ABSTRACT
The application of ‘offline’ crime prevention strategies to online contexts has been well debated in the criminological literature (Dupont, 2004; Huey et al., 2012; Lessig, 1999; Levi and Williams, 2013; Newman and Clarke, 2003; Wall and Williams, 2007; Williams, 2004, 2006, 2007; Williams and Levi, 2015; Décary-Hétu and Giommoni, 2016; Dupont, 2016). This body of work takes as its focus the criminal event rather than the criminal, though of course neither can exist without the other. This is particularly salient to the study of cybercrime, as (a) we rarely have access to a sufficiently broad range of cybercriminals to study their motivations (due to low levels of apprehension) and (b) cybercriminal events are in abundance and leave behind digital signatures for analysis. The impact of situation and other ‘differential association’ elements in offending was first espoused by Sutherland (1947). Given the difficulties in apprehending cybercriminals, and the problems with addressing their motivations, measures directed at the cybercrime event that involve the management, design and manipulation of the online environment in a systematic and permanent way may have the desired effect of crime reduction (Clarke, 1983; Willison and Siponen, 2009). While primary, secondary and tertiary crime prevention strategies can be adapted to operate within the online context, situational crime prevention is potentially the most effective given the nature of the technological environment. Situational techniques focus on the foundation of the Internet: technology or code. Alterations in code can prevent suitably motivated offenders from engaging in cybercriminal behaviour. The toughening of code – removing loopholes and weak points – has the systematic effect of increasing the perceived effort, increasing the perceived risks and reducing the anticipated rewards of deviant online activity (Clarke, 1983): but as many corporations and governments, as well as individuals, have discovered to their financial and reputational cost, this conceptual goal is hard to achieve behaviourally, and is not a permanent one-time fix but rather an ongoing struggle (see also Ekblom, this volume). This chapter is organised as follows: (i) the manifestation and trends in cybercrime; (ii) an overview of current prevention initiatives in practice at a European and UK level; (iii) a conceptual discussion of primary cybercrime prevention; and (iv) a discussion of contemporary empirical studies that test the effectiveness of prevention initiatives in practice through the application of routine activities theory.
