anderson-the-threat
[Accessed 15 7 2020].

Anderson, R. et al., 2019. Measuring the Changing Cost of Cybercrime. The 18th Annual Workshop on the Economics of Information Security, p. 26.

Cobb, S., 2020. Advancing Accurate and Objective Cybercrime Metrics. Journal of National Security Law and Policy.

Eoyang , M., Peters , A., Mehta , I. & Gaskew , B., 2019 . To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors, s.l.: Thirdway .

Federal Bureau of Investigation , 2020. A Guide to Understanding NIBRS, Washington, DC : U.S. Department of Justice—Federal Bureau of Investigation.

Flory, T. A. C., 2016. DIGITAL FORENSICS IN LAW ENFORCEMENT: A NEEDS BASED ANALYSIS OF INDIANA AGENCIES. Daytona Beach , ADFSL.

McGuire, M. & Dowling , S., 2013 . Cyber crime: A review of the evidence: Research Report 75 , London: Home Office.

O’Neil, S. A. M., 2019 . Standing Post: Pod Cast of the United States Secret Service [Interview] (October 2019 ).

Pew Research Center , 2019 . Internet/Broadband Fact Sheet. [Online]
Available at: https://www.pewresearch.org/internet/fact-sheet/internet-broadband/
[Accessed 15 July 2020 ].

Pew Research Center , 2019 . Mobile Fact Sheet. [Online]
Available at: https://www.pewresearch.org/internet/fact-sheet/mobile/
[Accessed 15 July 2020 ].

Schreuders, Z. C. et al., 2020. Needs Assessment of Cybercrime and Digital Evidence in a UK Police Force. International Journal of Cyber Criminology, 14(1), pp. 316-340.

U.S. Department of Justice, Office of Justice Programs , 2020 . Internet Crimes Against Children Task Force Program. [Online]
Available at: https://ojjdp.ojp.gov/programs/internet-crimes-against-children-task-force-program
[Accessed 20 July 2020].

Wall, D. S., Revised 2011 . POLICING CYBERCRIMES: Situating the Public Police in Networks of Security within Cyberspace. Police Practice & Research: An International Journal.