A Paradigm Shift in Policing
– From Law Enforcement to
CyberPolicing
Nimrod Kozlovski
PORTIA Project
CS, Yale University
April 2005
Examples of crimes and reactions




Credit card fraud
Child pornography
Copyright piracy
DDos (offline analogy?)
The Law Enforcement Model


Deterring from
committing a crime
Reacting to a
committed crime



Investigation
Prosecution and
punishment
Public police force
Do we follow the Law Enforcement
Model online?




Credit card fraud (predictive patterns,
anomaly detection, profiling)
Child pornography (sting operation)
Copyright piracy (DRM, fingerprinting –
crime prevention through design)
DDos (IDS/IPS, Honeypot)
Why the Law Enforcement Model is
not being followed online?



Invalid assumptions (in the online world)
 Deterrence
(Gain<Punishment*enforcement probability)
 Expected gain – cost of crime, expected gain
 Punishment expectancy (playing the jurisdiction)
 Enforcement probability
 Ability to investigate and prosecute
 Magnitude of crime
Social preference for a preventive system
 Cost
 Privacy implications
 Prevention of lawful activity
Private entities’ choice
Policing Strategy







Law Enforcement
Reactive
Evidence based
investigation
Law as primary regulator
Discretionary enforcement
Deferred judicial sanction
Passive victim
Criminal focused







Cyberpolicing
Proactive tactics
Intelligence focused
Regulation through Code
Automated, non
discretionary
Present non-judicial
sanctions
Active victim
Intermediaries focused
Organizational Structure
Law enforcement





Public officials
Central command
Territorial
Limits on delegation of
policing power
Limitations on
individual’s use of force
Cyberpolicing





Multiplex organizational
structures
Decentralized
Non territorial,
internationalized
Delegation of policing
functions
Empowerment of the
individual (self help)
Should we care?

The failure of the current legal system to
control cyberpolicing



Unaccountable policing




Public officials focused
Reactive model focused
Setting the rules
Policing policies
Actual enforcement
Designing for accountability

Technological, legal, institutional mechanisms