Cyberpolicing in Canada: A Scoping Review

A recent stream of government efforts have surfaced in an attempt to tackle cybercrime in Canada and improve law enforcement responses to cybercrime, such as funding, actionable intelligence, and the creation of new policing response units. However, we know little of ‘what works’ with respect to cyberpolicing, meaning that these endeavours, and policymakers and funding organizations, are operating without such insights. Therefore, this study sought to conduct an evidence assessment into research on cybercrime-related topics through a scoping review. Our findings show that the overall volume of Canadian cyberpolicing literature is low, and many important subjects are entirely lacking in research. Additionally, we found a distinct shortage of independent or rigorous evaluation of cyberpolicing strategies. From these findings, we offer a range of critical recommendations to improve the state of Canadian research on cyberpolicing. child sexual exploitation, police attitudes towards


Introduction
To develop a program of Canadian-based cyber-research that will inform sound public policy and practice entails a deeper understanding of the strengths and limitations of the current research evidence base. To that end, we have conducted what will be the first in a series of evidence assessments on research into cybercrime-related topics. Therefore, in this paper, we present a scoping review of the Canadian research

Method of Inquiry
To address the above research questions, we conducted a scoping review (SR). A SR is an exploratory form of knowledge synthesis that allows researchers to understand better what work has been undertaken in a given field (Arksey and O'Malley 2005).
SRs are similar to other review methodologies, such as systematic reviews, in that they require a replicable, systematic, and structured search for and the inclusion of literature materials. Though, they differ by allowing the search criteria to be changed post-hoc as one becomes more familiar with the literature, and they do not involve an assessment of the literature quality (ibid.). Given that it was expected that there would be a limited number of studies, and to have the ability to include grey literature, this method was thought more suitable for the purposes of this study. In the pages that follow, we explore the types of topics previous researchers have undertaken, the data sources and methodologies employed, as well as the years and scholarly fields in which studies were produced. Using this technique will help to provide an assessment of not only what is currently available to inform public policy and practice but also, and perhaps more importantly, where we should be focusing future research efforts.

Search Strategy
To construct our search strategy, we had to make several decisions as to what types of material we would be searching for and where we would be looking. We expected that the overall volume of Canadian studies published in peer-reviewed journals in this area would be low, thus early on, the decision was made to include both peer-reviewed published research and studies found within the 'grey literature' -that is, government and non-governmental reports, Masters theses and doctoral dissertations. We also anticipated that, given the estimated low volume of available material, we would have to search as widely as possible. To that end, we decided to begin by searching academic databases using a university search engine with access to PsycINFO, Criminal Justice Abstracts, PubMed, Web of Science, Scholars Portal, and Sociological Abstracts, among others. Once we had exhausted our ability to find useful material through this method, we turned to the Google search engine to look for government and NGO reports before focusing our efforts on Google Scholar.
All searches were conducted using keywords, and the date range was set to 2001 to 2021. Keywords used included iterations and combinations of 'Canada,' 'Canadian,' 'police, ' 'policing,' 'cyber,' 'Internet,' 'online,' 'research,' and 'study.' We typically stopped reading search results at the 100 th result, as at that point, most results were no longer relevant. To arrive at our final sample, the abstracts of returned results were first read in full, and an initial decision was made as to whether to include or exclude as a result. If it was not clear after reading the abstract whether a paper met the inclusion criteria as noted below, it was downloaded and read to assess its applicability to our topic. After each of the downloaded articles was reviewed against the inclusion criteria, we arrived at a final sample of a collection of 18 studies.

Inclusion and Exclusion Criteria
As the goal of the larger project within which this scoping review falls is to begin the process of assessing the evidence base for public policy or practice related to cybercrime, the decision was made to focus solely on studies in which research had been conducted. We define 'research' in this context as an empirically grounded, systematic study to identify, explain, predict and/or determine the causes of a given phenomenon. For full details, Figure 1 below offers a visual presentation of our complete exclusion and inclusion criteria.

Coding and Analysis
To answer the first and second research questions, we employed a simple inductive coding scheme using the following categories: title, first author, year of publication, topic, approach (quantitative, qualitative, or mixed methods), methods (data collection

Visual Presentation of the Inclusion and Exclusion Criteria
and analysis techniques), and data source. Answering the third research question required a novel approach. We had to construct a list of topics that were potentially missing from the Canadian literature. To do this, we relied upon the published annual meeting program guides of the American Society of Criminology (ASC) annual conferences. As the ASC hosts one of the largest international criminology conferences, it can be deduced that the program agendas would reflect some of the major concerns and interests in the field of cybercrime generally and cyberpolicing more specifically. To develop our list, we searched each of the program guides available (2005 to 2021) for paper titles and abstracts and then coded relevant abstracts. The results are located in Appendix III. Finally, to achieve a measure of reliability in the coded data, all coding was independently verified.

Extent and Range of the Literature
As can be seen in Table 1 below, prior to 2010, we were only able to locate three studies: one (n=1) peer-reviewed article (2008) While the overall volume of Canadian research on cyberpolicing and related topics is fairly low, we did observe some diversity in terms of the types of research methods employed. In particular, studies were almost evenly split between quantitative (n=7) and qualitative methods (n=8), with only one mixed methods study combining survey and interview data. Qualitative studies relied heavily on interview data, whereas quantitative typically drew on secondary data and some primary data sources by way of surveys conducted by the researchers. We also note that much of the researchboth quantitative and qualitative -was descriptive and exploratory in nature. One significant concern is the lack of experimental research, a method often used in evaluative studies. This finding suggests that what is missing from research in this area are studies assessing how well specific cyberpolicing programs, policies, and practices are performing in terms of meeting program or institutional objectives. Interestingly, despite the fact that some of the studies examined explored psychological dimensions of cyberpolicing, only one study came from the field of psychology (n=1). Overall, cyber-crime and cyberpolicing emerged as explored within a total of eighteen (n=18) research domains (see Table 3). These spheres represent the disciplines/perspectives that are influencing empirics and assumptions and also expectedly driving public policy and practice.

Table 3. Scholarly Fields in Which the Research was Produced
Given the international scope of the issue of cyber-crime, we expected to see Canadian researchers exploring issues related to the trans-jurisdictional nature of cyberpolicing, and thus some Canadian-focused studies that relied on the use of data from international sources. What we found is that the majority of studies used data from

Canadian sources, including surveys of Canadian police services, interviews with
Canadian police officers, and information collected by Statistics Canada (n=14). Only two papers -both on the effects of policing efforts on online illicit markets -contained international data (n=2).
While there is a healthy diversity of topics covered within the Canadian literature, there are too few studies on any one topic to contribute to and develop a strong

Research Domain n
Criminology 9 Sociology evidence base. As can be seen in Table 4 below, eighteen (n=18) of the topics appear in the literature fewer than five times, with ten (n=10) of these appearing only once.
If we had to identify the most frequently occurring topics, a loose definition would be appearing in the collected studies four or more times. Thus, our results would include three (n=3) topics: child sexual exploitation, police attitudes towards cybercrime and investigation. Of these, police work on 'child sexual exploitation' (CSE) was the most frequently occurring of all topics (n=7). This result can be explained by the fact that one research team (Spencer, Ricciardelli, Dodge et al. 2020) generated a single study on Internet Child Exploitation teams that contributed four papers. Sub-topics in these papers included: police resources, aspects of the police investigation, occupational stress and digital evidence. The other two papers similarly looked at CSE work with a sub-focus on issues related to digital evidence, technology, and occupational stress.
'Police attitudes' and aspects of investigational work appeared in five (n=5) papers each. Papers examining police attitudes towards cyber-related work were generally in the context of more significant explorations of CSE, cyberbullying and/or police resources for responding to cybercrimes. The topic identified as 'aspects of police investigation' -that is, looking at one or more investigational processes or outcomesalso appeared in relation to two papers on CSE, as well as in one paper on illicit online markets. 'Digital evidence' was one of these topics, notably found in papers on CSE, as we have stated above. This was also the case with 'police resources' with one exception: the issue of police services lacking sufficient personnel to deal with a particular type of offense also appeared in one paper on intellectual property (IP) theft.
Police 'training' issues were also a more frequent topic (n=4).
In terms of frequency, the next group of topics were those that appeared in more than one paper but in fewer than four. Issues related to 'police data' -particularly the possibility of inaccuracies due to underreporting -were raised in three (n=3) papers.
The topics of 'enforcement efforts' and 'online illicit markets' were identified in a pair of articles (n=2) on the effects of police 'crackdowns' on piracy and drug crypto sites.
We also found two papers (n=2) on police involvement in preventing and/or responding to cyberbullying.
Our final cluster of topics was found in one paper (n=1) each. These included 'human trafficking,' 'public-private collaborations,' 'police prevention work,' 'technology issues,' 'occupational stress,' 'intellectual property theft,' 'working with victims,' and 'police searches' of seized technology. It is worth noting that, although a significant issue in Canada and elsewhere, research into police investigations of cyber-mediated forms of human trafficking has drawn little attention to date. This was also the case with two other important topics: police-led 'prevention measures' and police 'interactions with victims' of cyberharms. Unsurprisingly, given that digital evidence was a primary focus of three papers (n=3), related fields such as 'police searches' and 'technology issues' also appear at least once. Lastly, the issues of 'civilianization' of police roles in cyber-response and investigation, police 'digital competencies' (required skills for specific roles), and 'police recruitment' each appeared in one (n=1) paper.

Conclusions and Recommendations
As can be seen throughout this report, the overall volume of research in this areaboth scholarly and in government reports -is low, averaging about one study per year.
While we note a recent increase in volume (notably in 2020), constructing a strong evidence base to support cyberpolicing efforts will require initiative and investment from policymakers.
One area in which Canadian research is clearly lacking is the production of rigorous evaluative and experimental research into cyberpolicing and the effects of different cyberpolicing strategies. This means that we are not trialling new initiatives, and/or when police agencies implement new strategies or technologies, they are not being independently or rigorously assessed. Programs or policies aimed at improving the quality of policing in this area need to vigorously promote the benefits of this type of research to both scholars and police services.
An aspect of this research we were pleased to note is the range of topics covered. That said, we also identified ten topic areas of which we could locate no relevant Canadian research, and we are aware that our list of missing topics is hardly representative of the entire spectrum of issues that could be covered. Therefore, policy-makers and funding organizations should consider developing initiatives to help fill in many of these gaps.
Additionally, Canadian research on cyberpolicing is in a relatively healthy shape with respect to the use of diverse research methods and approaches. We are contributing to exploratory, descriptive and causal research through the use of quantitative and qualitative methods. Policymakers should continue to support different research approaches while pushing for the development of innovative and creative programmes of research.
Even though cybercrime and cyberpolicing are areas that lend themselves easily to multidisciplinary and interdisciplinary approaches, most of the studies identified for this report were produced within criminology or sociology departments. Policymakers and funding agencies should also encourage the growth of research that uses multiple disciplinary lenses. Doing so will help generate a stronger oeuvre of Canadian research and lead to a more vibrant community of researchers in this area.