chapter  4
Issues in domestic and transnational cybercrime investigation
Pages 30

Though the literature on cybercrime victimization and offending has increased (see Chapter 3), it may surprise some to learn that scholarly research on policing cybercrime has languished. There have been generally few studies of either police management or line officers regarding their views on cybercrime, and those that have been conducted are relatively limited in their generalizability. The bulk of the literature consists primarily of discussions on either the role of law enforcement in responding to cyber offenses or their inability to respond (e.g. Brenner, 2008; Goodman, 1997; Wall, 2001; Wall & Williams, 2013). As such, police perceptions of cybercrime, their experiences, and their insights on how best to respond may be some of the least studied but most essentially needed areas of scholarship. One of the most well-referenced works in this area is by David Wall (2001),

who explains the complex nature of cybercrime investigations in the real world. The framework he provides is valuable to understand the complexities of cybercrime for law enforcement and the gaps currently present in this literature. Wall (2001) argues that there are multiple actors and entities, legal

and extralegal, who play a role in policing the Internet. The largest population of actors engaged in the identification of illegal activity online is Internet users. Due to the size of the World Wide Web and the various applications individuals use to communicate and share materials, it is virtually impossible for law enforcement to observe when most wrongdoing takes place online (Wall, 2001). As a result, the individuals actively engaged in online communities have the ability to observe and communicate when cybercrimes take place. They may not actively share this information with formal law enforcement agencies, however, which limits their efficacy in combating cybercrime. Beyond end users, Internet service providers, or ISPs, play a critical role in

dealing with cybercrime. Though they are primarily owned and operated as for-profit businesses, some ISPs may also be universities, public libraries, and other entities that may not be traditional businesses. ISPs play a twofold role in the identification and management of cybercrimes: (1) they host and provide access to online content and have a formal legal obligation to remove harmful material; and (2) they provide Internet connectivity for individuals and require that users comply with all applicable local and federal laws. ISPs have become a conduit for the identification of various forms of cybercrime, such as digital piracy, as they may be able to identify when individual users engage in file sharing or violate existing user agreements (e.g. Nhan, 2013). Similar to ISPs, corporate security personnel are tasked with the protection

and management of the assets of their organization, including sensitive information. Corporate security officers play a unique position as gatekeepers to law enforcement agencies in the event that either their organization is compromised or internal resources are used in the course of a cybercrime. For instance, security units within a company may have to cooperate with law enforcement agencies in order to provide access to servers or employee systems to allow for the seizure of digital evidence. Corporate security officers may be responsible for determining when their organization must make contact with law enforcement. Though laws are changing with respect to compliance in reporting data breaches and cybercrime incidents, it is still commonly argued that corporations tend to underreport cyber-attacks for fear of embarrassment or financial harm (e.g. Brenner, 2008; Wall, 2007). Given that corporations and industry own much of the technological

infrastructure used to engage in both commerce and cyber-attacks, there is no immediate way to guarantee compliance or cooperation between these entities, government, and law enforcement. A number of non-governmental organizations (NGOs) have emerged as a key link to promote synergy between various groups and government agencies (Wall, 2007). As NGOs have no formal responsibility to enforce laws, they instead serve as managerial and regulatory groups with ties to law enforcement agencies. A key example of NGOs involved in cybercrime investigation are Computer Emergency Response Teams (CERTs), or Computer Incident Response Teams (CIRTs), which have an operational remit to provide coordinated response and investigative capabilities for incidents of hacking and malware attacks (Andress &

Winterfeld, 2013). CERTs are present in most major industrialized nations and publish information on vulnerabilities, known threats to networked systems, and perform analyses of malware and attack tools (e.g. FIRST, 2014). These organizations do not, however, specifically connect to law enforcement agencies and are a resource for coordinated responses to threats rather than legal action. Wall (2001) also separates NGOs from government-controlled organizations

that serve as regulatory bodies, but do not have the power to arrest or criminally sanction individual actors. In the US, a key example of such an entity is the Department of Energy (DOE), which regulates the operation and protection of energy programs and production in both public and private utilities. Since much of the US power infrastructure depends on control systems that can be connected through Internet connectivity, the threats posed by cyberattacks have increased substantially. The DOE now operates the Office of the Chief Information Officer to provide information on key cyber-threats, protocols for computer security programs, and best practice guides to secure systems from external threats. There is, however, no formal police or regulatory entity within the DOE to either sanction corporations that do not conform to industry guidelines or arrest cybercriminals who harm energy systems (Andress & Winterfeld, 2013). The breadth of groups involved in the informal policing of cyberspace

demonstrates that traditional law enforcement agencies that are funded by governmental resources and mandated to enforce local laws are a small part of the response to cybercrime. The complex network of actors who must be incorporated into cybercrime investigations may account for the limited response of some law enforcement agencies to cybercrime calls for service. In fact, the literature with respect to policing cybercrime is limited relative to that of offending and victimization. As a result, this chapter will examine the literature regarding policing at various levels across the US. We will also identify key research questions that need to be addressed moving forward in order to improve our knowledge of the law enforcement response to cybercrimes generally.