cybercrime

Darknets Are Key Strongholds of Freedom of Expression Online

[Originally published in The Conversation]

The internet is much more than just the publicly available, Google-able web services most online users frequent – and that’s good for free expression. Companies frequently create private networks to enable employees to use secure corporate servers, for example. And free software allows individuals to create what are called “peer-to-peer” networks, connecting directly from one machine to another.

Unable to be indexed by current search engines, and therefore less visible to the general public, subnetworks like these are often called “darknets,” or collective as the singular “darknet.” These networks typically use software, such as Tor, that anonymizes the machines connecting to them, and encrypts the data traveling through their connections.

Some of what’s on the darknet is alarming. A 2015 story from Fox News reads:

“Perusing the darknet offers a jarring jaunt through jaw-dropping depravity: Galleries of child pornography, videos of humans having sex with animals, offers for sale of illegal drugs, weapons, stolen credit card numbers and fake identifications for sale. Even human organs reportedly from Chinese execution victims are up for sale on the darknet.”

But that’s not the whole story – nor the whole content and context of the darknet. Portraying the darknet as primarily, or even solely, for criminals ignores the societal forces that push people toward these anonymous networks. Our research into the content and activity of one major darknet, called Freenet, indicates that darknets should be understood not as a crime-ridden “Wild West,” but rather as “wilderness,” spaces that by design are meant to remain unsullied by the civilizing institutions – law enforcement, governments and corporations – that have come to dominate the internet.

There is definitely illegal activity on the darknet, as there is on the open internet. However, many of the people using the darknet have a diverse range of motives and activities, linked by a common desire to reclaim what they see as major benefits of technology: privacy and free speech.

Describing Freenet

Our research explored Freenet, an anonymous peer-to-peer network accessed via a freely downloadable application. In this type of network, there are no centralized servers storing information or transferring data. Rather, each computer that joins the network takes on some of the tasks of sharing information.

When a user installs Freenet, her computer establishes a connection to a small group of existing Freenet users. Each of these is connected in turn to other Freenet users’ computers. Through these connections, the entire contents of the network are available to any user. This design allows Freenet to be decentralized, anonymous and resistant to surveillance and censorship.

Freenet’s software requires users to donate a portion of their local hard drive space to store Freenet material. That information is automatically encrypted, so the computer’s owner does not know what files are stored or the contents of those files. Files shared on the network are stored on numerous computers, ensuring they will be accessible even if some people turn off their machines.

Joining the network

As researchers, we played the role of a novice Freenet user. The network allows many different types of interaction, including social networking sites and even the ability to build direct relationships with other users. But our goal was to understand what the network had to offer to a new user just beginning to explore the system.

There are several Freenet sites that have used web crawlers to index the network, offering a sort of directory of what is available. We visited one of these sites to download their list. From the 4,286 total sites in the index we chose, we selected a random sample of 427 sites to visit and study more closely. The sites with these indexes are a part of the Freenet network, and therefore can be accessed only by users who have downloaded the software. Standard search engines cannot be used to find sites on Freenet.

An introductory page on Freenet. Roderick Graham and Brian Pitman, CC BY-ND

Finding a ‘hacker ethic’

What we found indicated that Freenet is dominated by what scholars call a “hacker ethic.” This term encompasses a group of progressive and libertarian beliefs often espoused by hackers, which are primarily concerned with these ideals:

  • Access to information should be free;
  • Technology can, and should, improve people’s lives;
  • Bureaucracy and authority are not to be trusted;
  • A resistance to conventional and mainstream lifestyles

Some of that may be because using darknet technology often requires additional technical understanding. In addition, people with technical skills may be more likely to want to find, use and even create services that have technological protections against surveillance.

Our reading of hacking literature suggests to us that the philosophical and ideological beliefs driving darknet users are not well-known. But without this context, what we observed on Freenet would be hard to make sense of.

There were Freenet sites for sharing music, e-books and video. Many sites were focused around personal self-expression, like regular internet blogs. Others were dedicated to promoting a particular ideology. For example, socialist and libertarian content was common. Still other sites shared information from whistle-blowers or government documents, including a copy of the Wikileaks website’s data, complete with its “Afghan War Diary” of classified documents about the United States military invasion of Afghanistan following the Sept. 11, 2001 terrorist attacks.

With the hacker ethic as a guide, we can understand that most of this content is from individuals who have a deep mistrust of authority, reject gross materialism and conformity, and wish to live their digital lives free of surveillance.

What about crime?

There is criminal activity on Freenet. About a quarter of the sites we observed either delivered or linked to child pornography. This is alarming, but must be seen in the proper context. Legal and ethical limits on researchers make it very hard to measure the magnitude of pornographic activity online, and specifically child pornography.

Once we came upon a site that purported to have child pornography, we left the site immediately without investigating further. For example, we did not seek to determine whether there was just one image or an entire library or marketplace selling pornographic content. This was a good idea from the perspectives of both law and ethics, but did not allow us to gather any real data about how much pornography was actually present.

Other research suggests that the presence of child pornography is not a darknet or Freenet problem, but an internet problem. Work from the the Association for Sites Advocating Child Protection points to pervasive sharing of child pornography well beyond just Freenet or even the wider set of darknets. Evaluating the darknet should not stop just at the presence of illegal material, but should extend to its full content and context.

A pie chart shows the share of Freenet sites devoted to particular types of content. Roderick Graham and Brian Pitman, CC BY-ND

With this new information, we can look more accurately at the darknet. It contains many distinct spaces catering to a wide range of activities, from meritorious to abhorrent. In this sense, the darknet is no more dangerous than the rest of the internet. And darknet services do provide anonymity, privacy, freedom of expression and security, even in the face of a growing surveillance state.

On Romance Scams, Populism, Cybercrime, and Cybersecurity

Cybersecurity and cybercrime are very similar in that a computer is the tool in the commission of a crime or the target of a crime.  Cybersecurity is a bit more narrow in that the major concern is the unauthorized access and use of computers, or hacking.  Cybercrime has a broader focus, encompassing hacking along with other computer related offenses such as identity theft, cyberbullying, and online fraud.  In the best case scenario, the two would be treated very similar as similar techniques can be used to understand and prevent both.

However, our nation’s leaders have understood and responded to cybersecurity and cybercrime in two very different ways.  This tells us a great deal about the current gulf between elites and commoners.  It is one more quiver in the bow for those embracing American populism.

Cybersecurity

Modern organizations have a series of interconnected computers housing valuable pieces of information. Only authorized personnel – people with the right identities and passwords – are able to access and manipulate this information.  The network in which I have access through my user ID and password allows me to see student information and manipulate grades.  The employees at Bank of America use their credentials to see the bank statements of customers stored on their computers.  The information kept in these computer networks have various levels of sensitivity – from the contact information of faculty and students to the emails and operational plans on military bases.  People are always trying to get access to these networks in order to steal information or manipulate information.  Sometimes they want access in order to change the way in which these computers operate.

Given the importance of these computer networks, billions of dollars have been invested in developing tools, techniques, and personnel to protect them.  Thus the cybersecurity industry.

Cybercrime

Cybercrime is more broad in focus.  It also deals with the unauthorized used of a computer (in the simplest terms, a virus placed on your computer or the stealing of someone’s computer passwords is unauthorized use).  But the use of computers to steal one’s financial identity, and then run up their credit cards also falls under the cybercrime rubric.  As does using sending out harassing tweets, posts, and emails to someone.  As well as defrauding someone by taking advantage of the Internet’s anonymity.

But it is not the scope of cybercrime that makes it different than cybersecurity.  It is the targets.  Everyday people are the targets of these crimes, not large corporations of bureaucracies. 

Media attention and legislative efforts have been disproportionately aimed at cybersecurity.  Yet in reality more people have been touched and hurt by cybercrime.

The FBI hosts a website that collects and reports cybercrime, the Internet Crime Complaint Center (IC3). Their website states that: “The IC3 accepts online Internet crime complaints from either the actual victim or from a third party to the complainant.”

One of the types of complaints collected by the IC3 are romance scams.  These are instances where offenders use the anonymity of the Internet to portray their love for a victim only in an effort to fleece them of as much money as possible.  This scam is as old as the world’s first profession, I imagine.  The difference is that the Internet makes it possible to (a) reach more people, and (b) more easily construct the idea in the victim’s mind that the relationship is real and genuine.

In 2014, the FBI reported a total loss of approximately 87 million dollars through romance scams.  This is in an underreporting of the total dollar loss.  People are too embarrassed or do not know about IC3.

 

Romance scams are, in my opinion, one of the more despicable offenses.  They prey on a vulnerable subset of the population – middle aged women.  It is highly likely (although I do not have the data to support this idea) that the victims are low on digital literacy, and are unaware of the many ways that lotharios manipulate the digital environment.  Many individual lives and homes can be destroyed through crimes like this.  However, these people do not have a lobby in Congress to protect them.

One could make the argument that being duped by a man who makes sweet music with computer keys is more about the ignorance of the victim, has little to do with technology, and at any rate is not a new crime.

Well, what about when an individual’s private computer or computer network is used without authorization (i.e. hacking)?   People fall victim to viruses, worms, and phishing attacks (when a fraudulent email is sent) everyday.  All of these are the same types of techniques used to compromise the computer networks of large entities.

The crucial difference is the targets.

 

Follow the Money

In 2009 the Obama administration announced a Comprehensive National Cybersecurity Initiative (CNCI), with a “total budget 40 billion over several years”.   This has trickled to my current home state of Virginia.  Our governor, Terry McAuliffe has been aggressively pushing a number of cybersecurity initiatives:

There is nothing wrong with providing the vision and funding for cybersecurity.  We need it the same way we need to protect our water facilities (see Flint) or our levees (see New Orleans) or our bridges (see Minneapolis).

But there is no such federal initiative and consequent state level programs that deal with cybercrime.  I am sure there are some monies somewhere.  But the level of interest in protecting everyday American citizens is paltry in comparison to the interest in protecting bureaucracies.

I can go a bit further.  This government aid is in all likelihood a subsidy for American corporations.  Corporate networks are much more numerous than those of the military, and although there are many hospitals and colleges storing sensitive information, hackers simply are not interested in x-rays and midterms.  The majority of people who are trained and the greatest application of the innovations produced will accrue to entities like Wells Fargo and Bank of America.

 

American Populism

And so cybersecurity is to cybercrime as Wall Street is to Main Street.  Millions of dollars are being funnelled into protecting large industries while a relative trickle of dollars is devoted to educating the people themselves or the law enforcement charged with protecting the people.

Universities and colleges are scrambling to develop cybersecurity programs and dole out cybersecurity certificates, while little interest is in developing digital literacy courses that teach everyday citizens some basic measures that will protect them from romance scams, phishing attacks, and computer viruses.

I am aware that people are not that upset about how the government ignores their computer security.  The world of bits, bytes, packets, and protocols is too arcane and too distant from the everyday necessities of life.  But the relationship between cybercrime and cybersecurity is another illustration of why people feel the government does not work for them.  They have a legitimate beef, and their support of Donald Trump and Bernie Sanders – what has crudely been labeled “populism” – is more than justified.

From the government bailout of banks, to a national health care plan that forces people to give money to health insurance companies, to billions of dollars in subsidies going to sugar producers, to costly wars that only seem to provide benefits to defense contractors and oil companies, to free trade agreements that never provide benefits to working Americans, to cybercrime and cybersecurity, the American people are realizing that their government no longer represents them.

African-American Digital Practices and Their Relation to Issues in Criminal Justice

Criminal justice professionals with an interest in African-Americans have given little attention to the role information and communication technologies (ICTs) may play in their work.  There are few scholars and professionals who explore how technologies like the Internet, social media applications, and mobile phones impact African-American experiences in modern society.  This state of affairs is understandable.  When one imagines a connection between technology and criminal justice, one thinks of cybercrime, and the battle between large corporations and the highly educated (often white and male) criminals who try to steal money.  African-Americans are not a part of this picture.  One may also think of ICTs as being merely for fun and games, tangential to the concerns of criminal justice professionals.  However, if we widen our gaze and conceive of ICT usage as having an effect on family communication, labor market participation, and political engagement the connections between African-Americans, ICTs, and criminal justice become clearer.

Criminal justice professionals have been slow to explore the links between race, technology, and criminal justice issues. Image credit: Mashable.com

Criminal justice professionals have been slow to explore the links between race, technology, and criminal justice issues.
Image credit: Mashable.com

(more…)