British Police on the brink of a Cybercrime Crisis
Police cuts were justified with an alleged decrease in crime. But the crime moved to the web.
Cybercrime is not like any other crime: scammers are elusive, arrests are rare, stolen items are immaterial assets, like data, cryptocurrency, individual information.
It straddles borders and legal jurisdictions, with the victim and criminal oftentimes living in different countries, and interacting through encrypted messages and bitcoin transfers. The general public is hardly aware of its pervasiveness, but cybercrime is increasing rapidly for years. Police forces globally are struggling to position an effective defence, but what are the chances of success? Wired answered this question by quoting writer and researcher Carl Miller and Stephen Kavanagh, Britain’s highest-ranking cyber policeman.
Stephen Kavanagh is the chair of the Digital Policing Board at the National Chief Police Council, the chief constable of Essex Police, and the national policing lead on Digital Investigations and Intelligence.
Is law enforcement currently in a cybercrime crisis?
Stephen answered that “Unless we start moving at pace, it could become a crisis. We need to transform at pace. Four years ago, I heard a chief constable say they didn’t have a digital crime problem. I don’t think there’s a chief constable in the country now who doesn’t recognize the scale of the issue.”
I don’t think there’s a chief constable in the country now who doesn’t recognize the scale of the cybercrime problem. – Stephen Kavanagh, Britain’s highest-ranking cyber policeman.
Speaking to Kavanagh and other top police men, it was apparent none of these issues was ignored. If anything, law enforcement is frustrated with how long it takes the public to recognize how big a problem cyber crime has become. “There’s a real risk”, Stephen proceeded, “that this is seen as being all down to the police. But we, the police, can’t do it alone, based on the scale of cybercrime that we’ve now seen.”
Another policeman, commander Steve Head, stated something comparable in 2015: “Because there is this hidden element to cybercrime, we are not having a sensible debate about it because we do not understand a huge threat.”
My view is that cybercrime is more of a threat to this country than drugs. This is not a problem that police can solve. We cannot investigate our way out of this issue; we have to look at it differently. – Police commander Steve Head
Over and over, the police try to let the public know that it can’t be just them taking responsibility for law and order in the online world.
The jurisdictional problem in cybercrime
Then there is the jurisdictional problem that we see all the time in our investigations. If a criminal is in Thailand and the Thai authorities are not going to cooperate with British law enforcement, the criminal basically can’t be arrested.
Discussing this jurisdictional problem, Stephen said, “I think it’s a brilliant challenge. The policing model is very reactive. It is not set up to deal with a spotty teenager from the Ukraine hitting 40 million IP addresses. How do we get on the front foot? Will we get into that country and secure that custodial sentence? Probably not. But are there other means of securing justice for that victim? If we know you’ve been defrauded and where the money is, we should be able to hack the account – freeze the funding – and shut that account down.”
“Like mini-GCHQs?” writer and researcher Carl Miller asked.
“They only deal with the top end of criminality. Most cybercrime will still need to be dealt with by local policing arrangements. There need to be ways for some of the top-end skills that people like GCHQ have to be passed on to local police, of course with public support and the right legislative safeguards”, Stephen answered.
The police are considering some significant changes in what law enforcement is in the online world. Fines for cybercriminals and justice for victims are expected to end up very different from their online equivalents. However, it is clear that the problem is too big for the police to handle themselves.
It is clear that the problem is too big for the police to handle themselves.
British police have been saying more and more, that a new contract needs to be shaped, perhaps a new kind of arrangement that refreshes Peel’s for the digital era. This arrangement can’t only include the public; it must also involve the technology businesses that have products and platforms that are often on the new front line fighting cybercrime.
“I do not think the likes of Facebook and others are taking responsibility at the moment,” Kavanagh stated. “These are multi-billion-dollar organizations, but are they delivering public safety? It’s not being evidenced at the moment. They need to start stepping up. We’ve tried to be patient. There are moments of brilliance, but that’s not good enough for victims.” But police is also trying to get the public to help as well. “I can’t be optimistic until I see us working across government departments – from the Ministry of Justice to the Department for Communities and the Home Office. This is not just a law enforcement problem, this is a social problem.”
“This is the most profound shift the police have experienced since [Sir Robert] Peel [the Conservative statesman considered the father of modern policing],” Kavanagh proceeded. “We will adapt in a way more fundamental than anything since Peel’s reforms.”
However, while everyone believes that change needed to be made at a profound level, the reality is that it’s not happening. For all of the endeavors [of police officers across the UK], the reaction for change isn’t anywhere near as big as the change in cybercrime itself.
Less than a quarter of police forces have a dedicated cybercrime department. Even though it probably improved in recent years, a report by HM Criminal Justice Inspectorate in 2014 found that only three of the 43 UK forces developed comprehensive plans to fight cybercrime. Furthermore, only two percent of police officers are trained in investigating cybercrime. And lastly, just fifteen UK police forces even recognized cybercrime threats within their Strategic Threat and Risk Assessments.
The report also pointed out “a generally held mistaken view among those we interviewed that the responsibility for responding to a large-scale cyber incident was one for regional or national policing units and not for forces.” The average spendings on cybercrimes over nine UK police forces were just one percent of their budget. In 2017, law firm RPC estimated there to be just 250 UK police officers specialized in cybercrime. This is not nearly enough for a type of crime that is around 50% of crimes happening to people in the UK.
Why the police are not changing as fast or as deeply as they need to is, partially, because of money. The UK recently lived through a dangerous political fiction: a decline in crime justified cutting police budgets. When crime migrated to the internet, everyone believed crime figures were dropping. And because everyone thought crime figures were falling, the budget for the police was decreased.
Funding for police dropped by around a fifth between 2011 and 2016. Additionally, there were fewer police officers in 2016 than in 2010. So when law enforcement should have started reshaping itself in a significant way to respond to cybercrime, it was exactly when the budget was slashed.
Kavanagh believes that “This is one of the fundamental issues. What is the bandwidth of any local force at the moment, from dealing with anti-social behaviour on a council estate to homophobic abuse on Twitter? The bandwidth does not exist. My force is still trying to find savings after eight years of austerity and also finding resources for policing in the digital world… The infrastructure that underpins the transformation is missing.”
He continued, “What we are seeing is that victims and others are turning to other bodies to deal with their concerns.”
What is at stake here is the relevance of law enforcement to cybercrime at all.
Source: Carl Miller’s The Death of the Gods: The New Global Power Grab