Not so dark after all

At the recent IGF  I attended several workshops where privacy was discussed. At a number of them two things struck me: everyone agreed privacy was desirable, but almost nobody thought it actually existed on the internet. The predominant view among online privacy activists seemed to be that whatever tools you thought you could use to keep your online stuff secret somebody somewhere – in a business or in a government agency, probably both –  either already knew what you were up to or, if they were sufficiently determined, they could work it out.

I remember one young woman from the Balkans who appeared to believe political activists in totalitarian states who thought the internet was their friend or ally were foolishly or recklessly playing with their own lives and liberty, and probably the lives and liberty of others. No one argued with her.

It was not suggested that anyone could (yet) routinely break messages that had been strongly encrypted but in terms of tracking and establishing patterns of relationships, that was easy peasy and, more importantly, it was enough for most police states to draw their own conclusions and act accordingly.

But what about the dark net, I hear you ask? We know the cops in a number of countries have had successes in cracking criminal operations that have used the dark net. Could these simply have been lucky breaks, or one-offs?

The other day I read a case that began to open up this obscure cyber corner. It gave me reason to believe that even on the dark net we can get the bad guys on the run, or at least unsettle them and make them think it is no longer a guaranteed safe haven.

It appears FBI agents took over and ran a machine that operated on the dark net to distribute child abuse images. Using what they called a “Network Investigative Tool” which they put on the offending server, the FBI were able to collect identifying information about people who logged in. Over 200 have already been arrested and charged in the USA following this sting operation but in the course of the action the Feds were able to gather information about 100,00 users in 120 countries. Bravo. Let’s hope the police forces in these countries were able to do something with the information the FBI handed over.

In some Federal courts in the US a number of the cases that were brought against individuals were dismissed because the FBI refused to disclose in open court exactly how the “Network Investigative Tool” operated but evidently not every court made that a condition of proceeding.

In the case that caught my eye, in Washington State,  the judge was highly critical of the FBI for, effectively, distributing child abuse images for two weeks while they ran their operation but he declined to order the FBI to declassify their secret methods. Thank goodness. If that had happened it would only have helped the bad guys to construct a work around.

The really encouraging aspect, however, is also its most obvious. The dark net is not so dark after all. I am sure heavy duty, tech-savvy cyber criminals had worked that out some time ago but for those of us who might otherwise and hitherto  have been prone to lapse into bouts of hopeless cyber depression this blog should act as a little ray of sunshine. Spread the word.

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was a appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Child abuse images, Internet governance, Privacy, Regulation, Self-regulation. Bookmark the permalink.