A Note on POSTNotes

Last month, the United Kingdom's Parliamentary Office of Science and Technology (POST) issued what it calls a "POSTNote" (i.e., a briefing paper) on computer crime. In this POSTNote, POST -- which bills itself as "the UK Parliament’s in-house source of independent, balanced and accessible analysis of public policy issues related to science and technology" -- offers an elementary but useful overview of significant trends in computer crime and legislative, enforcement, and user responses to the problem.
For those interested in a U.K. perspective on science and technology issues, POST has been publising POSTNotes and longer papers online since 1995 in four areas: biological sciences and health; environment and energy; physical sciences and information technology; and science policy. Other IT POSTNotes in the last six months include data encryption; pervasive computing; and information and communications technology in developing countries.

Who Is Valerie McNiven, and Why Does She Keep Saying Those Terrible Things About Cybercrime?

The lead for a November 12 article on cybercrime by Paul Horn of Business Week Online read as follows: "Last year for the first time, proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, according to recent comments by Valerie McNiven, an adviser to the U.S. Treasury Dept. 'Cybercrime is moving at such a high speed that law enforcement cannot catch up with it,' she says."
Two things about these statements are indisputable. First, unless readers define "recent" in geologic time, they are not recent. McNiven reportedly made both of these comments more than a year ago, in a November 2005 interview that got extensive online coverage. Second, they lack a reliable empirical basis. Not long after McNiven's 2005 statements, stalwarts of the computer security community, including Bruce Schneier and Robert Richardson of CSI, seriously questioned the provenance and accuracy of her data. Nonetheless, some online media have continued to cite McNiven's comments in cybercrime articles during 2006 without further scrutiny.
In fact, currently available data can support only a conclusion that the growth of cybercrime is neither inexorable nor (a slight bow to P. G. Woodhouse) exorable. "Cybercrime" remains a term for which there is no generally accepted definition. As a result, the inclusion or exclusion of various types of computer-related crime is a factor that can dramatically affect the ability to say, even anecdotally, whether cybercrime is "growing" or not. Moreover, until we move away from well-intentioned cybercrime surveys based on nonrandom samples, like the CSI survey, and toward surveys based on truly random sampling rather than self-selection by survey respondents, such as the National Computer Security Survey, thre is no reliable way to measure "growth" of cybercrime as a whole in quantitive terms.

Cybercrime Up in Japan? How Would We Know?

The November 8 edition of the Japan Times reports that the Japanese Ministry of Justice has just issued a new "white paper" on crime for 2005. According to the story, the white paper states, among other things, that cyber crimes "have been growing steadily in the last five years but leaped substantially from 1,884 instances in 2004 to 2,811 in 2005." The white paper also states that this "leap" was attributed to a "surge in Internet fraud through online auctions, from 542 case[s] in 2004 to 1,408 in 2005." Since the article does not explain what the white paper means by an "instance" or "case," it is difficult -- as usual when the media reports on criminal justice statistics -- to know how to interpret these statistics. Posting of the white paper on the Ministry of Justice website might allow researchers and criminal justice professionals readier access to the data, and allow more meaningful analysis.