We can’t arrest our way out of cyber crime, so what can we do?

Blog post

We can’t arrest our way out of cyber crime, so what can we do?

The internet has liberated human beings to trade, cooperate and exchange ideas to a degree unparalleled in human history. However like all technological advances the internet has liberated the human animal to do both good and ill. While the benefits vastly outweigh the dis-benefits, it has become increasingly pressing to discuss the darker side of the internet. The recent debate around how violent extremists use Facebook and YouTube to disseminate their propaganda and recruit the young is just one example. Another is the explosion in hate speech and cyber bullying across social media. Another still is the ability of organised crime groups to defraud citizens on an industrial scale. Another still is the use of the internet by paedophiles to groom children and share images of horrendous sexual abuse. I could go on.

It is worth stressing the scale of the shift in crime. According to the Crime Survey of England and Wales, what we can now call ‘traditional crime’, that which takes place offline whereby both the offender and victim share a geographical proximity, has fallen dramatically from 19 million offences in 1995 to just 6 million today. However, we now know that these figures previously excluded around 5.4 million computer misuse and largely internet enabled fraud offences. Adding these figures to the total, it is clear that while there has been a reduction in crime, much of it has transferred online.

At a conference this week in Oxford academics and law enforcement and security practitioners met to discuss the evidence base on cyber crime offenders. This was a welcome attempt to explore what more social scientists can do to address some of the following questions: Who are the cyber criminals?  What motivates them? What can be done to prevent them from committing crimes?  How can we change their behaviour? There is a large body of research addressing these questions for traditional crime, but work on this regarding internet crime is in its infancy.

There is a growing consensus that we cannot arrest our way out of the problem. To give just one example a senior NCA official at a recent event said that in just three years they had seen a ten fold increase in referrals regarding images of child sexual abuse being shared. This raises the difficult question of how much of this can be realistically pursued by law enforcement. To give another example, there were 3.5 million fraud offences identified in the latest crime survey, but only 600,000 were reported, only a small proportion of those end up being investigated and only 17,000 offenders end up convicted in court.

It is not just volume that creates a challenge for law enforcement: the internet drives a coach and horses through the traditional criminal investigation triangle of ‘local victim, local offender and local policing’. If a resident in Slough buys a television from a website, does not receive the goods, discovers that the website was fake and that it turns out it was hosted by a Romanian criminal gang, what is Thames Valley Police realistically to do about it? At least Romania is in the European Union. If the criminal gang is operating out of Russia or China with the tacit knowledge of their governments we have left the arena of international law enforcement cooperation and entered into the world of geo-politics.

This means that, while we must pursue the offenders where we can, we must focus most of our efforts on prevention. It seems to me there are two aspects to this. The first is that we need to reduce the opportunities that exist for criminals to commit crime on the internet.  One contributor to the Oxford conference argued that most of the men found sharing images of child sexual abuse would in the pre internet age never have been able to access such material. They may have had fantasies, but these would have remained just that if it weren’t for the opportunity to look at images on the internet. So the public policy question is: if the internet has opened up these opportunities, how can we close them down?

We know that research on the ‘traditional crime’ drop shows that it was situational crime prevention measures that led to the big falls in acquisitive crime, particularly burglary and vehicle theft. These crimes are ‘designed out’ by the manufacturers building in better security and safety provisions. We need to consider what is the internet equivalent of this and put pressure on those who provide internet services to do more.

However a challenge with cyber crime that did not exist with traditional volume crime is that even if internet service providers and the manufacturers of digitally enabled devices can be encouraged to do more on security, there remains the dark net. Under the cloak of anonymity organised criminal gangs, terrorist organisations and others already have an alternative ungoverned space, out-with the reach of national sovereignty, in which they can carry out their activities unhindered by law or regulation. The development of new peer to peer networks may herald a world in which the internet is less dominated by large corporates and further decentralised. While this may be a win for privacy it may mean an expanded zone of impunity for cyber criminals. Policymakers have not even started to consider the implications of this.

The second arm of the prevention agenda has to be to address the motivations of cyber criminals directly. So, we not only make it harder for them to operate, but we try to stop people wanting to do so. This is obviously challenging, but we should not be fatalistic. There are already good treatment programmes in place to help prevent paedophiles from reoffending of example. Where there is evidence that these reduce recidivism, they should be considerably expanded and potential (and actual) offenders encouraged and/or mandated to enrol.

Another example relates to hackers. The conference was told about the preventative work the NCA is putting in place to work with hackers to divert them away from crime. This was born of the realisation that a lot of the offenders are young people, with some as young as 12. According to the NCA’s research these offenders tend to get into hacking not out of criminal intent but largely because it offers a challenge and a route to social status that is not open to them in the physical world. This finding will not surprise criminologists familiar with the evidence on traditional youth offending. It is clearly not in the public interest to be locking up teenagers who are extraordinarily talented computer programmers. Far better to offer them legitimate avenues for challenge and status.

But there is a wider role for all of us here. If we are to spot kids who, through gaming for example, might find a life of computer hacking attractive or might be vulnerable to grooming online, then we all need to know how to spot the signs and what to do about it. This is probably even more important for peers than it is for parents. It seem to me that our schooling, child safeguarding and law enforcement systems are nowhere near ready to mobilise peer groups and communities to play a role in this. It is high time to start addressing these questions before cyber crime outgrows are capability to prevent it.