Who Is Valerie McNiven, and Why Does She Keep Saying Those Terrible Things About Cybercrime?

The lead for a November 12 article on cybercrime by Paul Horn of Business Week Online read as follows: "Last year for the first time, proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, according to recent comments by Valerie McNiven, an adviser to the U.S. Treasury Dept. 'Cybercrime is moving at such a high speed that law enforcement cannot catch up with it,' she says."
Two things about these statements are indisputable. First, unless readers define "recent" in geologic time, they are not recent. McNiven reportedly made both of these comments more than a year ago, in a November 2005 interview that got extensive online coverage. Second, they lack a reliable empirical basis. Not long after McNiven's 2005 statements, stalwarts of the computer security community, including Bruce Schneier and Robert Richardson of CSI, seriously questioned the provenance and accuracy of her data. Nonetheless, some online media have continued to cite McNiven's comments in cybercrime articles during 2006 without further scrutiny.
In fact, currently available data can support only a conclusion that the growth of cybercrime is neither inexorable nor (a slight bow to P. G. Woodhouse) exorable. "Cybercrime" remains a term for which there is no generally accepted definition. As a result, the inclusion or exclusion of various types of computer-related crime is a factor that can dramatically affect the ability to say, even anecdotally, whether cybercrime is "growing" or not. Moreover, until we move away from well-intentioned cybercrime surveys based on nonrandom samples, like the CSI survey, and toward surveys based on truly random sampling rather than self-selection by survey respondents, such as the National Computer Security Survey, thre is no reliable way to measure "growth" of cybercrime as a whole in quantitive terms.