Digital Policing – Crime in a Digital Age

fbi fingerprint files

Over the past year, I have been lucky enough to work with some amazing people in the area of cybersecurity and cybercrime. I’m not sure how many actually want to be mentioned, but one very pleasing creation was this:

 

The paper came about when Steve Anning – working for IBM-  came to me and said that he had some ideas for a white paper on cybersecurity, and asked whether I would be able to comment. The moment I saw what he had written, (not just some ideas) I realised that I no longer felt like a voice crying in the wilderness but that there were others out there with some hard ideas on how to solve problems in and around the cybersecurity domain.
Detective Chief Superintendent Ben Snuggs, Hampshire Force Lead for cyber, was kind enough to peer review the paper, and since then I’ve been to at least one workshop led by Steve and Ben where the degree of engagement was spectacular. (More later on this).
Anyhow these are my thoughts on the narrative running through my head as I worked with Steve on the paper… I have to emphasise, where problematic, the thoughts are mine – Steve is creative and a problem-solver, whereas I would say that I came up with some of the crazy in the mix – and I am in no way speaking on behalf of those who were kind enough to invite my participation – this was just what I was thinking as we discussed the paper. The team at IBM who helped to pull this together were incredible – it was a very pleasurable experience working with them.
1) We need proper data on occurrences of cybercrime, not from security companies, the media, or governments, unless they can prove they’re telling the truth, or create a basis for trust. Even academia, as we know, is driven by perverse incentives, and the science that cyberscience produces is not necessarily epistemologically pure. Incentives for both governments and companies are to get the public to pay for cyber, so there are triggers at work to inflate the fear – whether these incentives are consciously or unconsciously realised. (There is a complex point here about how much data can come into the public domain without causing more harm to markets – this is a topic for my thesis, and some research I’ve been doing – not a four-point summary – suffice it to say, not all data can live in the public domain (some moves in and out), there is some that currently doesn’t live in the public domain that conceivably could, given ways of turning information about crime into information about non-crime… but … it’s complicated).

2) A lot of the current language around cybersecurity/ cybercrime (starting with the term “cyber”) is one of appropriation from so-called experts and turns “ordinary” people off. They then don’t report, (there are many other reasons for not reporting, but this is a big one), which exacerbates the problem in 1) – the lack of data.

3) The so-called “skills gap” is in question. There are a lot of people out there with exactly the right mind set, especially in policing, law-enforcement, technology and intelligence, who are  trained in investigation, analytics, design, fact-finding, or, who are just plain nosy and determined, who can do it, with the right tools and attitude. But they all get told they’re “not technical”. I have had technologists come to me and say they’re not technical. No-one knows what technical really is, except an excuse for not thinking about what we each can do. 
Given 1 and 2, no-one knows what the problem is exactly, and everyone makes a lot of panicked assumptions about what needs doing. These assumptions come from cyber silos. Everyone sticks their agenda in here. It’s a crowded incoherent space! Mainly it’s  the “experts” – the superannuated, sausage-fingered academics, salesmen, fourth estate and politicians in their shiny-trousered suits*, who are putting the real problem-solvers off.
Just a note, not only is the concept of cybercrime up for grabs – is there even such a thing? – but also we need to review traditional psychometrics and tick-box exercises used to apparently find the people who can “fix” cybercrime. If the concept of cybercrime is contested… how do we find the tailors for the emperor’s new clothes? Additionally, the ontology of such crime and its legislation needs to be examined…
Another note, not all salesmen (whether academic, technical, legal, media or policy) are selling snake-oil. There is a lot of very good software out there – not mentioning any names, but anything graph-based gets my vote for a start – the problem of representation is that we need complex but manageable data structures, to manage the complexity and reality of life. There is some great thinking going on. The policy-makers are inviting participation and writing clearly about some of the problems. 

4) Where should we expend most effort? 1) and 2) need sorting, then 3) then you can work out 4). 
*This is an amended quote from something but even after extensive searching, I can’t find it…

Leave a Reply

Your email address will not be published. Required fields are marked *