Cybercrime and Digital Forensics – Key Vocabulary

Chapter Goals

• Recognize responsibilities of law-enforcement agencies at local, state, federal, and international levels in responding to domestic/international cybercrime.
• Understand which agencies respond to attacks on military/government systems versus those that protect citizens.
• Differentiate civil and criminal law in digital investigations; clarify role of private investigators (PIs).
• Appreciate difficulties of cybercrime investigations across national borders.
• Debate how governments balance citizens’ privacy with intelligence-collection strategies for national-security threats.
• Discuss how the perceived legitimacy of governments/companies is affected by their investigative or surveillance strategies.

Introduction: First Contact & Jurisdictional Realities

• Citizens conditioned to dial emergency numbers (e.g., 911 US, 999 UK) but local police seldom resolve cyber incidents.
• Cybercrimes frequently transcend municipal, state, or national borders → local police jurisdiction ends at city/county lines.
• Example: identity-fraud victim in State A, offender in State B → local agency powerless; needs federal referral.
• Some events not deemed “crimes” locally (e.g., malware infection with no proven data misuse, single harassing tweet).
• Under-reporting consequences:
  • Victims less willing to notify police about cyber harms than physical harms (Cross 2015; Graham et al. 2020; Van de Weijer et al. 2020).
  • True prevalence/severity remains unknown; issue flagged since mid-1990s (Goodman 1997; Stambaugh et al. 2001).
• Research on policing cybercrime still limited versus traditional topics (gangs, domestic violence).

Municipal Police & Sheriff Offices

• Local agencies respond to diverse calls, crime prevention, arrests, public safety within limited jurisdiction (Walker & Katz 2022).
• Size/capability varies dramatically; larger, more hierarchical agencies more likely to allocate cyber resources (Nowacki & Willits 2020).
• U.S. landscape:
  • Majority are municipal police; sheriffs either police unincorporated/rural areas or run jails & civil processes.
  • 48\% of local agencies (2016) have < 10 sworn officers (Hyland & Davis 2019).
  • Most serve populations < 50{,}000.
• UK: territorial police forces; Canada: city police; most nations—local level plays minor role except where victim & offender co-located (e.g., online harassment, stalking, child-sexual-exploitation cases).

Persistent Challenges for Local Agencies

• Jurisdictional mismatches (victim/offender in different areas).
• No single legal definition of “cybercrime.”
• Lower public outcry versus violent crime.
• “Invisible” nature of offenses → evidence hard to see.
• Technology costs (hardware, software, forensics; see Chs 14–16).
• Training/re-training/retention issues; lack of managerial support.

Proposed Solutions & Trends

• Advocacy for building specialized local cyber units; evidence of growth in large urban departments (Willits & Nowacki 2016).
• Emphasis on patrol officers as first digital-evidence responders:
  • NIJ’s “Electronic Crime Scene Investigations” guide (2nd Ed., 2008).
  • U.S. Secret Service “Best Practices for Seizing Electronic Evidence” (3rd Ed., pocket guide).
  • Need to recognize IoT, smart vehicles, TVs, Alexa, etc.
• Cultural resistance: patrol officers perceive cybercrime as low-priority unless child-sexual-abuse content; prefer citizen self-protection & legal reforms over expanded police roles (Hinduja 2004; Holt et al. 2019).

State / Provincial Agencies

• Provide investigative backup when local resources inadequate or multi-county jurisdiction (Walker & Katz 2022).
• Operate state labs (digital forensics) for smaller departments.
• Growth in state-level cyber units due to better budgets (Willits & Nowacki 2016).
• Fusion Centers (est. 2003 post-9/11):
  • Joint DHS–DOJ initiative to share terror & crime intel – now includes cyber‐threats.
  • Criticized for inaccurate reports (e.g., 2011 Illinois “water-pump hack” misattributed to Russian actors; actually contractor on vacation).

Federal / National Law Enforcement

• Highest resources; handle complex & transnational cases.
• U.S. agencies & overlapping jurisdictions:
  • FBI – intrusions, IP theft, economic crime, CSEM, interstate stalking, cyber-terror.
  • U.S. Secret Service – financial-sector intrusions, economic crimes.
  • CBP – IP theft, economic crimes; ICE – ID theft, CSEM.
• Other nations:
  • UK National Crime Agency (NCCU), special police forces.
  • Canada RCMP (national + provincial policing).
• Military / intel domain: U.S. Cyber Command, NSA; UK MoD & GCHQ; Singapore CSA; Canada CSE.

Civil Law, Digital Evidence & Private Actors

• Criminal law: state prosecutes offenses violating moral/social rules; burden =\text{beyond reasonable doubt}.
• Civil law: disputes over private rights; plaintiff vs. defendant; damages:
  • Compensatory (replace loss).
  • Punitive (punish negligence/malice).
  • Burden =\text{preponderance of evidence} > 50\% likelihood.
• Digital forensics pivotal in divorces, employment disputes, contract breaches.
• Investigations done by private forensic examiners/PIs, not police.

Licensing & Certification Landscape (U.S.)

• 30 states require forensic examiners to hold PI licenses; only 4 distinguish PI vs. digital-forensics license.
• 15 states interpret existing law as no PI license needed; 5 have no PI statutes.
• Licensing ensures background checks but not technical competency; certification bodies (e.g., EnCE, GCFA) provide skills, yet landscape fragmented.
• Survey (Kessler 2017): some examiners had no certifications or piggy-backed on agency hardware.

Corporate Civil Actions

• RIAA / UK FACT & ISPs send cease-and-desist letters to suspected media pirates.
• Facebook lawsuits (2019):
  • ILikeAd Media Intl. – ad-click malware compromise.
  • LionMobi & JediMobi – Android apps with backdoor click-fraud.
• Ethical debate: corporations as quasi-prosecutors; unclear victim remediation & platform hardening.

Nongovernmental Organizations (NGOs)

• Fill gaps in law-enforcement capacity; gatekeepers linking victims to justice.

Spamhaus (est. 1998, UK)

• Tracks spam, phishing, malware; maintains real-time block lists of malicious IPs.
• Claims to protect 3.1\text{ billion} email addresses worldwide.

Computer Emergency Readiness Teams (CERTs)

• Public/private expert groups; alert & respond to vulnerabilities.
• 503 CERTs worldwide in 2019 (+10.5\% vs. 2018; +59\% vs. 2015).

Cyber Civil Rights Initiative (CCRI, est. 2013)

• Volunteer NGO assisting non-consensual-porn victims; content takedowns, legal advocacy, policy reform.

International Enforcement Challenges

• Statutory language lacks parity; extradition gaps (e.g., U.S.–Russia/China/Ukraine) → safe havens.
• Prosecutors may decline cases when arrest improbable.
• Obama-era proposal: extend RICO statutes to hackers → tougher sentencing & investigative powers (pending).

Interpol – Multinational Support

• 194 member nations; 18 databases (physical & digital evidence).
• ICSE database for CSEM; Cyber Fusion Center publishes malware/phishing intel.
• Dark Web Monitor: scans markets/forums for actionable data.
• Provides training & task-force coordination; cannot arrest but vital for information exchange.

Security vs. Privacy Tension

• Post-9/11 priority: pre-empt terror & cyber threats; rise in social-media threat-monitoring arrests.
• Secrecy of surveillance tools vs. citizens’ right to know → civil-liberties debate.

San Bernardino iPhone Case (2015–2016)

• Terror attack killed 14, wounded 22.
• FBI sought Apple’s help to unlock county-owned iPhone 5c.
• Apple refused (Fifth Amendment / backdoor risk).
• FBI paid >1{,}000{,}000 to 3rd-party exploit; no useful intel recovered; method obsolete after iOS update.

Cambridge Analytica Data Harvest (2016 revealed 2018)

• 87\text{ million} Facebook profiles scraped via quiz app ⇒ psychographic ads to sway/suppress U.S. voters.
• Violated FB data-sharing rules; led to global privacy backlash, #DeleteFacebook movement, yet user retention largely unchanged.

Mass-Surveillance Programs

• NSA PRISM (est. 2007): machine-learning over bulk email/SMS/other data from ≥9 tech giants; shared with Five Eyes partners.
• UK GCHQ KARMA POLICE (est. 2009): tapped fiber-optic cables; logged \approx 50\text{ billion} metadata records/day; goal: “map every visible user.”
• Snowden leaks (2013) exposed both programs; sparked legal reviews (e.g., UK parliamentary overhaul).
• Critics argue mass data-retention overturns presumption of innocence.

Legitimacy & Public Trust

• Overreach by state or corporations erodes perceived legitimacy → lower compliance, cooperation (Sunshine & Tyler 2003).
• Need transparent checks & balances; excessive secrecy risks authoritarian drift.

Summary: Multi-Stakeholder Response Needed

• Cybercrime demands coordinated effort: local (first responders), state (labs, fusion centers), federal/national (complex & transnational cases).
• International cooperation hampered by legal disparities; Interpol & treaty work vital.
• NGOs & industry fill enforcement gaps but raise ethical/legal questions.
• Ongoing struggle to balance effective security intelligence with individual privacy and democratic legitimacy.