The
importance of metrics to crime deterrence would appear to be both critical and
obvious and yet there is clearly a large cybercrime metrics gap: official statistics about
crimes committed in cyberspace seem scarce relative to those documenting the incidence
and impact of traditional or “meatspace” crimes.
I have been talking about the cybercrime metrics problem for many years, notably at Virus Bulletin in 2015 (you can find my paper, a video of my talk, and my slides here: Sizing cybercrime: incidents and accidents, hints and allegations).
More recently, namely Q3 of 2019, I wrote a law review article titled Advancing Accurate and Objective Cybercrime Metrics (publication pending). I did this as part of the Third Way Cyber Enforcement Initiative, an impressive effort to bring together an inter-disciplinary group of experts to develop ways forward on the cybercrime problem. This has already produced results, an excellent summary of input on The Need for Better Metrics on Cybercrime, from Third Way Policy Advisor, Ishan Mehta.
My paper for this project situates the
efforts needed to obtain accurate and objective cybercrime metrics within
the broader work of reforming traditional crime reporting which currently fails
to meet the needs of information-based criminal policy. With a case study of
identity theft, the paper illustrates disparities between current government
and private-sector metrics while highlighting the importance of timely metrics
to the work of countering rapidly evolving cybercrimes. After reviewing
promising ways forward already developed by a range of experts, the paper
concludes that meaningful action to improve crime metrics is possible; however,
this will take more political will than has so far been mustered and so suggestions
for how this might be generated are provided.
I will be giving a flashtalk on the paper at the upcoming symposium at New York University: Catching the Cybercriminal: Reforming Global Law Enforcement. Then I will report back here.