Many, maybe most, of us are concerned about online crime. Not only does there seem to be a lot of it about, but law enforcement agencies appear to be overwhelmed to the point where they are disinterested in what happens to you and me, even if we can work out who to report such crime to.
I was therefore quite excited when I saw a headline announcing “Cyber crime a big issue on the Isle of Wight”, and a short news item taking me to the results of a new survey which claims, among other things, that “nearly one in six residents in the south-east [of England] were cyber crime victims in the last 12 months”.
Extended to the UK as a whole, that would mean as many as 10 million ‘victims’ every year. This “cyber crime” seems as common as winter colds.
This startling figure is one of the conclusions of an online survey conducted by a group of organisations including “Cybersafe Surrey”. As soon as I start seeing words like ‘cybercrime’ and ‘cybersafe’, I know that this is a government-driven project through the British equivalent of the interior ministry, the Home Office. You can browse its luxuriantly interactive summary here.
I am still a little vague, I must admit, as to what this ‘cybercrime’ is. Although there is a heading which purports to offer a definition, I am none the wiser as to whether, for example, it includes all crimes involving bank card readers, because they are “IT devices” (another hallmark of government drafting). ‘Cybercrime’ appears to be very large ragbag of different offences, ranging from fraud involving tens of thousands of pounds, to harrassment in social media.
Next we come to the survey methods. These boil down to an online survey using SurveyMonkey which was open for a little over two months, and promoted through “a number of channels including social media, neighbourhood alert systems, and internal intranets”. So no attempt was made to obtain anything like a representative sample. By using intranets, there will be high participation rates in certain areas and groups, and none at all in others. Like so many cheap-and-cheeky Internet surveys, it is not only unrepresentative, but no one knows how badly unrepresentative it is.
One extraordinary limitation is that the survey was confined to those aged 18 years or over, although the proportion of ‘cybercrime vulnerable’ in those aged 12-18 years is thought to be very high. So from the outset the survey excluded one of its most important subject groups; no reason is given for this serious omission.
Then we come to the sample size: “just over 11,600 responses were received”, with no information about how complete they were. Given that the population of this area, south-east England, is of the order of 8.8 million people, if we assume that only half of those are ‘cybercrime vulnerable’ – almost certainly a substantial under-estimate – the sample is of 0.26% of the vulnerable population.
In other words, the ‘results’ would be as reliable an indication of what is happening generally in that population of 8.8 million as the answers from a few focus groups.
When you then start looking at the numbers of respondents in age groups, its invalidity becomes utterly obvious. Only 640 (5.5% of the total) were in the age range 18-34 years, but 6185 (53% of the total) were aged 55-74 years.
The attention-grabbing headline, claiming that 15% were “cybercrime victims” over the last 12 months, proves to be just as suspect. A total of 964 thought that they had fallen for “phishing scams”, 348 succumbed to “banking fraud”, 326 to “account hacking”, 188 to “ransomware”, and smaller numbers to “dating scams” and “harrassment/bullying”.
There are also some strange omissions in the reported results. For example, questions tackled the reporting of ‘cybercrime’, and whether such reports resulted in being provided with “helpful advice”. Most of us, when we report crime, are hopeful that our report may also result in some action to detect and prosecute the perpetrators, but there are no results given for the number of reports which resulted in any such actions. Did the survey even bother to ask?
It is also telling that all the results concerning actions in response to reported ‘cybercrimes’ involve changing the behaviour of the victims, rather than developing any means of identifying and prosecuting the criminals responsible. This is part of a more general pattern, in which resources are being spent making victims of crime the people responsible for those crimes, rather than catching the criminals and bringing them to account.
‘Cybercrime’, at least the real criminal activities which occur online, remains the biggest gift to criminals. It is remarkably easy to accomplish, and extremely lucrative to anyone with a bit of brain and some basic technical knowledge. Unless your criminal activity is directed against a major commercial or government organisation, the chances are vanishingly small of any attempt being made to identify you, let alone catch you and subject you to the due process of the law. With plenty of profit and almost zero risk, it is a tribute to the better side of human nature that we don’t all do it.
Given that it is impossible to draw any useful conclusions from these results, what is proposed next? A proper, representatively-sampled survey, perhaps?
No, it’s straight on with further analysis of the data, as if that will somehow rescue something useful from it, sharing the results with “partners”, developing “local strategies to help prevent cybercrime”, and reducing “victimisation” to “make the south east an even safer place to live”.
I am sorry to have to break the news, but no matter how you try to analyse a tiny unrepresentative survey of opinions on ‘cybercrime’, using an unvalidated survey tool, the garbage input data will always result in garbage output.
This survey is one of the measures being used by county Police and Crime Commissioners, using funds which could otherwise have been spent on the detection and prosecution of crime. While congratulating themselves for their achievements in ‘reducing’ crimes, these commissioners are quick to inform us how many police stations they are closing, and how they are further reducing police numbers. Their annual reports are full of similarly unreal statistics to demonstrate how well they are doing, but nowhere are they prepared to admit to the cost of such surveys and other nugatory activity.
Is anyone prepared to reveal how much money was wasted on this ill-conceived and shoddily-executed ‘cybercrime survey’, and how much more will be wasted acting on its utterly fictional results?