Addressing cybercrime properly

by John Bandler

We are not addressing cybercrime properly yet. Here are some things that need to be done.

  • Improved investigation and prosecution at all levels
  • Improved international cooperation
  • Improved cybersecurity for all (while recognizing that the cybercrime problem cannot be fixed with improved cybersecurity)

Let's discuss each.

Improved investigation and prosecution

I have joined investigation and prosecution together because they must go together. Effective prosecutions cannot occur without good investigation, and prosecutors need to be an integral part of the investigative process.

Here are essential points to improve investigation and prosecution:

  • More deterrence for would-be offenders
  • Bring more cybercrime offenders to justice
  • Increased state and local role in cybercrime investigation
  • Increased capability for victims to report cybercrime

An important part of the criminal justice system is holding offenders accountable, bringing them to justice. When offenders are held accountable, they have an opportunity to be rehabilitated and change their future conduct. It also allows for punishment to encourage them not to reoffend, and to deter other offenders.

We can all agree that "justice" is a good thing, even if we disagree on precisely what that means in each situation.

Cybercrime is typically committed for profit, and many cybercriminals earn significant profits through the repeated commission of crime. Offenders who commit crimes many times a day over weeks, months, and years, reflect repeated conscious choices to commit crime and victimize others. This is the type of crime most likely to be deterred if offenders believe there is sufficient risk of apprehension, followed by punishment.

To increase the deterrence, we generally do not need to increase the potential severity of the punishment. That is likely already sufficient. We need to increase the likelihood of being caught. (Side note: This presumes there is a mechanism for adequate punishment in place. To the extent some criminal justice reforms have eliminated or severely reduced the ability to punish an offender, we need to rethink that).

The key is to increase the likelihood of catching a cybercrime offender, and to do that we need to improve how we investigate it.

Increased state and local involvement in cybercrime is needed

Federal law enforcement does excellent cybercrime investigations, but state and local authorities need to expand their capabilities. When federal authorities bring a cybercrime case, they [literally] make a federal case out of it. But we need to recognize that the capacity of federal law enforcement is extremely limited. They bring a tiny fraction of all criminal prosecutions in this country, while state and local law enforcement does the bulk of criminal justice work. State and local investigators and prosecutors must meet their duties when it comes to offenses in cyberspace.

Federal law enforcement triage their cases by necessity since their capacity is relatively small. Many thefts and cybercrimes are not investigated nor prosecuted by federal law enforcement simply because they do not meet a monetary threshold. However, those cases would make excellent and significant state prosecutions. And often the activity quantified is just the tip of the iceberg, further investigation would reveal massive additional criminality.

To improve state and local cybercrime investigation, these steps are needed:

  • Improved training and investigative practice on cybercrime investigation
  • Legal procedural modifications to assist with evidence gathering (e.g., allow a state prosecutor to issue legal process nation-wide for third party records relating to cybercrime)
  • Collaboration and sharing among federal, state, and local law enforcement.

A caveat he because there are a few state officials who seem to have shown a disregard for principles of justice and investigation. For example, one governor brought cybercrime investigative resources to bear against a journalist who had properly reported upon a state's security flaws. Surely, other misuses will occur also. But the point of this article remains true, we need proper investigative techniques used properly against cybercrime. And when investigative resources are misused, that needs to be addressed too.

Improved international cooperation

Cybercrime is an amazing typology because cybercriminals in another country can steal from us without setting foot in our country. This means we need the assistance of other countries to gather evidence and bring offenders to justice. Bringing them to justice means either apprehending them and extraditing them to our country to face justice in our courts, or relying upon foreign courts to bring justice. So we need to:

  • Encourage other nations to cooperate investigating and fighting cybercrime
  • Increase consequences for nations that do not cooperate with cybercrime investigations, or who turn a blind eye.

To improve international cooperation carrots and sticks are needed. Some countries are developing and need assistance and encouragement, others turn a blind eye or actively encourage cybercrime conduct. Our international mechanisms of diplomacy, trade, sanctions, and more can be used with attention towards cybercrime investigations and prosecutions.

Improved cybersecurity is needed, but we cannot "cybersecurity the cybercrime problem" away

Improved cybersecurity is of course important for many reasons. Every person and organization should protect themselves from cybercrime. Organizations hold personal information of consumers and have a duty to protect that as well.

So, cybersecurity can protect us individually as people and companies. I recommend it strongly.

But, improved cybersecurity will not stop cybercriminals, nor address the cybercrime problem in general.

Cybercriminals will continue to attack no matter how much cybersecurity others employ. Build the wall higher or thicker, they will devote time learning how to climb it or break it. The military analogy holds true, there must be deterrence, or they will attack with impunity, no matter how strong the defenses are.

Government strategy to address cybercrime cannot rely solely on cybersecurity. That would be folly. Imagine if government said they would not prosecute theft, burglary, or robbery, and said it was the responsibility of residents to better protect themselves from these crimes. Clearly that cannot work. Government must address investigation, apprehension, and deterrence. Prosecutors must do their job to investigate and prosecute the crimes, and never minimize the importance of that pursuit.


The criminal justice system has an important role in society, and that extends to cybercrime. Our system at all levels must be able to investigate cybercrime and bring offenders to appropriate justice. Cybercrime is an international issue as well, and that requires additional inputs to ensure cooperation of other nation-states.

Additional resources and reading

This article is hosted at, copyright John Bandler, all rights reserved.

This article is also available on at NOT YET (though not kept as up to date).

Originally posted 6/13/2022, updated 6/1/2023.