A report on the effectiveness of the government’s Australian Cybercrime Online Reporting Network (ACORN) reveals the initiative has made little difference to the number of victims reporting cybercrimes and no change in the public’s awareness on where best to report such crimes.
The ACORN website was established to receive reports of cybercrimes from victims, provide the information to law enforcement agencies and give general crime prevention advice to the public and “was expected to become a vital tool that would improve the reporting, gathering and analysis of data to combat cybercrime in Australia”.
It was launched in 2014 as part of the Attorney-General’s Department's National Plan to Combat Cybercrime by then Minister for Justice Michael Keenan.
The system was touted as a “revolutionary new online system for all Australians” which would allow victims to “report criminals in real time”.
“The ACORN represents a revolutionary new model – a national commitment – to work together to ensure a safer and more secure digital environment for all Australians,” Keenan said at the time.
Since its launch police and members of the public have “requested improvements” to ACORN, around “reporting, the underlying business rules for referrals, and management of reports”, the Australian Criminal Intelligence Commission (ACIC), the body responsible for ACORN, told CIO Australia.
Following this feedback, the government’s crime research agency, the Australian Institute of Criminology was commissioned by CrimTrac to evaluate ACORN in 2016.
The resulting report was made public yesterday following a year of freedom of information requests from Queensland University of Technology criminology lecturer Dr Cassandra Cross.
The evaluation found that ACORN had little to no effect on cybercrime reporting rates – one of its main aims.
The report also reveals ACORN to have made “little change in terms of public awareness” around cybercrimes. In some cases victims reporting cyber bullying, sexting, online harassment and stalking to police were told to report it again to ACORN – “if anything, it may have created some confusion and impacted levels of satisfaction among victims” the report says.
Fewer than a third of victims reporting to ACORN were satisfied with the outcome.
“There was evidence that cybercrime victims who reported to the ACORN were less satisfied than cybercrime victims who reported to police through more traditional modes,” the evaluation states.
The initiative was also found to be a strain on resources for police agencies and “has largely shifted responsibility for referring reports between business areas and agencies, rather than reduce the time spent by law enforcement referring reports”.
The evaluation’s authors wrote that a number of issues with ACORN stemmed from the fact the Commonwealth had been responsible for developing the reporting tool, but it is down to state and territory policing agencies to receive, handle and act upon the information.
A number of limitations of the ACORN reporting system were also noted, including “limited interoperability with police information systems, the format of reports produced, the amount of information that is collected and the capacity of the system to automatically group reports over time”.
“This evaluation has shown that, while the ACORN has met its objectives from a process perspective, there remain problems for both victims of cybercrime and law enforcement agencies that engage with the system,” the report concludes.
ACIC says it had been scoping out potential enhancements to address the issues raised in the evaluation two years ago.
“After this evaluation was produced the ACIC began to look at possible enhancements to the ACORN system. We have been working with our partner agencies and stakeholders to scope these possible enhancements,” a spokesperson for the commission said.
One single place to report
In 2015, ACORN received 39,492 reports about cybercrime, with around half relating to online fraud and scams. In 2016, 49,957 reports were received, with slightly fewer – 49,224 – received in 2017. So far this year (to June) 27,876 reports have been made.
A number of victims of cybercrime told the ABC in 2016 that their reports to ACORN were ignored. One individual, recruited to be an ambassador for the service in 2015, told the ABC that they felt reports go “into a black hole”.
In August the government announced it would be replacing ACORN with a new website, cyber.gov.au, which is operated by the Australian Cyber Security Centre, under the Australian Signals Directorate.
“This important step will provide businesses and individuals with one single place to report cybercrime and find advice on cyber security practices,” the government said in a statement at the time.
At present, the cyber.gov.au website is referring victims of cybercrime to ACORN.
“The ACIC will continue to support the ACORN as its administrator until its cybercrime reporting function transfers to cyber.gov.au,” the spokesperson for ACIC added.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.