Into the Wild

Misha Glenny

  • The Dark Net: Inside the Digital Underworld by Jamie Bartlett
    Heinemann, 303 pp, £20.00, August 2014, ISBN 978 0 434 02315 8

My first encounter with the dark net was in Rio de Janeiro in 2006. I was interviewing a public prosecutor about the changing nature of organised crime in Brazil. His office was in Barra, an affluent residential area in the west of the city, where one would expect prosecutors to be mostly occupied with crimes against property. He pulled out a file and explained, despairingly, that he had been working on the case for more than a year. ‘This business is just growing and growing,’ he said, ‘and it’s really hard to do anything about it.’ He was investigating a wealthy architect who had been kidnapping and buying children from Rio’s favelas and using them for pornographic photo shoots and movies. He showed me two black and white photographs which had been downloaded from the internet. One was of an eight-year-old girl being raped; the other was of a baby less than a year old covered in semen. ‘This material is spreading like lightning over the web,’ he said, ‘but it’s almost impossible to do anything because they protect their identities so assiduously – and most of this is distributed on the dark side of the internet, where it’s very difficult to track.’

There were additional difficulties in this case: the architect was well connected in Rio society, which confers a thick layer of protection against investigation. Police find that even tracking down the producers, distributors and consumers of child pornography is challenging enough, let alone successfully prosecuting them. I learned one of the reasons for this in 2009 in a motel near Cologne. Every year Europol invites senior police officers to a three-day seminar on the basics of cyber policing. Most child pornography, they explained, isn’t sold openly. Instead members of dedicated forums exchange material for payment in kind: new photos, videos and, unbelievably, live streams of children being abused, sometimes with the active collusion of one or both of the parents. During the seminar, a member of the Irish Gardaí’s Child Protection Unit told me that officers were permitted to work on such cases for a maximum period of three years for fear that longer exposure to the material they had to investigate might lead to permanent psychological damage.

That is, of course, if they manage to find the websites and networks involved. Most forums responsible for the exchange of child pornography have high levels of digital security. The techniques used range from layering – in which a user has to pass through various websites in a defined sequence to get to the illegal material – to powerful verification techniques, and often the encryption of website addresses. Anyone who wants to join has to spend considerable time and effort navigating these websites or talking to people who are already involved in order to be let into the circle of trust. If the site is protected by an encrypted url, users can only enter if the site administrators decide they are not a security risk: police officers masquerading as consumers, for example. These days entry will often be denied unless the individual is able to add a substantial collection of material to the forum’s database – a mechanism that has led to a significant increase in the amount of material in circulation. In The Dark Net, Jamie Bartlett quotes the US General Accounting Office as reporting in 1983 that ‘as a result of the decline in commercial child pornography, the principal Federal agencies … do not consider child pornography a high priority.’ In 1990, the NSPCC in Britain estimated that ‘there were seven thousand known images of child pornography in circulation. Because it was so hard to come by, the numbers accessing it were vanishingly small.’ What a difference a couple of decades makes. ‘In 2011,’ Bartlett continues, ‘law enforcement authorities in the US turned over 22 million images and videos of child pornography to the National Center for Missing and Exploited Children.’

Some sites post child pornography in order to make money. This is riskier, but if the receipt of revenues takes place in a weak or compromised jurisdiction such as various Pacific islands, or Russia, then the individuals behind the site can make a lot of money. In cases like these, it is the consumers who are more vulnerable to arrest and prosecution. Bartlett describes the case of a pseudonymous British man called Michael, whom he interviewed for the book. In his fifties, happily married with a grown-up daughter, Michael protests, quite genuinely it seems, that he is ‘a very ordinary, heterosexual bloke. I was never – never! – remotely curious about young girls. It never even crossed my mind.’ And yet he was convicted of possessing three thousand indecent images of children on his computer, most of them Level 1 – ‘erotic posing but no sexual activity’ – but some of them Level 4, the second most explicit and obscene category. Michael apparently found his way to child pornography through conventional pornographic sites whose advertising techniques lured him towards ever more risqué and, eventually, illegal material. Michael was subject to a variant of what the psychologist John Suler identified in 2001 as the ‘online disinhibition effect’: the phenomenon whereby computer users feel shielded by the apparent anonymity of the web, encouraging behaviour in which they would not normally indulge in the real world.

Like much of what happens in the digital world, both benign and malignant, the dark net owes its origins in part to one of the US Defense Department’s research units. (One may be forgiven for thinking that the DoD is keeping afloat most of the theoretical and applied science and engineering departments on both coasts of the US. Apple is often credited with responsibility for game-changing innovations in mobile technology but in most cases they just nicked ideas from the military.[*]) It was programmers at the US Naval Research unit who in the 1990s developed the so-called Onion Router system, Tor, that provides the anonymity in which users of the dark net depend. Tor was initially intended to help US intelligence workers communicate online without being observed. But in 2002 it was released for public use and the not-for-profit Tor project now offers a web browser, downloadable for free by anyone, which wraps its communications in several layers of encryption, then bounces them around a series of computers chosen at random from volunteer machines across the world before they arrive at their destination. This complex process means that if a message is intercepted at any point it is almost impossible to identify its origin, its content or the intended recipient, even if you have the resources of the NSA. Tor is a little bit slower than conventional browsers but not inconveniently so, and – one of its great advantages – it’s possible for people to use it even if they have low levels of computer literacy. It really is pretty easy.

Over the past 18 months, law enforcement agencies in the US and the EU have been angling their searchlights onto the dark net. The results of their most recent and best organised foray were revealed at the beginning of November. After an operation lasting several months – they called it Operation Onymous – the FBI and Europol’s Cybercrime Centre announced that they had taken down more than two dozen, possibly many more, of the most notorious dark net websites, including the most famous of all, Silk Road 2.0. The majority of these sites were trading in drugs. Cocaine and marijuana were the most popular items but customers could order almost anything, from ecstasy to magic mushrooms, from OxyContin to Valium. In total, the police are believed to have confiscated more than $1 million in the digital currency bitcoin. Few everyday internet-based retail sites have registered profits of this order so soon after going online. This commercial success partly reflects the efficient service offered by Silk Road and other sites like it. The business model is similar to eBay’s: the site administrators don’t deliver the goods themselves but act as market facilitators between a buyer and a seller, getting a cut from every transaction. Once a site like Silk Road acquires a reputation for reliability it tends to grow rapidly. But the desire to make the market as open as possible leaves such sites vulnerable to police infiltration. Many of them, especially the ones dealing in counterfeit credit cards, continue to flourish, especially in Russia. Co-operation in criminal investigations between the UK and Russia collapsed during the investigation into the death of Alexander Litvinenko; the Ukrainian crisis has brought to a halt any attempts to co-ordinate investigations into cybercrime between Russia and the West.

At the heart of Silk Road’s success lie the extremely high mark-ups in a prohibited market, in this case narcotics. In the long run sites like these can only finally be tackled by drug policy reform, not law enforcement. But for the FBI and Europol the takedown was nonetheless a significant achievement. Both agencies have been coy about how they managed it, but it’s highly unlikely that they managed to crack Tor’s digital security. Instead, the signs are that they relied on the usual FBI procedure for large-scale operations against criminal networks: months if not years of painstaking work aimed at infiltrating the target organisation. At some point, one of the administrators will make a mistake and reveal either a digital or a physical location. If he is within range of one of the phenomenally long arms of the US law enforcement agencies (federal agents are stationed across the world; they have even worked on operations in mainland China), he is likely to be detained and persuaded to work on behalf of the FBI in exchange for a reduced sentence.[†] All the FBI’s major successes have followed this pattern. If the NSA and the Russian government can’t crack Tor – Russia’s Ministry of Internal Affairs has offered a prize of 3.9 million roubles to anyone who succeeds – then it’s hard to imagine that the FBI did it on its own.

The reason the Department of Defense released Tor into the wild was that various other branches of government, including the State Department, believed it could be a valuable tool for civil society and democracy activists around the world. And they were right. Tor remains one of the few digital thorns in the side of the NSA, the FSB’s Department K, GCHQ, the IDF’s Unit 8200, the People’s Liberation Army’s Unit 61398 and all the other intelligence and defence agencies which consider anonymity on the web to be a major national security risk. Bartlett’s book isn’t only, or even primarily, about cybercriminals and intelligence agents. Although he is interested in ‘those sites not indexed by conventional search engines: an unknowable realm of password-protected pages, unlinked websites and hidden content only accessible to those in the know’ – what’s usually called the deep web – he also discusses material that is easily accessible and legal, such as extremist political debate, or the ‘cam’ phenomenon, where women charge viewers to watch them strip or have sex online.

The Dark Net, then, is partly about how ordinary people behave online, and how online activity changes them. Bartlett makes good use of Suler’s online disinhibition effect, both when describing how some young men, acting like a pack of digital rabid dogs, destroy a woman’s life through online postings, and when he meets a British fascist whose modest and personable character in real life is almost impossible to reconcile with his online exhortations in favour of white supremacy. But the online disinhibition effect also works to the advantage of intelligence and law enforcement agencies. After the Snowden revelations nobody should believe that using conventional browsing and communications tools offers any guarantee of intimacy or privacy on the net. You may sometimes be lulled into a sense of security, but it’s worth remembering that virtually anything you do on a computer connected to the internet can be accessed by any number of people and institutions you would probably prefer not to be exposed to. Disinhibition is a normal human response. But it isn’t logical: we are far more exposed online than we are in real life.

*

Bartlett also examines the confrontation between those who believe that the state has no right to interfere with anybody’s activity online and those, at the other extreme, who are convinced that national security justifies all manner of surveillance. As with much discussion on the net, the loudest voices are often the most radical. There is a Leninist assumption on both sides that if you aren’t with us you’re against us. Two mighty battles have broken out in the cyber realm. The first concerns what we are and aren’t permitted to do on the web, as well as what can and can’t happen to our data. The second is quite simply competition between states. The most forceful articulation of the idea that internet technologies should be free from any regulation came in the form of ‘A Declaration on the Independence of Cyberspace’, released in 1996 by John Perry Barlow, an activist whose many achievements include writing lyrics for the Grateful Dead. ‘Governments of the Industrial World, you weary giants of flesh and steel,’ he proclaimed,

I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather …

You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don’t exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means …

In the United States, you have today created a law, the Telecommunications Reform Act, which repudiates your own constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeTocqueville and Brandeis. These dreams must now be born anew in us.

In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may keep out the contagion for a small time, but they will not work in a world that will soon be blanketed in bit-bearing media.

Barlow was right in assuming that states would find the internet far too valuable a technology to be left in the hands of ordinary people. The flourishing of the dark net, along with criminal and terrorist activity, are the justifications offered by the US and European governments for the astonishing amount of surveillance of online activity. The colossal if intentional error of the British and American governments in allowing the NSA and GCHQ to expand their activities to every corner of the net was that they brushed aside legal checks and balances in the process. The reduced ability of the courts to arbitrate this extraordinary surveillance is the Achilles’ heel of those who argue the state should be granted these powers.

Barlow also saw that states would seek to define what content users should or should not have access to when they are online. There are few countries more assiduous in monitoring their citizens’ activities than Russia and China. In this the West differs from its two major cyber competitors (Barlow would recognise this division but would probably dismiss it as irrelevant). The US and its four allies in the Five Eyes pact – Canada, Britain, Australia and New Zealand – mostly don’t mind what people do on the web as long as it isn’t criminal; what they want is to be able to access all that activity at all times. China and Russia, though, want the right to restrict content because the web threatens their de facto political monopolies. This difference manifests itself in the way internet security is described: ‘cyber security’ in the West (i.e. the protection of networked systems) v. ‘information security’ in the East (i.e. the state’s right to control content).

The two aims are incompatible, especially since both sides engage in extensive, systematic cyber espionage. The inability of major states to agree on the ground rules of governance of the internet means that the dark net will thrive: some of it good, some of it bad. ‘Cyberspace,’ Barlow insisted in his declaration of independence, ‘does not lie within your borders.’ It might once conceivably have been uncharted and beyond the pale. But it was invaded long ago. The dark net is a refuge of sorts but it isn’t home only to Barlow’s ‘civilisation of the Mind’. It also hosts some pretty unpleasant characters.

[*] Mariana Mazzucato has written about this in The Entrepreneurial State (2013).

[†] I use the gender deliberately: the proportion of those involved in illegal activities on the web who are women is estimated to be about 4 or 5 per cent; the corresponding proportion for conventional crime is 15-20 per cent.