Evaluation of the Investigative Powers for the 21st Century Initiative
3. Evaluation Methodology
An interdepartmental Evaluation Working Group was established to support the evaluation by providing inputs, advice and suggestions regarding the design and conduct of the evaluation. The Working Group was established at the outset of the evaluation and included IP21C officials and representatives from evaluation units from each of the federal partner departments.
The methodology for this evaluation included multiple lines of evidence and employed the following data collection methods:
3.1. Document Review
The main internal documents reviewed included the following:
- IP21C Initiative Performance Measurement Strategy (April 2016).
- Fact sheets, PowerPoint decks and primers on the Bill C-13 legislative changes, prepared by the Criminal Law Policy Section (CLPS) and International Assistance Group (IAG), Justice.
- Documents related to the 2017 National Security consultations and 2018 National Cyber Security Strategy.
3.2. Review of Performance Information
As part of the Initiative’s performance measurement strategy, IP21C officials compiled performance data associated with each of the intended outcomes. At the time of the evaluation, information was available for three years: 2015-16 to 2017-18 inclusive. This data was reviewed for the purposes of the evaluation.
3.3. Literature Review
A focussed literature review was undertaken of articles and reports that provide information on such topics as trends in cybercrime and challenges to law enforcement; Europol’s annual Internet Organised Crime Threat Assessment (IOCTA); and assessment reports by the Council of Europe related to implementation of the Budapest Convention by Member States. In addition, an online search to identify court cases pertaining to the IP21C investigative powers between March 2015 and March 2019 was conducted and relevant case law was reviewed.
3.4. Review of Trends in Cybercrime and Computer-Assisted Crime
This review focussed on the collection and analysis of data on the incidence, investigation and resolution of two general categories of crime involving computer services:
- Cyber-dependent crimes: offences that can only be committed using computers, computer networks or the Internet, and target the computers and computer systems of individuals and organizations (also referred to as “technology-as-target” offences).
- Cyber-enabled crimes: “traditional” offences that are facilitated, or the reach and effects magnified, by the use of computers and the Internet (also referred to as “technology-as-instrument” offences).
Documents reviewed for this trends analysis related to the reporting of cybercrimes to police services in Canada, Eurobarometer surveys in Europe that included questions on cyber security incidents experienced by members of the public, and surveys of business organizations in Canada, and business and charitable organizations in England and Wales, regarding approaches to cybersecurity and cyber incidents.
3.5. Key Informant Interviews
A total of 36 key informant interviews were conducted, consisting of both internal and external key stakeholders. The breakdown is as follows:
- IP21C officials (headquarters and regions) from Justice, PPSC, RCMP and GAC. (24 interviews)
- Other GOC Departments with linkages to IP21C Initiative activities (Public Safety Canada and Innovation, Science and Economic Development Canada). (2 interviews)
- Domestic stakeholders (law enforcement and prosecution), including representatives from the law enforcement and provincial prosecution service communities (municipal and provincial police forces, provincial attorneys general). (3 interviews)
- Domestic stakeholders (other), consisting of major TSPs. (4 interviews)
- International stakeholders, consisting of justice officials in other countries (U.S.) and representatives of international entities (Europol, Council of Europe) where the IP21C Initiative has participated in working groups or consulted on issues related to cybercrime. (3 interviews).
In reporting the findings from the interviews, the following scale was used:
- A few: 10% to 15% or less
- Some: 15% to approximately 40%
- Many: more than 40% to approximately 60%
- Most: more than 60% to approximately 80%
- Almost all: more than 80%.
3.6. Limitations
The evaluation encountered a few methodological limitations or challenges, as discussed below by line of evidence.
Review of trends in cybercrime and computer-assisted crime. Many published surveys and estimates of the scale of cybercrime and its impacts are considered unreliable, incomplete, and/or inconsistent. In turn, these data weaknesses give rise to limitations in the evidence base to inform the development of cybercrime policies, response strategies and allocation of resources, not to mention the assessment of actions taken. Principal weaknesses and challenges identified in the literature reviewed include the following:
- Under-reporting of cybercrime incidents to the police and other authorities by individuals and organizations.
- Limited identification and differentiation of cyber-dependent or cyber-enabled incidents in crime reporting systems.
- Poorly designed survey methodologies for estimating victimization rates and impacts. The “gold standard” for measuring the incidence of cybercrimes is random probability sampling using a sufficiently large and stratified sample to obtain reliable representation, to enable the preparation of sound estimates of overall rates of cyber incidents and impacts.
- Other cybercrime surveys, particularly those published by providers of cybersecurity services and/or systems monitoring often lack transparency and consistency but do play a valuable role in identifying and characterizing emerging new cyber threats.
- The dynamic nature of cybercrime, in which the mechanisms used to carry out cybercrimes are continually evolving, meaning that responses by the authorities and measurement of the incidence and effects are always playing “catch-up”.
Review of Performance Information. IP21C officials were able to provide performance information for the three years of implementation. However, it was challenging for the evaluation to assess the effectiveness of the awareness and training undertaken as part of the Initiative, as post-training evaluations had not been implemented at the time of the events. To address this, the evaluation used key informant interviews to collect this data. Though many of the key informants could not recall the specific training activities in which they participated, most were very familiar with the key elements of the PCOCA.
Key Informant Interviews. One limitation was the possibility of introducing bias as a result of the approach to sampling for the key informant interviews as well as the voluntary nature of participation in this data collection method. Self-reported response bias occurs when individuals are reporting on their own activities and may want to portray themselves in the best light. Strategic response bias occurs when the participants answer questions with the desire to affect outcomes. To alleviate this, the evaluation ensured that the list of key informants was balanced so that a knowledgeable pool of respondents and a variety of internal and external perspectives was gathered.
Mitigation Strategy. To mitigate these limitations, the evaluation used multiple lines of evidence and triangulation to confirm the results.
- Date modified: