Guess What? Most Cybercrime 'Losses' Are Massively Exaggerated As Well

from the because-they're-not-losses dept

Wed, Apr 18th 2012 10:25am — Mike Masnick

We've talked about exaggerations in "losses" due to infringement for many years. However, we've also discussed how claims of "losses" due to so-called "cybercrime" are also massively inflated. It appears that others are figuring this out as well. The NY Times has an op-ed piece from two researchers, Dinei Florencio and Cormac Herley, highlighting how all the claims of massive damages from "cybercrime" appear to be exaggerated -- often by quite a bit:

One recent estimate placed annual direct consumer losses at $114 billion worldwide. It turns out, however, that such widely circulated cybercrime estimates are generated using absurdly bad statistical methods, making them wholly unreliable.

Most cybercrime estimates are based on surveys of consumers and companies. They borrow credibility from election polls, which we have learned to trust. However, when extrapolating from a surveyed group to the overall population, there is an enormous difference between preference questions (which are used in election polls) and numerical questions (as in cybercrime surveys).

For one thing, in numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors — or outright lies — cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population.

This is pretty common. In the first link above, we wrote about how a single $7,500 "loss" was extrapolated into $1.5 billion in losses. The simple fact is that, while such things can make some people lose some money, the size of the problem has been massively exaggerated. As these researchers note, this kind of thing happens all the time. They point to an FTC report, where two respondents alone provided answers that effectively would have added $37 billion in total "losses" to the estimate.

This doesn't mean that the problems should be ignored, just that we should have some facts and real evidence, rather than ridiculous estimates. If the problem isn't that big, the response should be proportional to that. Unfortunately, that rarely happens. In fact, combining this with the recent ridiculous stories about the need for "cybersecurity," perhaps we can start to estimate just how much of an exaggeration in FUD the prefix "cyber-" adds to things. I'm guessing it's at least an order of magnitude. Combine bad statistical methodology with the scary new interweb thing, and you've got the makings of an all-out moral panic.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybercrime, errors, exaggeration, fud, losses

20 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Glen, 18 Apr 2012 @ 10:31am

But, but....
we need funding for our cyber-security cronies.
[ link to this | view in chronology ]
Anonymous Coward, 18 Apr 2012 @ 10:44am

It's all true
I personally lost $150 billion in sales due to cybercrime. You see, this prince in Nigeria promised me $150 billion dollars if he helped me move $1.5 trillion dollars out of Nigeria. But it was all a scam. It was...cybercrime. So there's proof that our economy lost $150 billion due to cybercrime. And since I was planning on giving it all to orphans, it's hurting children directly.
[ link to this | view in chronology ]
- Anonymous Coward, 18 Apr 2012 @ 1:03pm
  
  Re: It's all true
  I got lucky, I only lost $8 Billion - someone stole my iPhone.
  [ link to this | view in chronology ]
  - Cerberus (profile), 18 Apr 2012 @ 8:40pm
    
    Re: Re: It's all true
    Oh my God, you're lucky you only had 8 songs on it, or the thief would have been able to do considerably more damage to the RIAA with the stolen songs.
    [ link to this | view in chronology ]
Jay, 18 Apr 2012 @ 10:45am

Exaggerated!!!
"we wrote about how a single $7,500 "loss" was extrapolated into $15 billion in losses"....

sounds quite inflated...

thinking, how this happen ????

we live in the world where it is possible to deliver news faster than light..

just imagine how Pink revolution of tunisia happened...

thanks to innovation like facebook/youtube/greatify which helps to deliver news to right time...

cons:
7500=>1.5 billion exxageration .... :)
[ link to this | view in chronology ]
Gak Guk, 18 Apr 2012 @ 10:52am

exaggeration
"This is pretty common. In the first link above, we wrote about how a single $7,500 "loss" was extrapolated into $15 billion in losses."

The article quoted talks about 1.5 billion, not 15. It seems some more extrapolation happened in the meantime.
[ link to this | view in chronology ]
- Leigh Beadon (profile), 18 Apr 2012 @ 11:20am
  
  Re: exaggeration
  The article quoted talks about 1.5 billion, not 15. It seems some more extrapolation happened in the meantime.
  
  Indeed. Fixed! Thanks
  [ link to this | view in chronology ]
Anonymous Anonymous Coward, 18 Apr 2012 @ 10:55am

Cyber vs Real World
There should be no difference between the real world and on the Internet. If it is illegal in the real world, then it should be illegal on the Internet. If it isn't illegal in the real world, then it should not be illegal on the Internet. No special laws needed.

If there is a problem on the Internet that is not addressed in the real world, one really has to ask themselves why!
[ link to this | view in chronology ]
- John Fenderson (profile), 18 Apr 2012 @ 12:20pm
  
  Re: Cyber vs Real World
  If it is illegal in the real world, then it should be illegal on the Internet. If it isn't illegal in the real world, then it should not be illegal on the Internet.
  
  Yes, and it's a good thing that laws are the same in every nation in the world. If they weren't, this would be impossible.
  [ link to this | view in chronology ]
Baldaur Regis (profile), 18 Apr 2012 @ 11:11am

What we need...
...is to look at online copyright infringement ONLY (as its the content owners causing the most ruckus right now) and forget about online scams/gambling/atrocity du jour that's being lumped under the heading of 'cybercrime'.

We need two numbers: one, the percentage of content infringers as a percentage of the global online population; and two, of that percentage, what is the percentage of casual infringers, i.e., those who would purchase digital content if conditions were right.

In other words, how many hardcore pirates are actually out there, those for whom piracy itself is the attraction? And how many people just pirate for convenience? My (totally empirical) gut feeling is the hardcore number is a tiny fraction of a percent; most casual infringers I know would LOVE to get archival quality copy direct from the source if cost, no DRM and other concerns were satisfied.

If the numbers are large, the current efforts towards paywalls, DRM and basically the way the world is now can be justifiably argued. If the numbers are small, we need yell them at the content providers, and keep yelling until they listen.
[ link to this | view in chronology ]
ltlw0lf (profile), 18 Apr 2012 @ 11:31am

Ask Kevin Mitnick...
They've been exaggerating for a very long time. Sun said Kevin stole software valued at $8 million that anyone could have gotten for $30 from their website at the time.
[ link to this | view in chronology ]
- Drew (profile), 18 Apr 2012 @ 2:14pm
  
  Re: Ask Kevin Mitnick...
  Did you not know when you copy something the value of it goes up at least 100,000 times. If you have a 50 pack of TDK cd-r you could potentially be worth billions!
  
  FUS RO DAH
  [ link to this | view in chronology ]
  - ltlw0lf (profile), 18 Apr 2012 @ 2:35pm
    
    Re: Re: Ask Kevin Mitnick...
    Did you not know when you copy something the value of it goes up at least 100,000 times.
    
    Wow, so my swapfile must be worth 1 quadrillion dollars by now. If only I could cash that in?
    [ link to this | view in chronology ]
Anonymous Coward, 18 Apr 2012 @ 12:33pm

dont tell me. someone stole Hollywood Accounting and used it to produce the Cyber Crime numbers!! oh my God! the sky is falling again!!
[ link to this | view in chronology ]
- The eejit (profile), 18 Apr 2012 @ 3:33pm
  
  Re:
  Nah, the sky isn't falling: that's just the RIAA calculating atmospheric quadrodelineation over a spheroid object again.
  [ link to this | view in chronology ]
  - The Moondoggie, 18 Apr 2012 @ 5:09pm
    
    Re: Re:
    People from the RIAA can count?
    
    The sky is falling.
    [ link to this | view in chronology ]
AJBarnes, 18 Apr 2012 @ 12:57pm

Just think...
Think of how many more cars would have been purchased if car thieves would not steal....
[ link to this | view in chronology ]
DanZee (profile), 18 Apr 2012 @ 2:02pm

Cyber Crime
If the government was really against cyber crime, they would close down the Nigerian scam operations and arrest the office towers full of hackers in Eastern Europe infecting computers with fake anti-virus malware. Oh, silly me. Apparently, the government is only concerned with things Microsoft, the RIAA and the MPAA are worried about!
[ link to this | view in chronology ]
Digitari, 18 Apr 2012 @ 3:43pm

Re:
wait, if they are using "hollywood" accounting, is that not an infringement of a trade (not so) secret?? will they now be arrested by a SWAT team??

will they close down any and all the grocery stores nearby for "money laundering" and or the gas stations

what if they bought lottery tickets with their ill gotten money??

Hollywood accounting Must be preserved at all costs. right??

?where's my shill check?
[ link to this | view in chronology ]
That Anonymous Coward (profile), 18 Apr 2012 @ 4:58pm

But but but there is money to be made!!!
We have to have these horrible problems to justify paying our 'good friends' firms, with former government types pitching for them, tons of your money to gain nothing but more headaches for regular people!

Cybercrime its like real crime, except all cyber so you can't actually see the end result, just take our word for it happening.
[ link to this | view in chronology ]