« NIST SP 800-53B Control Baselines for Information Systems and Organizations 情報システムと組織のコントロールベースライン | Main | PCAOB: Interim Analysis of Critical Audit Matter Requirements 重要な監査事項の要求に関する中間分析 »

2020.10.30

Interpol / Council of Europe: Guide for Criminal Justice Statistics on Cybercrime and Electronic Evidence サイバー犯罪・電子証拠に関する刑事司法統計のガイド

こんにちは、丸山満彦です。

インターポールと欧州評議会がサイバー犯罪・電子証拠に関する刑事司法統計のガイドを公表していますね。。。

結論じみた明確なアウトプットがあるわけではないのですが、なかなか興味深い論点です。

事例にオーストラリア、ブラジル、カナダ、ENISA、韓国、英国(イングランド・ウェールズ、スコットランド)、国連(薬物・犯罪事務所)の記載があるのに、日本の記載がないのは残念。

● Interpol

・2020.10.29 Building a solid foundation for measuring the impact of cybercrime

INTERPOL and the Council of Europe, in the framework of the GLACY+ Project, cooperate in publishing the Guide for Criminal Justice Statistics on Cybercrime and Electronic Evidence

  FOREWORD   序文
  ABBREVIATIONS, ACRONYMS AND TERMS   略語、頭字語、用語
  EXECUTIVE SUMMARY   エグゼクティブ・サマリー
1 INTRODUCTION 1 序論
2 PRACTICES ON STATISTICAL DATA ON CYBERCRIME AND E-EVIDENCE 2 サイバー犯罪と電子証拠の統計データの実務
2.1 Regulations and Policies 2.1 規則と方針
2.2 References and Good Practices 2.2 参考文献とグッドプラクティス
3 COLLECTION OF STATISTICAL DATA ON CYBERCRIME AND E-EVIDENCE 3 サイバー犯罪・電子証拠に関する統計データの収集
3.1 Law Enforcement Practices 3.1 法執行の実務
3.1.1 Cybercrime statistics 3.1.1 サイバー犯罪統計
3.1.2 Electronic evidence statistics 3.1.2 電子証拠統計
3.2 Judicial Authorities Practices 3.2 司法当局の実務
3.2.1 Cybercrime statistics 3.2.1 サイバー犯罪統計
3.2.2 Electronic Evidence Statistics 3.2.2 電子証拠統計
3.3 Practices of non-criminal justice actors 3.3 非刑事司法アクターの実践
3.3.1 CERT/CSIRT 3.3.1 CERT/CSIRT
3.3.2 Cybersecurity industry 3.3.2 サイバーセキュリティ業界
3.4 International cooperation statistical data 3.4 国際協力統計データ
3.4.1 Police-to-police cooperation 3.4.1 警察対警察の協力
3.4.2 Mutual Legal Assistance 3.4.2 相互法律扶助
3.4.3 Preservation requests 3.4.3 保存のお願い
4 RECOMMENDATIONS FOR DEVELOPING STATISTICS 4 統計量の開発のための推奨事項
4.1 Strategic Approach 4.1 戦略的アプローチ
4.1.1 Setting Strategic Objectives 4.1.1 戦略目標の設定
4.1.2 Environmental Scanning 4.1.2 環境スキャン
4.1.3 Monitoring the plan 4.1.3 計画のモニタリング
4.2 Implementation Key Points 4.2 実装のポイント
4.3 General steps for data collection 4.3 データ収集のための一般的なステップ
4.4 Sharing of statistical data 4.4 統計データの共有
4.5 More Considerations 4.5 より多くの考慮事項
5 CONCLUSIONS 5 結論

 


警察庁 - サイバー犯罪対策プロジェクト:統計

結構、過去から統計はとっていますよね。。。

統計のデータに基づいて政策や犯罪防止、検挙等に役立っているように思います。。。

 

 


FOREWORD

As information technology becomes widespread in our society, the crimes targeting or using computer systems have also become increasingly common. Governments worldwide are recognizing the need for action to combat cybercrime effectively on a global scale, and many countries have undertaken efforts to adopt criminal legislation and to establish specialized cybercrime units and units responsible for digital forensics in recent years.

To effectively tackle cybercrime, public authorities need a good understanding of the scale, types and impact of crime in cyberspace. However, the borderless nature of the Internet and the constant evolution of technology and techniques used by offenders, such as cryptography and the Darknet, make it difficult for criminal justice authorities to obtain a full understanding of the problem. It is therefore challenging for governments to ensure that societies and individuals are able to benefit from information technology.

In this context, the Council of Europe and INTERPOL jointly developed the present Guide for Criminal Justice Statistics on Cybercrime and Electronic Evidence to support countries in having a clearer vision of the global problem. This guide lays out the agenda for compiling criminal justice statistics with key steps for data collection, analysis and cooperation among multiple stakeholders.

Well-defined statistics produced in collaboration with criminal justice authorities will not only provide valuable insights into the changing environment, but also strategic indicators for measuring the effectiveness of policies and activities. It will also serve as a solid foundation for developing tailored operational responses to reduce the impact of cybercrime.

How countries approach cybercrime and electronic evidence at the national level has a real impact on available options on global cooperation. We call upon criminal justice authorities worldwide to join the efforts for effective international cooperation against cybercrime by collecting, analysing and sharing more transparent, accurate and consistent statistics. We believe that statistics can be a powerful tool to counter cybercrime and protect societies for a safer world.


EXECUTIVE SUMMARY

Statistics on cybercrime and electronic evidence allow criminal justice authorities to have a clearer view of the cybercrime phenomenon in an ever-developing technological environment. They not only allow the authorities to clearly assess crime trends, but also help to measure the efficiency of their approaches and activities.

We find diverse practices in different organizations and countries. This guide includes, among others, examples of the UK Home Office Counting Rules (HOCR), Crime Survey for England and Wales (CSEW), Scotland’s Justice Analytical Service Division’s multi-disciplinary analytical teams, the United States Bureau of Justice Statistics, South Korea’s Information System of Criminal Justice Services (KICS), and the Australian Cybercrime Online Reporting Network (ACORN). These examples demonstrate transparency, accuracy and consistency in the collection and analysis of statistical data.

General practices by law enforcement and judicial authorities on cybercrime and electronic evidence statistics can be summarized as follows:

  • Statistics on cybercrime, electronic evidence and the special tools used for its collection may help authorities in assessing the criminal trends and new technologies used by criminals.
  • The structure of the record should be predefined, preferably in a collection form. Different collection criteria may be imposed reflecting national legislation and practice.
  • Officials engaged in collection need to have sufficient subject matter knowledge to distinguish the patterns in observed crimes and be familiar with the collection policy.
  • Judicial authorities, prosecutors and the police may agree on common collection form and share the responsibilities for collecting data.
  • Alternative data sources may supplement the statistics. Such resources include the data collected from the crime reporting system, CERT/CSIRT or other relevant entities.

When developing or maintaining statistical systems, organizations should take a strategic position and constantly monitor the ever-changing conditions and apply revisions. We also recommend that they consider centralizing the data collection process, adopting common reporting methods, supporting stakeholders, building uniform statistics, and utilizing case management systems.

Statistics become even more useful when shared. The police, judicial authorities and other appropriate authorities should explore possible synergies in exchanging and correlating the data. Such cooperation should take place among national authorities and among the international criminal justice community.


1. INTRODUCTION

Measuring the impact of cybercrime enables the whole spectrum of the criminal justice system to shape effective policies and operational responses. It also allows evidence -based mobilization and alignment of resources. By analysing the figures and trends, criminal justice authorities could have a better picture of their own capacities and areas of improvement. In this context, the Council of Europe and INTERPOL have jointly developed the Guide for Criminal Justice Statistics on Cybercrime and Electronic Evidence to help countries compile statistics in an efficient manner. The main purpose of this guide is to support criminal justice authorities in introducing the statistics on cybercrime and electronic evidence by providing good practices and recommendations.

At present, there is a lack of understanding of the impact of cybercrime, which leads to numerous challenges as to how authorities set strategic goals and develop operational responses in tackling it. Often cyber initiatives are developed based only on hypothetical needs, and resources may therefore be misallocated. Therefore, the agenda related to criminal justice statistics has been attentively discussed in the law enforcement community. Within this dialogue, there is a general understanding that the statistics on crime and evidence would quantify and measure the level of threats posed by cybercrime.

Meanwhile, some criminal justice authorities who created statistics have experienced challenges in developing, implementing and interpreting. This is in part due to the absence of a common approach on the methodology for collection and usage of statistical data. There is also no consensus on how relevant authorities can integrate data at the regional or national level, and the methodology or scope of collectable data. Given the diverse systems and policies, each country is likely to develop its own methodology and categories of data to be collected on cybercrime and electronic evidence.

At the international level, the differences between countries’ judicial systems makes it even more complicated. For instance, the legal definitions of crime differ between countries. In addition, the capacity or capabilities of criminal justice authorities in investigation, prosecution and adjudication in the national context could vary. In terms of sources, authorities outside the criminal justice system may also hold relevant data on cybercrime and electronic evidence. Computer Emergency Response Teams/Computer Security Information Response Teams (CERT/CSIRT) are good sources of data for accurate and relevant statistics. Therefore, cooperation with diverse actors in industry and academia can be helpful.

This guide is to be used as a reference for enhancing specialized cybercrime capabilities of law enforcement and criminal justice systems in various national contexts. Moreover, it provides recommendations on how to integrate statistics within the day-to-day operations of the criminal justice authorities. Like other statistics, the data were collected by respondents who translated experienced facts into metadata prepared by the collecting agency. The guide also limits the definition of statistics to the collection of data on actual cases from practitioners working at criminal justice authorities.


5. CONCLUSIONS

The aim of this guide is to enhance the capability of criminal justice authorities to better understand, measure and address cybercrime through the use of statistical data. It presents measures that law enforcement and judicial authorities can adopt to collect, process and maintain statistics on cybercrime and electronic evidence.

Taking a strategic approach and building an implementation plan are crucial for accurate statistics. Statistics will provide criminal justice authorities with a clear picture of cybercrime and electronic evidence and will permit them to address these challenges. Statistics can assist policy makers and regulators in making evidence-based decisions, thus enabling better policing and transparency.

An effective statistics system may be summarized as a unified statistical system encompassing relevant criminal justice authorities and stakeholders. A significant amount of communication would be needed to bring these entities together.

Aligning domestic legislation on offences, procedural powers and international cooperation on cybercrime with international standards, such as the Budapest Convention on Cybercrime, helps provide a common understanding of the conduct constituting cybercrime and thus to aggregate and compare data across jurisdictions.

The Council of Europe and INTERPOL will continue to cooperate in this endeavour and stand ready to support criminal justice authorities worldwide in view of effective international cooperation against cybercrime. Establishing transparent, accurate and consistent statistics is a key element of this common effort.


 

|

« NIST SP 800-53B Control Baselines for Information Systems and Organizations 情報システムと組織のコントロールベースライン | Main | PCAOB: Interim Analysis of Critical Audit Matter Requirements 重要な監査事項の要求に関する中間分析 »

Comments

Post a comment



(Not displayed with comment.)




« NIST SP 800-53B Control Baselines for Information Systems and Organizations 情報システムと組織のコントロールベースライン | Main | PCAOB: Interim Analysis of Critical Audit Matter Requirements 重要な監査事項の要求に関する中間分析 »