About the Newsletter

Current Issue

Archive

The Editorial Office 

Past Contributors 

Guidelines for Authors

Subscribe 

Send us feedback


Volume 20, No. 3, October 2010


Table of Contents

 

Towards A Real-Time Response (RTR) Model for Policing the Cyberspace

Authors[i]

 

Olumide, Longe ; Adenike, Osofisan ; Lynette Kvasny, Chanika Jones &  Abinwi, Nchise

 

 

ABSTRACT
Policing the cyberspace has remained a daunting task partly because of the socio-technical dynamism introduced into crime detection and apprehension on electronic platforms. While it is timely to adopt and create new laws that regulate certain cyber activities, majority of the challenges in apprehending cyber criminals has to do with law enforcements' inability to react appropriately to criminal activities on the webscape. This is because cybercrime does not share some of the characteristics of conventional crimes such as proximity of the criminal to the victim and crime location as well as the scale and size of the crime that can be committed which is limited by physical constraints such as security measures put in place to serve as deterrents. Incidentally, the Peel theory of conventional policing is premised on these factors thereby rendering it ineffective against cybercrime. As part of our Trans-Atlantic collaborative research between Sub-saharan Africa and the United States of America on policing the cyber space, our research team, in this paper, proposes a socio-technological model as a tool to mitigate the cybercrime problem. This model referred to as the Real-Time Response Model (RtR) offers an interactive real-time response platform that empowers users in the cyber space as the last line of defense. The framework provides for dynamic interaction between victims and law enforcement and serves as an aid in identifying, reporting and apprehending cyber criminals.

Keywords: Cybercrime, Law Enforcement, Policing, Social theories, Peel Model.
Policing the cyberspace has remained a daunting task partly because of the socio-technical dynamism introduced into crime detection and apprehension on electronic platforms. While it is timely to adopt and create new laws that regulate certain cyber activities, majority of the challenges in apprehending cyber criminals has to do with law enforcements' inability to react appropriately to criminal activities on the webscape. This is because cybercrime does not share some of the characteristics of conventional crimes such as proximity of the criminal to the victim and crime location as well as the scale and size of the crime that can be committed which is limited by physical constraints such as security measures put in place to serve as deterrents. Incidentally, the Peel theory of conventional policing is premised on these factors thereby rendering it ineffective against cybercrime. As part of our Trans-Atlantic collaborative research between Sub-saharan Africa and the United States of America on policing the cyber space, our research team, in this paper, proposes a socio-technological model as a tool to mitigate the cybercrime problem. This model referred to as the Real-Time Response Model (RtR) offers an interactive real-time response platform that empowers users in the cyber space as the last line of defense. The framework provides for dynamic interaction between victims and law enforcement and serves as an aid in identifying, reporting and apprehending cyber criminals.

INTRODUCTION
The definition of crime varies as much as there are differing perceptions of the issue. For our discussion, we view crime(s) as 

act(s) committed or omitted in violation of ethics, norms and (or) laws forbidding or commanding it and for which punishment is imposed upon conviction. These acts threaten social, economic, political and other social structure in a society. Crime could be against persons, organizations, institutions and states. Cybercrimes on the other hand are crimes committed on the cyberspace using computer and networking technology provided by Information and Communication infrastructures (Chawki, 2009, Longe 

et al, 2010a). Observable trends has shown that law enforcement has not been able to scale-up to meet up with the new challenges posed by cybercrime to the well-being of various categories of users on the Internet (Brenner, 2007).

 

The digital revolution has dissolved physical boundaries of countries all over the world making those with inadequate 

cyber-crimes or Internet related offences laws to be vulnerable for committing such crimes. Evolving cyber criminology and conventional crime theories posits that through the Internet, criminals or persons with criminal intents have simply been given an electronic tool which increases their potential pool of victims and makes them all the harder for law enforcement to trace and apprehend (Clarke & Felson, 1993; Cox et al, 2009; Jaishankar, 2009).. Thus legal experts usually disagree on matters relating 

to the territorial jurisdiction for the trial of the aforesaid offences (Brenner & Koops, 2004). This situation makes the investigation, apprehension and prosecution of cyber-crime offences extremely difficult. The relative anonymity that the Internet offers also makes remedies against primary perpetrators much less effective than they are in the conventional crime scenario (Longe et al, 2009a). Thus, for example, it is much easier to obtain a relatively anonymous e-mail account from a provider such as yahoo, hotmail or Google for use in connection with illicit conduct than it is to obtain a post-office box in the offline world.

Our intention in this discourse is to critically examine the Peel theory of community policing in the context of evolving cyber challenges with a view of proposing a model that can better empower law enforcement to mitigate the cybercrime malaise. The remaining part of the paper is organized as follows. Section 2 discusses social theories relating to crime and criminology. Next 

we examined conventional crime control. This is followed by section 4 where we focused on the challenges of fighting cybercrime with the Peel Model of community policing. In section 5, we present the Real-Time Cybercrime Response Model. The paper ends with recommendations for research and practice and conclusion.

 

SOCIAL THEORIES OF CRIME
With increasing ICT diffusion leading to routine usage opportunities for unethical behavior in cyber space has been on the increase. Cybercrime seems to be yielding much to criminals and the malaise is not going to be curbed without some resistance from cyber criminals (Longe et al, 2009b). This position is supported by the routine activity theory which in itself is a subset of the rational choice criminology (Cohen & Felson, 1979). Routine activity theory posited that crime is normal and depends on the opportunities available. If targets suffer inadequate protection and if the gains to the criminals are worth the risk, crime will occur. The routine activity theory has been able to explain the basis and motivation for such crimes as copyright violations, cyber espionage, corporate theft and Internet crime in a general. The social learning theory (Burgess and Akers, 1966), social bonding theory (Hirschi, 1969) and rational choice theory are other sociological theories that address the issue of crime motivation. The social learning theory posits that crime increases when the would-be criminal socializes with and identifies with others engaged in criminal behavior. Hirschi's social bonding theory (1969) focuses on the influences that prevent an individual from engaging in criminal activities. It explains an individual's disinclination to commit crime based on their levels of attachment, commitment, and involvement, as well as their beliefs. Unfortunately, in some parts of the world, cybercrime is becoming acceptable as a form of employment rather than as a crime because of the allure of quick riches provided to the perpetrators (Longe et al, 2009a). Rational choice theory argues that people make basic decisions to commit a crime, or to not commit crimes, based on a simple cost-benefit analysis (Akers, 1994). The proponents of situational crime prevention theory argue that it is necessary to forestall  the crime from occurring in the first place, as opposed to concerning themselves with detecting the crime or punishing the criminal after the crime has occurred Clarke (1997).

CONVENTIONAL CRIME CONTROL
Crime control refers to a theory of criminal justice that places emphasis on reducing crime in society through increased police and prosecutorial powers. Generally, this control is based on social structures that use general societal condemnation of violations and the violators. It also control conducts by exacting punishment, deter future violations by sanctions and new pronouncement appropriate to the instance or new instances or genre of crime and in some cases reconcile violators and victim(s). The disorganization of primary societies, urbanization and increase in the scale of crime rendered these measures inadequate in dealing with crime on a large scale. In 1829 Rob Peel came up with the current conventional model of law enforcement and policing.


Fig. 1: The Peel Model of community Policing (Source Longe et al, 2010a)

 

The challenge with the Peel model of law enforcement (Fig 2) is that it makes citizens assume minimal responsibility for crime 

and internal order. Citizens in the twenty-first century therefore see this as the sole responsibility of law enforcement agents and quasi-military police forces who maintain internal order by reacting to completed crimes (Brenner, 2007).

 

 

 Characteristic of Real World Crime
Four characteristics of real-world crime shaped the way the way the Peel model approaches the issue of crime and 

criminality (Fig. 2). These are:

  1. Proximity between criminals and victims

  2. The scale of the crime

  3. Physical constraints that can discourage the criminal(s)

  4. Patterns of crime with which investigator are familiar.


Fig 2: Factors that shape the Peel Model of Law Enforcement (Source Longe et al, 2010a)

 

These facts can be explained by looking at how conventional crimes occur. Violators or criminals and their victims are 

usually physically proximate in most occurrences. Theft and rape cannot occur unless the victim and the criminals have contact. 

The extents of the crimes are limited by the number of criminals and victims. Constraints such as distance and the efforts required to commit crimes can provide evidence and aid in the apprehension criminals (Brenner, 2004). For instance, criminals can drop 

business cards or purchase receipts at the crime site unknowingly; they can even leave DNA evidence which can aid law 

enforcement in tracking them down. Demography and criminal profiling can contribute to apprehension and tracking criminals. 

There are certain forms of crime common to resource-poor environment or individuals while others can only be committed by economically vibrant and advantaged individuals. Spatial limitation is an aid to real world crime and the one-to-one relationship 

between victims and violators yields the assumption that crime is committed on a limited scale.

The Cybercrime Challenge
A major challenge that cybercrime poses to the Peel Model is the ability to react to automated crime. This is because cybercrime does not share some of the characteristics of conventional crimes that shaped the current Peel model of law enforcement. The cyberspace invalidates the very basic tenets on which the Peel Model is built. In cyberspace, the following conditions are valid:

  1. No proximity is required between victims and violators. These crimes are committed, in various forms and guises, across continents. Anonymity is a factor on the cyberspace that the criminal use to their advantage.

  2. Cybercrime are faceless crimes unless the criminal chose to meet the victims as is the case with fraudulent cyber transactions, pedophiles and online pornography.

  3. One-to-one victimization therefore becomes invalid as the crime process is automated

  4. The criminal(s) can move from one location to another to beat the best Internet address protocol location tools or to avoid phone call traces. They can engage a proxy server to mask or masquerade their actual locations.

  5. The criminal(s) can commit crimes against individual or individuals in multiple of places at the same time - therefore there is multiple victimization from multiple locations or from a single location (Fig. 3)

  6. Therefore we have a one-to-many scenario in this case which clearly invalidates the conventional crime tenets.

  7. These criminal(s) use computers and other resources in cyber space systems belonging to other unsuspecting users as bots, zombies or detours without their knowledge. They therefore criminalize their victims. This means victims can be turned to criminals even without their knowledge and further used to commit multiple crimes in multiple locations (Fig. 3)

 

    Fig 3: Multiple Effect of Reach of Cybercrime. (Source Longe et al, 2010a)

    Based on the foregoing, we developed a theory of pseudo-resource ownership to explain why repeated victimization is sometimes successful in the cybercrime scenario. The postulate is that cybercriminals have the potential to defraud individuals and organizations of different kinds of resources without their knowledge, while victims still have in their possession physical evidence that such resources are still theirs. Consider phishing or credit card fraud where credit card information is subtly obtained or hacked and 

    funds transferred in sequence out of such accounts over a period of time. Owners hardly suspect foul play since the so called cards and the security or pin numbers are still in "their possession". Unfortunately, information technology now necessitates the need for a paradigm shift from policing concepts and models that focused on localized crime to those that can deal with crimes that radically deviate from the localized trend. 

     


    Fig. 4: Localized Crime Response

    It is obvious that the current model of law enforcement cannot effectively militate against cybercrime as cybercrime conducts deviates radically from conventional crime in terms of its execution. Current response mode from law enforcement is localized and cannot scale in magnitude and pattern to the cybercrime scenario (Fig. 4). Anonymity, jurisdiction of law, the pseudo-resource ownership theory, global reach and multiplication of crime and its victims in multiple locations are challenges to the application of conventional policing strategies to cybercrime.

     CYBERCRIME PREVENTION AND CRIMINOLOGY THEORIES
Since according to the Routine Activity theory, routine activities in conventional societies provide opportunities for perpetrator to commit crime, the following conditions must be met for crime to occur:

  1. Security guards, Police, Para Military

  2. Neighbors, dogs, watchmen

  3. Keys, Fences, Video Cameras, Door alarms

  4. Passwords, Fingerprints

These guardians can also be formal or informal, human or machine and must be capable of acting as deterrents. The Opportunity Theory (Felson & Clarke, 1998) posits that the opportunity to commit crimes is a root cause of criminal activities. It therefore propounds the reduction of criminal opportunities as a potent measure to reducing crimes. Interestingly, the proponents of the Displacement theory argued against these premises. They postulated that reductions in opportunity will not reduce crime because crime will be displaced to another location. This is because opportunities are so compelling that removing perpetrators will not reduce crime because other perpetrators will step in showing that crime is not always displaced. For instance, in parts of sub-Saharan Africa Night browsing have been banned in Public Internet Access points such as cyber cafes. This has not reduced the number of criminals engaged in advance fee fraud (Adomi, 2007; Oluniyi, 2009). The testimonies of pseudo success and the allure of quick riches obtained by these is as a motivation for criminally minded individuals. This is explainable using the Binding Theory and the Differential Association Theory ((Williams & Mcshane, 2004). Cyber criminals now resort to acquiring fixed wireless lines and modems from designated service providers to perpetrate cybercrimes in the comfort of their homes.

 

     THE REAL-TIME DEMAND-RESPONSE MODEL

In the efforts to fight cybercrimes, our belief is that users must also be empowered as part of the line of defense. In the Peel model this responsibility rests on the Police and other law enforcement agents. We propose a real-time interactive model that aids the identification, reporting, apprehension and prosecution of cyber criminals. Our model takes into consideration the fact that cyber crime does not share the common characteristics on which the Peel theory rests and that the criminals plug into the webscape through remote proxies. The model (Fig 5) shown below provides valves that assist users identify malicious intentions through a multi-level access control mechanism.

 

The cyber infrastructure is engaged as a mechanism that provides synergistic interactions between users and law enforcement. 

We envisaged that the user interface be designed to enable the users, Internet Service Providers and Law Enforcement interact in such a way that these parties can send report about suspicious traffic to law enforcement. The e-mail interface should have facilities that can automatically connect users to law enforcement to report suspicious cyber activities and report violations in real-time. Law enforcement will be connected through a distributed network such that cyber criminals can be tracked anywhere 

in the world in other to ensure a global response. The reaction to information input into the system will create an effective mechanism for tracking, identification and apprehension of cyber criminals. In the Figure below, hypothetically, users A, B and C access the cyber infrastructure from different locations. Law enforcement Agencies at Locations A, B and C (not necessarily the same locations as Users A, B and C) are directly connected to the different users logging into the cyberspace from these different locations. 

 

Mechanisms are provided in the use-situation that enables users to report any noticeable or suspected malicious activities to trained law enforcement officers. Responses are prioritized according to users' needs. Requests for attention and responses are Real-time where users can be directed on what to do and how to do it. This provides a repository of user requests and responses that can be used to train the Real-Time Response Model (RtR) engine so the system can be collaborative, 

adaptive and learn. Reactions to specific instances of problems or criminal activities are exchanged and fine-tuned between or among the responding agents at the various locations to produce well-directed and fine grained output. Responses are therefore based on identification, profiling and global in nature. As compared to the static online Peel Model, the mechanism provided ensure prompt reporting and responses which has hitherto hindered apprehension and prosecution of cyber criminals.

 

Fig. 5: Real-Time Cybercrime Response Model

 

CONCLUDING REMARKS
To secure the Internet from cyber abuse, law enforcement must be willing to revisit its mechanism for reporting, apprehension and prosecution in the light of emerging technologies. We have shown in this paper that the Peel model of community policing suffer some inadequacies with regards to fighting cybercrime. A Real-Time Response Model (RtR) is proposed that can assist law enforcement agents in their fight against cybercriminals. The Internet community and law enforcement must engage in a collective effort to curb the Internet of the demeaning crimes it is helping to fuel. We ignore these challenges to the detriment of the users of information technology.

    REFERENCES
  • Adomi, E (2007) - Overnight Internet Browsing Among Cybercafe Users in Abraka, Nigeria. Journal of Community Informatics. Vol 3 No. 2
  • Akers, R. L. (1994) Criminological Theories: Introduction and Evaluation, Roxbury Publishing Company: Los Angeles. Pp 1-236.
  • Brenner, S (2004). Distributed Security: A New Model of Law Enforcement. John Marshal Journal of Computer and Information Law VOL. XXIII . 2005. (4) . Retrieved December 2, 2009 from http://www.jcil.org/journal/articles/434.html
  • Brenner, S. (2007), "Law in an Era of Smart Technology", Oxford: Oxford University Press
  • Brenner, S & Koops, B (2004); Approaches to Cybercrime Jurisdiction. J. High Tech. L. Vol 1
  • Burgess, R. L. and Akers, R. L. (1966) A Differential Association-Reinforcement Theory of Criminal Behaviour, Social Problems, Vol 14, pp128-147.
  • Chawki, M. (2009). Nigeria Tackles Advance Free Fraud. Journal of Information Law & Technology (2009) No. 1. Retrieved January 12, 2010 from http://go.warwick.ac.uk/jilt/2009_1/chawki
  • Clarke, R. V. (1997) Situational Crime Prevention: Successful Case Studies, Harrow and Heston Publishers: Guilderland, 1-357.
  • Clarke, R. V. and M. Felson (Eds.) (1993). Routine Activity and Rational Choice. Advances in Criminological Theory, Vol 5. New Brunswick, NJ: Transaction Books
  • Cox, R, Johnson, T. & Richards, G. (2009): Routine Activity Theory & Internet Crimes. In Schamallager & Pittaro - Crimes of the Internet. Pearson Prentice Hall. New Jersey.
  • Felson, M & Clarke, R (1998). Opportunity Makes the Thief. Policing and reducing crime Unit, Research Development and Statistics Directorate. Paper 98. London Home Office.
  • Hirschi, T. (1969) Causes of Delinquency, University of California Press: Berkeley.
  • Jaishankar, K (2009): Space Transition Theory of Cybercrimes. In Schamallager & Pittaro - Crimes of the Internet. Pearson Prentice Hall. New Jersey Longe, O., Ngwa, Wada, F., Mbarika, V. & Kvasny, L. (2009a).
  • Criminal Use of Information and Communication Technologies in Sub-Saharan Africa: Trends, Concerns and Perspectives. Journal of Information Technology Impact, Vol 9, No 3 Longe,O.B, Mbarika, V, Kourouma, M, Wada, F & Isabalija, R. (2009b).
  • Seeing Beyond the Surface: Understanding and Tracking Fraudulent Cyber Activities. International Journal of Computer Science and Information Security. Vol. 6, No 3 pp. 124-135) Longe,O.B., Wada, F. , Anadi, A, Jones, C. & Mbarika, V (2010a).
  • A Critical Appraisal of the Peel Theory of Community Policing in the Age of Cybercrime. 84th Annual Meeting Louisiana Academy of Science.
  • Louisiana State University at Alexandria. http://www.laacademy.org/docs/Schedule.pdf
  • Longe O.B., Mbarika V.W., Jones .C. , Anadi .A., Wada .F. , Longe F.A. , Onifade .O.F.W. & Dada .G. (2010b).
  • Can Any Good Thing Come from Nazareth' - An Investigation into the Origins of 419 Spam Mails.
  • Proceedings of the 3nd International Conference of the Int. Centre for IT & Dev. Cameroon, March, 2010.
  • Oluniyi A. (2009): EFCC Ban Night browsing http://www.davidajao.com/blog/2006/08/09/nightbrowsing-Banned Williams, F. & Mcshane, M (2004): Criminological Theory.
  • 4th Edition. Pearson Prentice Hall. New Jersey.


[i] Olumide, Longe Inst. for Cyber Security & Allied  Research , ICITD, Southern  University, Baton Rouge, USA. longeolumide@ieee.org ;Adenike, Osofisan - Deprtment of Computer Science, University of Ibadan, Ibadan, Nigeria: mamoshof@yahoo.com ; Lynette Kvasny- Coll. of Inf. Science & Tech Penn State University, Pennsylvania, USA :  lkvasny@ist.psu.edu , Chanika Jones - Department of Criminal Justice, Southern University & A & M College, Baton Rouge, USA : cj4su@yahoo.com; Nchise Abinwi Nelson Mandela School of Public Policy, Southern University & A & M College, Baton Rouge, USA : abinwi@nchise.org