ACORN users disappointed with outcomes, buried government review found

Just 15 percent of cybercrime victims satisfied with the result of their cybercrime incident report

Credit: ID 112792586 © Sergey Khakimullin | Dreamstime.com

More than three-quarters of the people using the government-backed Australian Cybercrime Online Reporting Network (ACORN) cybersecurity reporting service have been dissatisfied with its lacklustre outcomes, according to an internal government review that was so negative that it was buried for nearly two years.

The Australian Institute of Criminology was enlisted to review the progress of ACORN, a National Plan to Combat Cybercrime initiative that provides an online mechanism for Australians to report fraud, scams, and other cybercriminal activity.

Their final review, which was completed in October 2016, was never released to the public (but has subsequently been published online) until QUT researcher Dr Cassandra Cross, a senior lecturer in the Faculty of Law’s School of Justice obtained it through a freedom of information request that was initially knocked back.

Some 65,000 reports were submitted to ACORN between its commencement in November 2014 and the June 2016 review, with 48 percent pertaining to online scams and fraud and 21 percent related to issues buying and selling online.

The involvement of state police forces, the Australian Criminal Intelligence Commission, Australian Attorney-General’s Department, Australian Competition and Consumer Commission, Australian Communications and Media Authority, and Office of the Children’s eSafety Commissioner had given high-level weight to the ACORN initiative.

However, Cross told the recent AISA National Cybersecurity Conference, consumers were frustrated that they were often caught on a “merry go round”, as Cross put it, where they were passed from one agency to another.

These procedures had complicated enforcement efforts and had, the report found, failed to change public understanding of the appropriate place to report cybercrime issues. Many of the ACORN reports were from people who first approached their local police, then were referred to the ACORN service.

Shaping public awareness

The service had failed to boost public awareness of the role of ACORN as a primary reporting tool, although those that used it were generally happy with the process of using it.

However, a survey of nearly 1800 adults found that the service had failed in its efforts to deliver meaningful outcomes from those incidents that were reported.

Fully 77 percent of the victims who reported incidents to ACORN said the outcome of those reports – only 3 cases out of 65,000 resulted in an arrest – did not meet their expectations. And just 15 percent said they were satisfied with the outcome of their report.

“There are no surprises, really, in the evaluation for me in terms of some of the negative findings,” said Cross, who recently documented her findings in an opinion piece for The Conversation.

“What is really important is that it’s not just about blaming police. There is a much bigger picture here and I think a lot of the issues reflected in the evaluation are the result of factors beyond the police agencies.”

ACORN was particularly disappointing for victims reporting cases of cyber bullying ,online harassment, sexting, stalking, and issues buying and selling online – all crimes whose reporters, as the report’s authors noted, “had higher expectations of offenders being apprehended.”

Police were having trouble keeping up with the extra resources required to track and escalate ACORN incident reports, with some police forces noted to have gotten six weeks behind in processes that often involved “significant resources” due to manually copying ACORN data into the agency’s own information management systems.

“There is a clear disparity in expectations between what victims want and what police can realistically provide,” Cross said, noting that in previous criminological research “victims have very unrealistic expectations of what police resources are out there.”

Victims also underestimate the prevalence of cybercriminal offences, assuming that their cases are unique and deserving of much greater attention than police can actually provide.

Balancing police priorities

The need for police forces to triage cybercriminal reports had also seen many less-critical issues put on the back burner as police prioritised cases such as offences against children and domestic violence.

The number of police investigations into cybercriminal activity had increased dramatically across the period, with NSW Police reporting a “significant increase” in investigation numbers. The WA Police Technology Crime Investigation team, for its part, said investigations into attacks on computer systems had doubled while the unit was investigating 9 times as many online scams and fraud cases.

Yet this higher level of investigations was creating new concerns for resource-constrained police, with many agencies raising concerns that even low-level cybercrime investigations were consuming a disproportionate amount of resources.

“ACORN has largely shifted the responsibility of referring reports between business areas and agencies,” Cross said, “rather than actually reducing the time spent by enforcement.”

Less than one percent of investigations had resulted in offenders being identified or apprehended, while police reported a near doubling in the number of cases finalised because no offence had occurred.

“These results may not be indicative of patterns in other jurisdictions,” the review noted, “but they highlight the challenges associated with relying on information reported by members of the public.”

There was also little evidence that the crime-prevention advice offered through ACORN had impacted repeat victimisation rates. Yet the survey did report improvements in the attitudes of surveyed users: for example, the proportion of users that said it wasn’t worth the effort to report the most recent case of cyber bullying, sexting, online harassment and/or stalking (CBSOHS) had dropped from 55 percent before ACORN was introduced, to 43 percent afterwards.

Interestingly, however, many indicators showed an opposite trend: 30 percent of CBSOHS victims said they hadn’t reported the incidents before ACORN’s implementation because they believed nothing would be done – but this had grown to 39 percent after its implementation.

Respondents were more positive about the likelihood of results relating to issues buying or selling online – with the proportion of people who didn’t think anything would be done dropping from 46 percent before ACORN, to 34 percent after it.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Australian Institute of CriminologyACORN#AISACyberCon18

More about AISAAttorney-GeneralAustralian Communications and Media AuthorityAustralian Competition and Consumer CommissionAustralian Institute of CriminologyNSW PoliceQUTTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts