Printer-friendly version here.
Mike Gillespie is Director of cyber research and strategy at The Security Institute, Managing Director of Advent IM Consultancy and a member of the CSCSS Global Select Committee on Cyber Security
The worldwide web wasn’t really designed, as such – it grew out of itself and so privacy was never really a massive consideration. In part as a result, it exists on different levels. There is the indexed and therefore searchable regular internet with which we are all familiar, there is the regular internet accessed via an anonymising browser or sites built specifically for anonymised browsers (such as .onion sites), and then there’s the Darknet – or Deepnet – a virtual private world of connected sites that are hard to access by accident. The last two are obviously much more opaque and harder to track, monitor, measure or market to. Some people refer to the whole area of non-standard browsing as Darknet and this is the way it has been presented in mainstream media too.
Teachers, whistle blowers, activists, children, police and security personnel and journalists to name but a few of the legitimate and non-criminal or deviant groups of users who also make use of the anonymity provided by services like Tor.
Tor- also known as “The Onion Router” is one of the browsers we refer to when we talk about anonymised browsing. Originally conceived (and paid for) for the US Navy, it was designed for secure military communications and when its broader adoption happened it was a browser of choice for net users who wanted to be protected from corporate invasion of their privacy. It works as a series of servers around the globe that bounce the user around, making them much harder to track or monitor.
It does make streaming impossible as it is very slow as a result of all the relays and YouTube is pretty much a no go area at the moment. It’s worth noting though that YouTube have plans to try and introduce a Tor friendly version allegedly. If this is true it will be interesting from a commercial perspective as given the nature of the free service in exchange for targeted ads that YouTube uses, this would appear to be in direct opposition to the requirements for privacy of most Tor users… I suppose we will have to watch that space!
So basically, Tor is one of several systems or tactics that make users much, much harder to detect or monitor. Although the media has led us to believe that Tor is in fact all of the Deepnet, clearly there is much more going on. It is inarguable however, that whether it is Tor or Tor-type browsers or the specific Deepnet, it is very difficult to track users and their behaviour in this area and this creates problems for law enforcement and security agencies.
Deepnet has the reputation for being a haven for perpetrators of serious crime. Child abuse images and the procurement of contract killers or Class A drugs have all been discovered in the deep recesses of this network. Tor has been used as a means to hide servers containing illegal material and will continue to be used that way in the same way drug dealers use anonymous unregistered pay as you go phones; very hard to trace. The arrest of Silk Road mastermind Ross Ulbricht is probably one of the most high profile and media friendly stories to come out of this. Silk Road was a marketplace favoured by criminals, particularly for drug trafficking.
It places huge difficulties on investigation of serious crime like drug selling, identity theft, child abuse and money laundering – problems we face in real life too. The dawning realisation that it is the very open and exploitable nature of our familiarity of the current regular web that leads us to question the moral standing of dark or Deepnet use. It is a discussion that is sure to rage for many years. But if people are happy to trade off their privacy for free web and web tools then those who aren’t will continue to be viewed with doubt and suspicion.
If we had never had the internet and the www world, isn’t the Deepweb precisely what we would build now to allow us to shop, learn and interact privately?
Imagine a net where tailored ads do not leap out at you from websites the second you land and your browsing activity was not pored over by those seeking to profit from it in any number of ways. Really, if we were going to build something that protected its users in entirely legitimate and acceptable ways, instead of trying to layer on security afterwards, what we would build might look a lot more like Deepnet or at the very least, Tor. Given that the original conception of the net was to facilitate military communications, then its evolution could potentially have taken the more private route, but its very commerciality has taken it in a very different direction.
Perception changes everything, of course. I was recently at a security and policing event run by The Home Office and attended some interesting seminars which touched on the difficulty in investigating crime over the ‘Dark or Deep’ web. It’s perfectly clear of course that much crime is still facilitated by the ‘regular’ web and one of the other things that emerged was criminals tending to now de-tech; moving away from things like smart phones and other IP devices in order to communicate and share in non-digital ways – ways they know won’t be intercepted by digital detectives. For instance we know that some drug dealers now shun smartphones or other modern digital communication in favour of using old school phones like Nokia 8210s. Apart from their reputation for being virtually indestructible, they are not connected to anything and therefore offer privacy and security that a criminal would happily take over the convenience of having email and Twitter. So criminals are starting to perceive the web, including Deepnet, as being a place that it may not be as safe as they thought. We knew that many criminals favoured unregistered pay as you go phones that can be cheaply bought and easily disposed of and the prediction is that certain criminal groups will continue down the de-tech route. For others of course, this will not be an option. Complex and digitally-reliant groups such as paedophile rings are making significant use of the Deepnet and unfortunately this is driving public perception of what it is all about.
Technologies have been used for good and evil ever since we have had technology. Deepweb is another technology, just like mobile phones, that is being used by criminals to stay off law enforcement radars and enable them to carry out their illegal activities with less risk than on the regular web. But as mentioned earlier many people use Deepweb tools. Sometimes this is in life and death situations and under terrible conflict situations, like those in Syria. The anonymity offered by Tor enables activists and campaigners to get their messages out of totalitarian regimes that threaten their lives every day and where the fear of arrest and torture are very real. It would have been hard for the so-called Arab Spring to have gained the incredible momentum it did, without the use of Deepweb technology. For those innocent people, Deepweb is a blessing and a lifeline.
However, the challenges are clear for law enforcement and security services and they are set to grow. We can’t accurately measure Deepweb and it is very hard to pin a figure therefore on the size of the criminal activity that is going through it. As law enforcement techniques grow and evolve to meet the Deepweb challenge the additional challenge will be maintain the right to privacy of ordinary, private users.