No Cop on the Beat

Underenforcement in E-Commerce and Cybercrime

Cybercrime has always been under-enforced, but Peter Swire offers a strategy for why and how we can strengthen our systems.

Cybercrime has always been underenforced, but Peter Swire offers a strategy for why and how we can strengthen our systems. (iStockphoto)
Cybercrime has always been underenforced, but Peter Swire offers a strategy for why and how we can strengthen our systems. (iStockphoto)

This paper was delivered today at the "Enforcement, Compliance, and Remedies in the Information Society" symposium at the Fordham Law School. It will be published in a forthcoming issue of the Journal of Telecommunications and High Technology Law Review.

Read the full paper (pdf)

This essay emerges from my ongoing research about how computers and the Internet change the nature of consumer protection law. The essay has developed into a more general theory about why we should expect underenforcement for E-commerce, cybercrime, and Internet harms more broadly. It also recommends a strategy for addressing that underenforcement, focusing on more federal or federated enforcement.

This essay stresses an information problem and a commons problem that have largely been overlooked to date. In brief, the information problem arises because only a tiny fraction of complaints and knowledge about an online fraudster or criminal comes from each jurisdiction. Enforcers thus lack the informational basis for telling “good guys” from “bad guys.” Priority “bad guys” are thus less likely to become the targets for enforcement.

This information problem is compounded by a commons problem. A local enforcer might say: “Why should I spend my scarce prosecutorial resources on a case when most of the victims are outside of my jurisdiction?” In light of the incentives facing enforcement agencies, priority will typically go to cases where many or all of the victims are local. No one will have the incentive to give priority to harms that occur across borders. This is a classic commons problem, because cross-border harms will be left to “someone else.” In short, no one will own these problems, and there will be underenforcement.

These information and commons problems exacerbate the underenforcement problem that has been the focus of the greatest legal attention to date. What might be called the “forensic” problem is the recognition that it is often technically and legally difficult to gather evidence where the perpetrator is physically distant from the victim. The analysis in this essay shows why addressing the forensic problem will not be enough to solve underenforcement for E-Commerce, cybercrime, and Internet harms generally.
The basic response should be to shift toward more federal and federated enforcement. Federal enforcement means a greater role, compared to offline activity, for the Federal Trade Commission in consumer protection and the Department of Justice for cybercrime. Federated enforcement means building new structures, compared to offline activity, to share information among local enforcers and to encourage local enforcers to bring more enforcement actions even when the perpetrator and many of the victims are outside of their jurisdiction.

Part I of the essay explains the information, commons, and forensic problems in greater depth, and explores policy and legal responses to those problems. Part II responds to five possible critiques, which I call: (1) “The Internet hasn’t really changed anything”; (2) “Enforcement works better on the Internet”; (3) “We actually don’t want enforcement for what’s done on the Internet”; (4) “States need to be the laboratories of experimentation”; and (5) “The Feds don’t do small potatoes.”

Read the full paper (pdf)

The positions of American Progress, and our policy experts, are independent, and the findings and conclusions presented are those of American Progress alone. A full list of supporters is available here. American Progress would like to acknowledge the many generous supporters who make our work possible.


Peter Swire

Senior Fellow