Document 14249871
advertisement
Journal Research in Peace, Gender and Development (JRPGD) Vol. 4(2) pp. 27-37, March, 2014 DOI: http:/dx.doi.org/10.14303/jrpgd.2014.013 Available online http://www.interesjournals.org/ JRPGD Copyright © 2014 International Research Journals Full Length Research Paper Using the Cost Element Model to Explain Perpetrators’ Perceptions to Combat Cybercrime in Cameroon: A Structural Equation Model Approach *Eric Akuta Global Institute for Crime Research and Department of Criminal Justice University of the Incarnate Word, San Antonio, Texas *Corresponding author email: akutaeric@yahoo.com ABSTRACT The emergence and rapid diffusion of cybercrime in Sub Saharan Africa within the past two decades has been a menace to the rest of the world especially the developed nations. Four of the world’s top ten countries involved in cybercrime perpetration are in the Sub-Saharan African region with Cameroon inclusive. In Cameroon, several steps including the purchase of latest anti-cybercrime equipment, increase in law enforcement officers, partnership with developed countries and the passing of new laws has been taken to curb cybercrime. These steps have not solved the problem because the rate of cybercrime perpetration has steadily remained on the rise with an increase in Internet diffusion in Cameroon. This study argued that, the solution to cybercrime lies in the adoption of a criminal focused strategy that examines the perception of perpetrators on ways to combat cybercrime. The study begged the question; how can the Cost Element Model be applied to combat cybercrime? To answer this, the study looked at two main variables: the influence Perceived Risks involved in committing cybercrime has on the rate of cybercrime perpetration and the effects Perceived Efforts required to commit cybercrime have on the rate of cybercrime perpetration in Cameroon. The study surveyed 189 cybercrime perpetrators in Cameroon. Applying the Cost Element Model adopted from Clarke’s (1980) Situational Crime Prevention Theory, the study used the Structural Equation Model (PLS) to establish the relationship between the risk and effort involved in committing cybercrime and the rate of cybercrime perpetration. The study concluded that, perceived effort has a partial influence on perpetration rate while perceived risk has a strong influence on rate of cybercrime perpetration in Cameroon. Keywords: Cybercrime, Criminal-Focused Approach, Perceived Effort, Perceived Risk. INTRODUCTION The rapid diffusion of the Internet and its trajectory strongly brings out the importance and influence the Internet and other forms of Information and Communication Technologies (ICTs) have on all world sectors. Blind (2011) and Wartalla and Jennings (2000) indicated that the information and communication technologies, especially the Internet, have not only affected world economies, but have also impacted the society at large including political systems worldwide. Consequently, the Internet is not only the result of innovation in ICT, but also an enabler for various types of innovations in the private, and public sectors, and for broader and more complex innovation processes. As an innovation that spread in the 1990s, the Internet and other forms of ICTs created opportunities for learning, business and interaction that challenged previous traditional patterns. This exposure leapfrogged several technologically backward regions of the world like Africa, which was regarded as “backwards”, into the world of ICT (Collins and Halverson, 2009). These new technologies increase opportunities for several marginalized groups, also allowing them to share in a knowledge base that was 28 J. Res. Peace Gend. Dev. once reserved for a select few in developed countries (Collins and Halverson, 2009). This leap by supposed “backward regions” has not come without a heavy price to the world at large. As Akuta et al (2011) put it, while the world enjoys the benefits of ICTs especially the Internet, it has also been confronted with this heavy price which has been referred to as the unintended consequences of ICTs- Cybercrime. Cybercrime caught the world at large and Cameroon in particular off-guard. This has partly been as a result of the weakness of existing policies and laws, the influence of the establishment and the perception of other stakeholders, especially in the case of Cameroon raising concerns in the corridors of power (Akuta and Akuta, 2012; Longe, 2012). When these concerns are looked at on a global scale as indicated by Serrano (2011), cybercrime is rated as an industry that is worth a hundred and fourteen (114) billion dollars. When the effects of cybercrime are quantified in financial terms, it is realized that the dollar amount lost to cybercrime annually is significantly more than the annual global market for marijuana, cocaine, and heroin combined, thus the need for concern (Serrano, 2011). More concern is raised when reference is made to literature that indicates that out of the top ten countries in the world with a high level of cybercrime prevalence, Sub-Saharan Africa is host to four of these countries. These are regarded as top cybercrime hot spots; Nigeria, Cameroon, Ghana and South Africa. This rate of cybercrime prevalence has triggered a renaissance in the fight against cybercrime in Cameroon, which is ranked second in cybercrime prevalence in Africa after Nigeria and forth in the world after the U.S., Britain, and Nigeria (Akuta et al., 2011). According to reports from the World Bank (2013), points out that, Cameroon is ranked as the riskiest nation in the world for online trade. Because of this surge in cybercrime perpetration, like several countries, Cameroon is executing efforts to solve this problem. New laws and policies are being passed, software is being developed and cyber security equipment are being purchased to enhance the fight against cybercrime. While all these measures are being put in place to fight cybercrime, Akuta, (2012) holds that the fight against cybercrime should involve all stakeholders. Stakeholders in the fight against cybercrime in Cameroon range from the average man on the street that knows and fraternizes with cyber criminals to the administration that enacts decrees and proposes laws passed by the legislature, and the various international organizations set up to prevent and deter cyber criminals from indulging in cybercrime (Akuta et al., 2011). This should be focused towards a preventive action. For a preventive action to take place, Akuta, (2012) suggest that, the principal stakeholder involved in the perpetration of cybercrime-the perpetrators should be the main consulted group especially because this venture is being dealt with in a region where the local community does not necessarily view cyber criminals as ‘criminals’ (Akuta, 2012). To do this, the study was limited to Cameroon because of its uniqueness in the cybercrime surge, and was designed to provide policy makers both at local and international levels with an in-depth knowledge on how the use of a good understanding of cybercrime perpetrators’ perceptions in combating cybercrime can be of importance to craft and implement cybercrime laws and policies that will reduce the rate of cybercrime perpetration in Cameroon. Two questions were put in place: What are cybercrime perpetrators’ perceptions on the antecedents to combat cybercrime in Cameroon? Why do cybercrime perpetrators have the perceptions they have on antecedents to combat cybercrime in Cameroon? This study assumed that: An increase in the amount of effort required to commit cybercrime negatively influences the rate of cybercrime perpetration. An increase in the amount of perceived risk to be faced when committing cybercrime will cause a drop in cybercrime perpetration rate. Once this was determined, the study sort to first find out what laws and policies have been enacted to facilitate the fight against cybercrime, using these laws and policies, what implementation strategies have been tried and how has the establishment handled issues concerning the fight against cybercrime. Having a sound knowledge on these and seeing a rising rate in cybercrime perpetration in Cameroon gave the researcher the basis to argue for the use of a Criminal Focused Approach in fighting cybercrime. Limitations of Existing Cybercrime Laws and Policies According to Lu et al (2006) and Wada (2011), the prevalence of cybercrime in Cameroon in particular and SSA as a whole is due to the inability of existing laws and policies to deter cybercriminals because cybercrime criminals are unafraid of committing crimes in the cyber world due to the fact that relevant laws are less clear and enforcement is less stringent. Existing laws treated computers as property and could only prosecute crimes that involved stealing the whole computer system or destruction of the computer but had no jurisdictional powers over information hackers. Ojedukun (2005) points out that there is no way law enforcement officers within African countries could take action against cyber Akuta 29 criminals unless countries first enacted laws that criminalize the activities in which these offenders engage. According to United Nations Office of Drugs and Crime (2013), the rise in cybercrime perpetration rate in SSA is due to the lawless nature of most SSA countries. In these countries the present laws to prosecute cybercrime are absent and existing laws are grossly inadequate to reduce cybercrime. For instance, in Kenya where, as of 2002, there has been a significant rise in cybercrime, there were no existing laws to deal specifically with cyber criminals. The laws that existed at the time were inadequate and did not specify how perpetrators of cybercrime were supposed to be prosecuted when arrested. Makhanya (2001) cites the example of South Africa where in 2001, the laws that existed were ill equipped to handle Internet and Internet related crimes. For instance, the 1977 Criminal Procedure Act that was implemented in South Africa had nothing to do with the Internet when it was being drafted and so did not make any stipulations that could cure this 21st century malaise. These laws did not take into account offenses that involved the theft and abuse of data as well as programs found on the computer, thus leaving a host of cybercriminals unprosecuted (Makhanya, 2001). The lapse in existing laws that allowed cybercriminals to go unprosecuted in several SSA countries and the alarming rate of diffusion of cybercrime within and without countries’ territorial boundaries, rekindled a reawakening spirit of cybercrime fighting in most SSA governments. This renaissance compelled SSA state governments and regional organizations to enact legislations, laws and form commissions that not only deal with specific crimes but that deal with cybercrimes as a whole (Kioni, 2008). In 1998, the Kenyan parliament passed the Kenya Communication Act (KCA) to address Information and Communication Technology (ICT) mishaps. These mishaps partly stemmed from the fact that an increased use of the Internet and its rapid diffusion was accompanied by crimes that were not virtualized when the 1998 Act was being drafted. This act did not address specific issues concerning cybercrime. For this reason, the KCA was amended twice in 2009 to meet the demands of the time (Wanjiku, 2009). According to the Communication Commission of Kenya (CCK) (2009), the first amendment in section 83U-Z criminalized unauthorized access and interception to computer data and service, modification of computer material, access with intent to commit offenses and unlawful possession of devices and data. This amendment also stipulated jail terms for the aforementioned cybercrimes. The second amendment commonly known as the E- Transaction’s Act of 2009, went a step further to look at limitations to contract formations in the Internet environment, and liabilities of service providers, privacy, security and the use of electronic records and signature to governments. It also addressed the definition of cybercrime and punishment as well as e-signature and private policies (C C K, 2009). Nigeria has also been in the international spotlight for its involvement in cybercrime. Ranked as third in the world behind the United States and Britain, and first within the African continent in the rate of cybercrime perpetration, Nigeria’s conspicuous position has been a trigger factor that has influenced the way the nation handles issues concerning cybercrime (Adomi, 2008; Boateng et al., 2010). Ehimen and Bola (2010) pointed out that there exists no specific law in Nigeria that criminalizes perpetrators of cybercrime directly but there are laws that can be used to prosecute cybercriminals. In 2003, following a presidential decree, there was legislative action that established the Economic and Financial Crimes Commission of 2004. This commission was vested with the power to investigate, prosecute and penalize all economic and financial crimes related to terrorism, money laundering, and drug trafficking and advanced fee fraud. Although these stipulations did not specifically mention cybercrime, EFCC partners with other organizations in the combat against cybercrime because in today’s society most economic and financial crimes are committed with the use of the Internet (Longe and Chiemeke, 2008). To make up for lapses of the EFCC Act, and to specifically address the issue of cyber and cyber related crimes, the Nigerian parliament passed the Computer Security and Critical Information Infrastructure Protection Bill in 2005. This bill, commonly referred to as the Cybercrime Bill, aims to secure computer systems and networks, and protect critical information and infrastructure by criminalizing certain computer based activities (Chawki, 2009); Chawki (2009); Oriola (2005) continue to point out that with the diverging nature of cybercrime and a significant increase in the number of advanced fee fraud cases recorded, the Advanced Fee Fraud and Other Fraud Related Offences Act was passed in 2006. This Act proposed ways to combat online scams and other related cybercrimes by issuing harsher penalties of imprisonment of 5-15 years without the option of a fine. This case is similar to that of the Republic of South Africa, which like Nigeria was ranked among the top ten countries in the world in cybercrime prevalence (Africa News Monitoring Team, 2010). With the most advanced economy on the African continent, and more specifically SSA, South Africa has had its share of a fast rise in unintended consequences of ICTs. With the development of the South African IT sector, there has been a rapid expansion of computer system connectivity. “This rapid expansion of computer connectivity has provided opportunities for criminals to 30 J. Res. Peace Gend. Dev. exploit security vulnerabilities in the on-line environment in fast rising economies like that of South Africa (Broadhurst, 2006). To catch up with this malaise, the South African government passed the Electronic Communications and Transactions Act of 2002 (Cole et al., 2008). Chapter thirteen of the act clearly defines cybercrimes and stipulates penalties for each offense. These crimes were grouped into four categories: those involving unauthorized access to data, interception and interference with data and computer related extortion, fraud and forgery. Understanding the trans-national nature in which cybercrime operates, South Africa aligned with other European countries as the only African country to sign and ratify the council of Europe’s treaty on cybercrime. This treaty obliged member states to criminalize offenders that indulge in any form of cybercrime and also cooperate with each other to investigate and punish culprits guilty of cyber and cyber related crimes (Cole et al., 2008). After Nigeria, as a hub of cybercrime in SSA, Cameroon tailgates Ghana as king of cybercrime prevalence in Central Africa. A 2010 report by the McAfee Cyber-security Firm cites Cameroon as the world’s riskiest destination for Internet surfers with more than a third (36.7%) of websites hosted in Cameroon being suspicious (McAfee Inc, 2009). In line with this, the country, through its Ministry of Post and Telecommunications and the National Agency for Information and Communication Technologies advanced a bill to parliament that allows them to set up a cyberpolice force, define major crimes, and determine legal procedures to help fight cybercrime. Also, the Cameroonian parliament voted for a bill to set up a cyberpolice force to fight the alarming rate of cybercrime in the nation (Mforgham, 2010). While the efforts of Cameroon have rested in the planning phase, countries like Botswana have moved a step further. Botswana passed the Cybercrime and Computer Related Crimes Bill of 2007. This bill defines the jurisdiction of Botswana in crimes that affect its citizens and brings out extradition conditions and procedures of cyber criminals (Cole et al., 2008). The bill also holds accountable Botswana nationals for infringements committed not only in Botswana but outside the borders of Botswana as well, especially within countries like Zambia that shares a common boundary (Botswana National Assembly, 2007). Zambia, on its part developed the Computer Misuse and Crimes Act of 2004 to handle cybercrime issues. The Act dealt with the criminalization of systems’ intrusion, interception of data, and system disruption. It also went further to institute harsh penalties for cybercrimes including prison sentences of up to twenty-five years (Cole et al., 2008). Though all these laws and policies have been enacted by various SSA countries, the enactment of outstanding legislatures and crafting of policies with extremely harsh punitive measures will serve at nothing if the implementation process is taunted. Role of Implementation Strategies Applied Lu et al (2006) stated that the high level of cybercrime perpetration is due to the fact that relevant laws and policies are less clear and enforcement is less stringent. To confirm this assertion with a look at the perceptions of cybercrime perpetrators in Cameroon, there is a strong need to examine the practical steps that have been taken to implement the existing laws and policies in SSA as a whole and Cameroon in particular. For instance, in Nigeria, the creation of the Economic and Financial Crimes Commission (EFCC) was a bold step towards the fight against cybercrime. EFCC’s ascension to the power throne of crime fighting in Nigeria ushered in the creation of specialized units that saw the effective investigation and prosecution of offenders, and training of staff including the general and asset investigation unit, the legal and prosecution unit and the training unit. While the training unit has been able to organize sessions where law enforcement officers have been trained on eradicating crime, the investigation unit created a monitoring and intelligence unit that assisted in the gathering of information to facilitate investigation (Anadi and Jones, 2011). To facilitate the investigation of cybercrime, Operation Eagle Claw was launched. In this operation, software that facilitates the sniffing out of fraudulent emails, called eagle claw software, was developed and deployed (Oates, 2009). It also instituted and carried out an aggressive campaign to educate the public on whistle blowing and the ills of cybercrime through the use of local media, public and private institutions and all levels of educational establishments (Maska, 2009). Even with all of these efforts, once the Nigerian administration, through the EFCC, recognized that the fight against cybercrime could not be won by a single nation or organization, they alongside the Nigerian government, partnered with other countries and organizations including the United Nations, other African and West African countries, the African Development Bank, INTERPOL, Microsoft, Western Union, Yahoo, Google, and Coca Cola to explore collective ways of combating this malaise (Chawki, 2009; ANMT, 2010). This partnership opened the way for the Nigerian government to take strong steps towards curbing cybercrime by creating a central agency to enforce crime laws, and regulate cybercafés by imposing a ban on the operation of overnight cybercafé services. These efforts have been buttressed among other things Akuta 31 by the amount of funds received by various anti-crime commissions. In 2004, the EFCC received an initial funding of approximately $2 million U.S. dollars from the Nigerian federal government and about $32 million U.S. dollars from 2005-2009 from the European Union. In the same year (2004), NCWG received about seven hundred thousand US dollars from the Nigerian Federal government to allow them the ability to smoothly carry on their responsibilities (Adomi, 2008; Adeleye, 2009). Like Nigeria, the fight against computer crimes according to Mukinda (2009) has spread through the nooks and crannies of Kenya. Kenya revamped its Cyber Crime Unit of the police force by embarking on a program to adequately train its law enforcement officers on handling cybercrime offenders. In 2009, 18 police officers were sponsored to receive four months of specialized training in the United States on emerging Internet-based criminal trends and the use of specialized equipment to track down cybercriminals. This was followed by a retraining of other members of the Cyber Crime Unit by their colleagues who had been trained in the US. This training gave the police force the ability to implement set policies. To continue with sound implementation efforts, Kenya Network Information Center (KENIC), which works under the auspices of the Ministry of Information and Communication and the Kenya police, established a Computer Security Incidence Response Team (CSIRT). This response team relays computer and network related security threats and vulnerabilities to the local Internet communities, and sends out a weekly newsletter of recorded activities to members on the CSIRT mailing list (Akuta et al., 2011). On the contrary, according to INTERPOL (2009), Cameroon fostered cybercrime laws and policy implementation efforts by signing an accord with international organizations to create and eventually establish a sub-regional bureau of INTERPOL in Yaoundé that serves the entire Central African region. This accord has helped to fight trans-border crimes like cybercrime, vehicle theft, and piracy, amongst other things. This has been a major boost to the law enforcement agency that has in many cases used this accord to facilitate the fight against cybercrime. The signing of this accord was accompanied by the President of Cameroon signing and providing Visa waiver status for all personnel operating on INTERPOL passports. He also called on all Central African leaders to do the same so as to allow swift apprehension of cyber and cyber related criminals (INTERPOL, 2009). The involvement of other African leaders with the Cameroonian government came with a mass effort to fight cybercrime from a trans-border point of view. The government, together with INTERPOL organized a working session that involved all police chiefs in Central Africa to discuss, be educated and adopt steps that could be taken by the region to fight transborder crimes. This included partnering with international organizations like the United Nations, and the creation of specialized units and training of specialized law enforcement officers on how to handle 21stcentury crime, headed by crime involving the use of the computer (Mosima, 2009). The partnerships that Cameroon created with other countries and International Organizations was preceded by the creation of the National Information and Communication Infrastructure (NICI) in 2001 to wage a 10 year fight from 2004 to 2015 against cybercriminals in Cameroon (Economic Commission for Africa, 2006). By 2006, the degree that created the NICI was revisited by the Presidency partly due to the rapid diffusion of cybercrime and the inability of NICI to take over the Ministry of Post and Telecommunications. Two things were amended; the name was changed to the National Agency for Information and Communication Technology, (ANTIC) and the agency was placed directly under the auspices of the Presidency in association with the Ministry of Post and Telecommunications, which had overseen the creation of NICI towards the fight against computer crime (Asongwe, 2012). The implementation strategies put in place in various countries including Cameroon were in a bid to bring down the rate of cybercrime perpetration. Role of Neo Institutions Both the enactment and implementation of laws and policies to fruition as mentioned above depends very much on the collaboration of all stakeholders. These stakeholders when categorized under their various functions form what (Longe, 2012) refers to as the play of Institutions. These institutions influencing cyber-attacks, according to Longe (2012) reside at different levels including global, national, local, social network, professional, industrial, inter-organizational and intraorganizational. In like manner, Akuta et al (2011) points out that the stakeholders who make up the various institutions transcend established institutions like international organizations, governments of various nations, legislatures, through banks, law enforcement agencies, and anticrime commissions to relations, friends and members of the community where these cyberattacks emanate to the cybercriminals themselves. A look at these institutions allowed the researcher to revisit the idea that institutions play a salient part in influencing the perpetration of cyber-attacks both directly and/or indirectly. This intentional or unintentional part played by institutions portrays the strategic influence the perception of institutions has on the fight against cybercrime (Longe, 2012; Akuta et al., 2011). There is a significant difference 32 J. Res. Peace Gend. Dev. in the perceptions of stakeholders on ways to combat cybercrime perpetration at the national level of analysis. Methodology From the review of the work done by previous authors, questionnaire items that are relevant to the constructs in this study were identified. The main constructs were developed based on existing measures as drawn from Clarke’s Situational Crime Prevention Theory as expounded by Arkers, (2004) who have used the same theory to test crime. Constructs developed from the work of these authors included: Perceived Effort to Commit Crime and Perceived Risk of being Caught Committing a crime. Although most items used in this study were based on previous empirical studies, the actual measurement scales to capture the context of this study were developed by this researcher. Once that was done, questionnaire items were modified to match this study on cybercrime perpetrators’ perceptions in Cameroon. Also, important concepts in the survey were defined in order to provide the respondents with a clearer understanding of the questionnaires. To get the most appropriate data for this study, the researcher solicited experts in the perpetration of cybercrime in Cameroon. The expert group targeted here is the cybercrime perpetrators themselves. There is no better group to get the perceptions of cybercrime perpetrators from than from the perpetrators themselves. Thus, cybercrime perpetrators in Cameroon who are considered to be the most important but neglected stakeholder, served as the expert group in this study. In line with this, Beebe & Rao (2005) argue that the main focus on solving crime should be directed towards the criminals thereby enhancing a Criminal Focused Research. They argue that crime prevention is achieved by influencing the would-be criminal’s decision-making process through various environmental and protection measures known as situational factors. The hypotheses of this study were tested with the use of both quantitative and qualitative data. While the perceptions of cybercrime perpetrators was tested quantitatively, the qualitative data was used to test the reasons why perpetrators had the perceptions they exhibited. This was done with the use of open-ended questions. The unit of analysis used in this study is cybercrime perpetrators drawn from four main cities in Cameroon. This was done with the aid of paid informants who claimed to be former cybercrime perpetrators. To achieve this, the researcher developed a seven step Likert scale that assisted in the measurement of the two major variables. The administration of the survey was done using a very rigorous and covert approach to ensure that the study validity addressed the questions the researcher posed concerning the perceptions of cybercrime perpetrators in Cameroon. The questionnaires, which gathered principally primary data, were administered using a web-based survey system.The initial mail sent out for responses did not result in the researcher having the desired response rate. This led to the researcher bringing in a paid inside informant and also played the part of a non-participating undercover for some of the viable perpetrators whom this study found very valuable. This greatly improved the response rate of 31.7 with a sample size of, N=189 which was regarded as sufficient for the study. According to Chin (1998), the required number of cases for a PLS analysis of this sought is 10 times the number of indicators. To make sure the respondents were actually cybercrime perpetrators, the researcher secretly requested the services of cybercafé operators who dealt with the perpetrators on a daily basis for confirmatory identification. The quality of data collected was verified in terms of its validity and reliability with a look at the exploratory factor analysis, Cronbach’s alpha, composite reliability and indicator loadings, weights, and the Average Variance Extracted. The study employed the Structural Equation Model (SEM) using Partial Least Squares (PLS) algorithms to obtain better results. Once PLS was applied, the researcher evaluated the measurement and the structural models simultaneously. The measurement model was examined for convergent and discriminant validity. The structural model provided the required information that is needed to evaluate the hypotheses in the research model. FINDINGS AND DISCUSSION The Cost Element, as stated in this study, refers to the variables that require the Perpetrators to put in some effort, risk or time to perpetrate cybercrime (Clarke, 1997). In this study, the researcher used the following variables to make up the Cost Element Model; Perceived Risk and Perceived Effort to commit cybercrime. The researcher conducted PLS analysis on the cost element model of perpetrator’s perceptions to find out the contribution of cost element constructs on the overall model. The table below displays R2 for each endogenous construct in the model. According to the results, the constructs explain 56% of the perception of perpetrators on cybercrime perpetration rate. The table indicates the coefficients of all hypothesized paths in the model with the significance. The model indicates that Perceived Risk significantly influenced perpetrators perceptions with path coefficients of 0.629 and Perceived Effort partially influenced perpetrators perceptions with a path coefficient of 0.173. Akuta 33 Table 1. Descriptive Statistics of Questionnaire item responses N Min Cybercrime Perpetration Rate (RP) RPCP 189 1 Max Mean 7 0.700004 Σ 0.059101 RPEO 189 1 7 0.710008 0.058072 RPER 189 1 7 0.770037 0.043494 RPID RPSL 189 189 1 1 7 7 0.713579 0.693396 0.064522 0.069222 Perceived Effort to Commit Cybercrime (PE) PEAF 189 1 7 0.657326 0.092289 PECR 7 0.629643 0.116253 189 1 PEPR 189 1 7 0.697092 0.091932 PEPS 189 1 7 0.752351 0.067277 PETS 189 1 7 0.739949 0.070979 Perceived Risk to Commit Cybercrime (PR) PRBF PRCD 189 189 1 1 7 7 0.707420 0.058642 0.756204 0.054167 PRLP 189 1 7 0.648609 0.075058 PRRT 189 1 7 0.766212 0.05160 PRSC 189 1 7 0.731311 0.059505 Table 2. Responses to Categorical Demographic Questions Targeted City Yaoundé Douala Bamenda Buea Gender Male Female Highest Level of Education Primary (Elementary) Secondary (Middle) High School Undergraduate Post Undergraduate Age Group 10-18 19-27 28-36 Perceived Effort on Perpetration Rate Perceived Effort to commit cybercrime was one of two constructs that made up the Cost Element Model. It was N 57 46 45 41 % 30.2 24.3 23.8 21.7 N 115 74 % 61 39 N 14 46 39 53 37 % 9 25 22 28 20 N 37 107 48 % 20 57 25 the first hypothesis (H1), stated by the researcher that suggested that an increase in the perceived amount of effort required to commit cybercrime negatively influences the rate of cybercrime perpetration. This 34 J. Res. Peace Gend. Dev. Figure 1. Cost Element Model Indicators Constructs Dependent Variable Table 3. Path Coefficient and R2 for Cost Element Model Independent Variables Perceived Effort Perceived Risk Path Strength Dependent Variable Path T P(t) Perpetration Rate 0.173 2.654 0.022 Perpetration Rate 0.626 9.903 0.000 R2 0.55 Note. Solid arrows represent significant relationships at the 5% level of significance R2 = the coefficient of determination construct was explained by the following indicator statements: available private chat rooms in cyber cafés provide a conducive environment for cybercrime perpetration; privacy secured cyber cafés provide the preferable environment for cybercrime perpetration; the closer one moves towards urban areas, the more access they have to Internet connectivity; the request for detailed identification information will be a hurdle to requesting home Internet subscription; and sharing the same home with parents or guardians limits one’s ability to engage in cybercrime activities. This hypothesis, as observed, was partially supported by the results obtained. The perceptions of Perpetrators indicated that preference was given to cyber cafés with private chat rooms than those without. The study revealed that the usage of cyber cafés with private chat rooms was skewed towards the female perpetrators than towards the male perpetrators. Over 82% of female cybercrime perpetrators surveyed agreed that they engaged primarily in sex related cybercrime. This warranted them to expose sensitive sexual parts of their bodies and or perform sexual acts at the request of potential clients. For this reason, they needed more privacy than male perpetrators thus the high demand for private chat rooms. Female perpetrators held that the elimination of private chat rooms from cyber cafés would be a serious blow to their brand of “business”, in spite of the fact that Face-book has presented them with the opportunity to easily share their story with potential clients. This accounts for the reason for which many of them created several Face-book accounts with different aliases. In the same light, 62% of perpetrators preferred to engage in cybercrime in cyber cafés that were less exposed to the public, mainly because it reduced the risk Akuta 35 Table 4. Results of Hypothesis Testing for Model of Perpetrators’ perceptions Hypothesis H1 H2 An increase in the perceived amount of effort required to commit cybercrime negatively influences the rate of cybercrime perpetration. An increase in the perceived amount of risk involved to commit cybercrime negatively influences cybercrime perpetration rate. of being caught by law enforcement officers. It should be noted that perpetrators did not see the idea of being arrested in itself as an issue, the reason for which they feared arrest is because once arrested, they would lose a reasonable amount of money for what they termed “settlement to the police” (bribing their way out of prosecution) and not because they were afraid of being prosecuted and incarcerated. Perpetrators also revealed that though cybercrime is purely an urban and education skewed crime, they would have preferred rural settings to perpetrate cybercrime because it took them away from the lamplight of tight urban security. However, this was not possible because of the lack of Internet connectivity in the rural areas of Cameroon. Thus cybercrime is undeniably an urban crime reserved exclusively for the educated class (Adomi and Igun, 2008). In discussing security, perpetrators were of the perception that having varying types of security devices placed in cyber cafés would not act as a deterrence factor to them. Only those that had just began or were amateurs would see this as a setback mainly because they depend heavily on cyber cafés, which are relatively cheap. Also in the category to be affected by security devices in cyber cafés are perpetrators that shared rooms with siblings or lived in the same house with parents or guardians. Others held that they were not worried about such security moves because they could afford to install Internet services in their homes. At this juncture, the question of instituting tougher Internet subscription terms was introduced. For an individual to get home Internet subscription, he or she had to provide detailed identification information to the Internet providers who in turn submit information to law enforcement officers when necessary. Perpetrators indicated this would not be a problem because most of them use aliases to acquire Internet subscriptions. One of the reasons for which this indicator was considered to be moderately supported is because perpetrators indicated that they could circumvent the issue of providing their real identity by bribing police officers who are in charge of Identification Cards production to establish an Identification card carrying their image but with a fake name. Finally, 70% of perpetrators agreed to have a tough time engaging in cybercrime from a home that is shared with their parents or guardians. This had to do with the long hours of work put in, the types of friends involved and the kinds of discussions they get involved in when they have to talk with potential victims on phone. Results Partially Supported Strongly Supported Perceived Risk on Perpetration Rate The second hypothesis tested (H2), postulated that an increase in the perceived amount of risk involved to commit cybercrime negatively influences the cybercrime perpetration rate. This implied that the greater the perceived risk by cybercrime perpetrators the lower the rate of cybercrime perpetration. This was the second strongest construct in the main model measured with path coefficient of 0.354 and a 0.000 P-value at the 0.05 level of significance. Note that a higher path coefficient indicates a strong relationship between the construct and the dependent variable, while a low p-value indicates a significant effect of the construct on the dependent variable. One of the greatest things that scared perpetrators was the idea of being caught. Thus the higher the risk, the lower the perpetration rate and the lower the risk of being caught the higher the rate of perpetration. The hypothesis was therefore strongly supported. It should be noted that Perceived Risk is one of the constructs that make up the Cost Element model. It was flanked by the following indicator statements; there is an increase in the risk and difficulty to perpetrate cybercrime with the introduction of security cameras in cyber cafes; there is an increase in the risk and difficulty to perpetrate cybercrime with the introduction of website censor devices on all computers in cyber cafes; there are available tough laws that prescribe sanctions for cybercrime perpetrators; the introduction of a cybercrime specially trained branch of the rapid intervention unit (BIR) would be a major deterrence factor for cybercrime perpetrators; and with bribe free law enforcement officials in Cameroon, the risk of engaging in cybercrime becomes enormously high. Perpetrators perceived that the introduction of security cameras in cyber cafes would pose a great threat to their attempt to engage in cybercrime perpetration. To them, one of the main reasons, aside from accessibility to engage in cybercrime perpetrating activities from cyber cafes, is the presence of secured privacy. Most cyber café operators are aware of the activities of perpetrators and provide a safe, confined and uncensored environment suitable for their activities. The presence of security cameras means that anybody who visits the cyber café could be visually identified. Perpetrators also indicated that the idea of installing security cameras becomes more complicated when Central Processing Unit censor devices are installed on all computers in the 36 J. Res. Peace Gend. Dev. cyber café. To them, the presence of these two measures raises the risk of being caught and thus reduces the zeal to engage in cybercrime activities in a cyber café. Though they thought a solution to this would be subscribing to Internet connection in their homes, despite the fact that it was more expensive, the idea of providing detailed identification information when subscribing for Internet home connection as mentioned before closes this lapse. With the idea of available tough laws and well-defined sanctions against cybercrime perpetrators, the researcher was amazed to find that though 63% of respondents actually thought there were established laws against cybercrime perpetration, all of them were also of the opinion that these laws were a window dressing and could be circumvented. On the other hand, none of them could say what the newly enacted cybercrime law or any other existing law stated about cybercrime perpetration. The perpetrators were of the perception that any such laws could only have an effect if law enforcement officers stopped accepting bribe. This led to the idea of instituting a cyber-security branch of the Rapid Intervention Unit Force, commonly known by its French acronym BIR ‘bee’. 73% of perpetrators surveyed indicated that they would consider stopping the perpetration of cybercrime if the BIR were to engage in cyber security efforts. Presently in Cameroon, the BIR is regarded as the most deadly, brutal, merciless and community unfriendly special force that keeps law and order in the country during special moments as deemed by the administration. Perpetrators indicated that the main reason for fearing the ‘bee’ is because they do not offer the latitude to propose a settlement amount. They held that with the regular police force, when they are in the process of receiving a large amount of money (25,000,000 FRS or $50,000), they requested police protection. Having police protection allowed them to ‘settle’ with just that group of police officers, and not get harassed by others. It was surprising to learn that among the perpetrators were spies for law enforcement officers. These spies were not there to feed the police district with information, but to tip off officers who would subsequently come in and offer their protective services in return for compensation. It is worth mentioning that a request to talk to some of these law enforcement officers was unequivocally turned down. CONCLUSION The study concludes that, 56% of the cybercrime perpetrated in Cameroon can be curbed by significantly increasing the risk of engaging cybercrime perpetration and making it more time consuming to go through the process of committing cybercrime. This will still be done with the use of laws, policies and software that targets risk and effort. Thus, with an increase in the opportunity reducing technics in cybercrime perpetration, there will be a significant drop in the rate of cybercrime perpetration witnessed in Cameroon and other countries south of the Sahara with the same demographics as Cameroon. While this study explains 56% of the rate of perpetration, there is a need to find out what accounts for the 44% that has not been accounted for by the Risk and Effort variables. The study suggests a look at two more perpetrators centered models; Benefit Element Model and the Justification Model. REFERENCES Adeleye S(2009). EFCC may lose $32million EU funding, Nigerian Compass. Retrieved January13, 2011 from http//www. compassnewspaper.com/~compas/NG/index.php?option=com _content&view=article&id=10237: efcc-may-lose 32m-eufunding&Itemid. Adomi E, Igun S(2008). Combating Cybercrime in Nigeria; the Electr. Libr. 26(5): 716-725. Africa News Monitoring Team- ANMT (2011). Nigeria, Ghana in world cybercrime rankings, retrieved Feb., 7, 2011 from http://www.africanews.com/site/Nigeria_Ghana_in_world_cyber_cri me_ranking/list_mesages/36409 Akers R, Jennings W(2009). Social Learning Theory; SAGE Publ. Akuta E(2012). An Exploratory Multi-Method Analysis of Cybercrime Perpetrators’ Perceptions to Combat Cybercrime in Sub Sahara Africa; the Case of Cameroon; Doctoral Dissertation, Southern University Baton Rouge, USA. Akuta E, Akuta E(2012). In the Mind of the Cybercriminal; A Look at Involvement and Achievements of Cybercrime Perpetrators in Cameroon; Proceedings of the 2012 Louisiana Academy of Sciences Conference, March 3, 2012; Alexandria, Louisiana. Akuta E, Ong’oa I, Jones C(2011). Combating Cybercrime in Sub Saharan Africa; a Discourse on Law, Policy and Practice. J. Peace, Gender and Devel. Studies.1(4): 129-137. Anadi A, Jones C(2011). The Economic and Financial Crimes Commission (EFCC) Creation, Functions, Competence and Impact in Nigeria. Proceedings of the 2011Information Communication Technology Conference for Africa Nigeria. are Internet Access Points in Playing? European J. Social Sci. Pp. 6-4. Asongwe P(2012). E-Government and the Cameroon Cyber Security Legislation 2010: Opportunities and Challenges. The Afr. J. Infor. Communication. Pp. 12. Beebe N, Rao V(2005). Using Situational Crime Prevention Theory to Explain the Effectiveness of Information Systems Security. Proceedings of the 2005 Softwars Conference, Las Vegas, NV, December. 2005. Blind K(2011). The Internet as Enabler of New Forms of Innovation: st New Challenges for Research. Proceedings of the 1 Berlin Symposium on Internet and Society; October 25-27, Berlin Germany. Boateng R, Longe O, Mbarika V(2010). Cybercrime and Criminality in Ghana: Its Forms and Implications.Proceedings of the sixteenth Americas Conference on Information Technol. August 1215, Lima, Peru. Botswana National Assembly (2007). Cybercrime and Computer Related Crimes Act of 2007. Broadhurst R(2006). ‘Content Cybercrimes: Criminality and Censorship in Asia’ Indian J. Criminol. 34(1-2):11-30. Retrieved Feb., 7, 2011 Akuta 37 fromhhttp://ceps.anu.edu.au/publications/pdfs/broadhurst_pubs/broa dhurstcontent_cybercrimes.pdf Chawki M(2009). Nigeria Tackles Advanced Fee Fraud. J. Infor. Law and Technol. 1: 1-18. Chin W(1998). The Partial least squares approach to structural equation modeling, Modern methods for business Res. G. A. Marcoulides (ed.), London. 295-336. Clarke R(1980). Situational Crime Prevention: Theory and Practice, Bri. J. Criminol. 20: 136-147. Clarke R(1997). Situational Crime Prevention: Successful Case Studies, Harrow and Heston Publishers: Guilderland. Pp. 1-357. Cole K, Chetty M, Larosa C, Rietta F, Schmitt D, Goodman S(2008). Cyber securityin Africa; an Assessment, Sam Nunn School of International Affairs. Collins A, Halverson R(2009). Rethinking Education in the Age of Technology: the Digital Revolution and the Schools. The Digital Revolution and the Schools, New York, USA. Communication Commission of Kenya (2009). The Kenya Information and Communication Act,retrieved Feb., 7, 2011. from http://www.cck.go.ke/regulations/downloads/KenyaInformationCommunications-Act-Final.pdf. Ehimen R, Bola A(2010). Cybercrime in Nigeria; Bus. Intel. J. 3(1): 9398. INTERPOL (2011). About INTERPOL; Kenya Police http://www.interpol.int/public/icpo/default.asp Department (2010) Structure and Organization of Kenya Police www.kenyapolice.go.ke. Kioni M(2008). Are cybercrime laws in Kenya adequate? Kenya-bye; the Kenyan ICT Longe O(2012). Guilty as Charged: Neo-Institutionalization of Cyber Criminality. Universidad del Este (UNE) in Room LG 101, th Pasillo/Hall G. March 5 from 6:00pm to 7:30pm. Lecture. Longe O, Chiemeke S(2008). Cybercrime and Criminality in NigeriaWhat Roles Lu C, Jen W, Chang W, Chou S(2006). Cybercrime and Cybercriminals: An Overview of the Taiwan Experience. J. Computers. Pp. 1-6. Makhanya P(2001). Hackers stealing millions from KZN firms; Computer/IT, Retrieved June 21, 2010 from http://www.iol.co.za/index.php?click_id=115&art_id=ct20010514212 507126C16 26355 Maska MU(2009). Building national cyber security capacity in Nigeria: the journey so far, Regional cyber security forum for Africa and Arab states, Tunis, 2009, Retrieved February 7, 2011 from http://www.itu.int/ITUD/cyb/events/2009/tunis/docs/maskanigeriacybersecurity- june-09.pdf McAfee Inc (2009). McAfee Reveals the Riskiest Web Domains to Surf and Search, McAfee’s Third Annual Report Retrieved January 23, 2011 from http://www.mcafee.com/us/about/news/2010/q4/20101026-02.aspx Mforgham S(2010). Cameroon: 22 Internet Fraudsters Arrested, Africa News, Retrieved February18, 2011 from http://www.africanews.com/site/Cameroon_22_Internet_fraudsters_ arrested/list messages Mosima E(2009). Fighting Trans-National Crime Police Officers Mobilized, Cameroon Tribune; Retrieved January 27, 2011 from http://allafrica.com/stories/200909090372.html Mukinda F(2009). Kenya Police Retrain 18 Officers to Fight Cybercrime; the nation, Retrieved February 12, 2011 from www.nation.co.ke/News/-/1056/510···16uhn/-/ Oates J(2009). Operation Eagle Claw Nets 18 Nigerian Spammers, the A Register Retrieved January 27, 2011 from http://www.theregister.co.uk/2009/10/23/nigeria_police_success. Ojedokun A(2005). the Evolving Sophistication of Internet Abuses in Africa, the Int. Infor. Libr. Rev. 37: 11-17. Oriola T(2005). Advanced Fee Fraud on the Internet: Nigeria’s Regulatory Response. J. Infor. LAW and Technol. 21: 237-248. sector issues and opinions, Retrieved February 7, 2011 from http://kenyabyte.blogspot.com/2008/10/are-cyber-crime-laws-inkenya-adequate.html. Serrano A(2011). Cybercrime Pays: A $114 billion Industry; the Fiscal Retrieved March 24, 2012 from Times; http://www.thefiscaltimes.com/Articles/2011/09/14/CyberCrimePays-A-114-Billion-ndustry.aspx#page1. UNODC (2013). Comprehensive Study on Cybercrime; United Nations, USA. Wada F(2011). The Impact of Information and Communication Technology on Banking Institutions: Theoretical Policy Perspective of Cyber Crime in Nigeria, Doctoral Dissertation, Southern University Baton Rouge. Pp. 87-88. Wanjiku R(2009). Kenya Communication Amendment Act (2009); Progressive or Retrogressive? Association for Progressive Communications (APC). Wartella A, Jennings N(2000). Children and computers: New technology, old concerns. The Future of Children. Pp. 10-31. World Bank (2013). World Development Indicators; International Bank for Reconstruction and Development; World Bank, USA. How to cite this article: Akuta E. (2014). Using the Cost Element Model to Explain Perpetrators’ Perceptions to Combat Cybercrime in Cameroon: A Structural Equation Model Approach. J. Res. Peace Gend. Dev. 4(2):27-37
