This week we will be shifting gears from human trafficking, which crime was virtualized with the help of backpage and begin to discuss the dark web which intersects with and augments much of what we have been discussing over the last couple months. Because a personal matter took me out of school for over a week and I fell behind in my classes, I was unable to enjoy the myriad fun activities around me this weekend. I was so focused on getting caught up in my classes that yesterday I asked my fiancée if I could put out a basket of candy with a sign instead of passing it out while she attended the party I couldn’t make. She approved of this sign which she located for me on pinterest:
Little did I know I was beginning a sociology experiment.
We recently installed new security cameras on our property and they come with a handy app for your smartphone, so you can check on your property at any time. We can even hear in real time. Since our camera is right next to the candy basket (but unfortunately too close to see into the basket), I decided to stream the security system on my phone as I continued to draft this blog just 1 flight of stairs above the camera and candy basket. I figured if I kept an eye and ear on the camera it would give me a chance to grab my lawfully acquired assault weapon in case it looked like a ghoul or goblin was going to take over my property. And enjoy the Halloween costumes. I feel like it turned into an episode of “What Would You Do” except I was John Quinones and I never got to catch up with any of the unknowing participants.
I didn’t connect the dots when some teenage boys showed up as some poorly done skeletons and I heard “One. One. One. One. One. One.” but even more times in rapid succession – apparently their interpretation of the sign, as I would learn. I thought it was strange they hovered over the basket for so long. They were oblivious to the camera. The next group of kids helped me out though and let me know it was time to refill the basket when a kid that reminded me of this YouTube personality announced, “Someone dumped your candy basket! I see that camera! Don’t let anybody take advantage of you!” I wish I could have made it down in time to thank him, but I refilled the basket for a second take at this experiment that I was now weirdly invested in. His insight is fortuitous with respect to this blog post.
It was around the height of the trick-or-treating and there was a steady flow of trick or treaters that seemed to really mind the sign, even though the vast majority were oblivious to the camera. The rare exceptions gave me something to chuckle about when one princess said to her partner in crime, “There’s a security camera,” seeming to offer up a friendly reminder just in case the sign wasn’t clear enough. The other girl nervously replied, “I know. That’s why I’m really nervous I took two.” No worries little girl, as long as you don’t dump and run like those foolish skeletons then you saved me a trip downstairs. Eventually the basket ran out again after I heard a parent console their kid that it wasn’t a big deal the basket was empty. I was almost disappointed at how quickly my third and final basket refill went. The traffic died down and there were fewer groups coming by. Soon a Darth Vader or some sort of sci-fi looking creature showed up and looked like he had spent more time on his costume and face paint than a bride getting ready on her wedding day. What appeared to be his young kid (around 4 or five) was waiting for him on the end of the driveway. I was shocked to hear the next group say that there was no candy left. I couldn’t believe the father did something like that in front of or for/on behalf of his kid.
Anyway, I didn’t want to open up my blog with a boring story but I do think the anecdote invites us to start thinking about what level of intrusion into our lives is appropriate and by whom? Does the government have a compelling interest in surveilling our financial transactions? Should they have a blanket right? What about the companies we do business with? Our insurers? Our employers? Does or should our federal/state constitution protect us? What about privacy in our transactions over the Internet? We are all so individual and our actions, even based on a simple halloween sign, vary wildly. The overarching theme to me was that while surveillance seemed to make one more cautious, in the end, one will accomplish whatever he sets out to do, be it engage in human trafficking, exploiting children, or driving to chick-fil-a for an ice dream. But I digress…
The dark web is often misconstrued as dominating the deep web, which is that portion of the web that can’t be crawled by Google. It represents sites that require authentication or passwords to access like our bank accounts and email. This is the overwhelming majority of the deep web. The more nefarious activities that occur on the dark web are different. The dark web is accessed anonymously over what is known as a Tor network, and represents less than .01% of the web!
Further, the dark web isn’t all bad per se. Wikileaks is one such example of the less-dark web. Besides being accessed anonymously, services can also choose to be hosted anonymously on the Tor network. These onion services can only be accessed by using a tor browser. The browser makes anonymous a users browsing and, for those services that are hosted on the tor network, makes anonymous the service.
But just how far does the dark web reach? Not very far, at least since last November, 2014, when Operation Onymous represented yet another huge takedown of services hosted on the Tor network, or onion sites.
The multinational operation, mainly between the United States Department of Homeland Security’s Immigration and Customs Enforcement Cybercrime Division as well as the European Union’s Europol (E3) Cybercrime Division, shut down 400 tor-hosted services that resulted in the seizure of over $1MM worth of bitcoin, the anonymous digital currency that is believed to facilitate much of the dark web, and its newer off-shoots like Litecoin and Dogecoin.
Bitcoin is largely believed to be what put Silk Road on the map, before its leader, known as Dread Pirate Roberts, was arrested after years of government surveillance. Drew is going to talk more about the SilkRoad case next week, but for an introduction, Dread Pirate Roberts later became identified as Ross Ulbricht. Ulbricht had some unique ideas about economic theory that culminated from his post-graduate studies. I found this article particularly interesting in explaining Ulbricht’s theory that Ulbricht wished to address the systemic use of threat and force and that prohibition was a root cause of the physical harms that are associated with crimes related to human trafficking, child pornography, and drugs. This coalesces with the NYU law study I have referenced in my comments the preceding two weeks which hypothesizes that addressing coercion and force that leads to so many victims moreso than the underlying crime the victims are participating in does a better job, as a matter of policy, in reducing the coercion and force.
Speaking boldly about his disbelief in prohibition, Ulbricht stated about his creation, “It makes drug buying and selling so smooth that it’s easy to forget what kinds of violent fuckers drug dealers can be. That’s the whole point of Silk Road. It totally takes evil pieces of shit out of the drug equation. Whether they’re vicious drug dealers or bloodthirsty narcotics cops, both sides of that coin suck and end pretty much the same way. Death, despair, madness, prison, etc. Thanks to decentralization and powerful encryption, we’re able to operate in a digital world that is almost free from prohibition and the violence it causes.”
So although it appears the dark web is often criticized as being a breeding ground for weapons, child pornography, and stolen credit card numbers, it seems that Ulbricht’s brainchild was meant to facilitate non-violent drug transaction between an anonymous willing seller and an anonymous willing buyer. I wonder to what extent the result for Ulbricht may have been different if the myriad seemingly less innocuous inventory never became part of silk road?
Like the many world empires that have risen and fallen just like Silk Road, so too have the successors to the dubious marketplaces. After Operation Onymous, which took down Silk Road 2.0 and DPR’s “defcon,” there were few left standing, but as time progressed, the market has seemed to come to a screeching halt. One of the few remaining tor-hosted services was the “Evolution Market,” but it vanished in an exit scam just months before Ulbricht received his life sentence. Over $12MM vanished overnight. The market that was poised to succeed Evolution Market was Agora. But as recently as August, even Agora voluntarily “suspended operations.” It appears a study released in July exposed a vulnerability in the Tor network that, in theory, could have allowed the government to deanonymize Tor traffic. Apparently fearing some sort of Operation Onymous 2.0, Agora took itself offline before anyone else could. Some speculate that the federal government did not conduct some sort of mass deanonymization effort, but instead just continued to use good old fashioned police detective work.
Irrespective of the means, one thing is for sure: it appears that the dark web has fallen on the darkest of times in recent memory as activity seems to be at an all time low. But, asides from the old fashioned detective work and perhaps some vulnerabilities in the Tor system, what does the federal government have in its arsenal to address these types of virtual crimes?
The Bank Secrecy Act. The Bank Secrecy Act of 2000 (31 USC Sec. 5311-5330) reduces a citizen’s right to privacy concerning banking information. Financial institutions are required by the federal government to monitor customers, maintain records, and report personal financial transactions that “have a high degree of usefulness in criminal, tax, and regulatory investigations and proceedings.” 12 USC Sec. 1951. Suspicious Activity Reports must be filed with Treasury Department’s Financial Crimes Enforcement Network, commonly known as FINCEN. 31 USC 5318(g)(1).
Financial institutions report these things secretly, without the consent or knowledge of its customers. The Reports are available electronically to every United States Prosecuting Attorney, over 59 law enforcement agencies including the FBI and Secret Service. The regulations make clear that these agencies need not suspect an actual crime before accessing a report, nor is a warrant or subpoena necessary.
It is clear then that the government has deputized banks to be its eyes and ears in the financial markets. Our policies ensure that our markets are centralized and all of our transactions go through the banking system. It is easy to see the threat imposed by the advent of Bitcoin et al. They are decentralized and are not transacted through financial institutions, but rather the internet.
Was the government more worried about the underlying transactions on the dark web or more about the fact that the cryptocurrencies made it difficult for them to be in the know? I believe it was the latter, and I think that is was led to FINCEN guidance in 2013 which were regulations designed to apply the Bank Secrecy Act implementing regulations to those using virtual currencies.
It appears the regulations were directed at Mt. Gox which at the time handled 70% of the bitcoin exchanges each day. In the months following the regulations, Mt. Gox’s market share actually ballooned to 90% until the Department of Homeland security swooped in with charges of violating the FINCEN regulations requiring it to register as a money-transmitter. It obtained the required license just shortly before effectively shutting down by halting United States Dollar withdrawals. The official demise came months later when it officially shut down and filed for bankruptcy after being “unable to recover from a significant bitcoin theft” that was equal to 6% of Bictoin in circulation at the time. Call me crazy, and Mt. Gox can call it theft, but it sounds like the kind of illiquidity than only a government or large market maker can effect, if the treasury markets are any indication.
Around the same time FINCEN stepped up efforts to slow the progress of virtual decentralized currencies, the US enacted FATCA which is known as the Foreign Account Tax Compliance Act. It created mandatory reporting requirements of foreign institutions of US account holders. It also required individuals to disclose foreign assets on tax forms, irrespective of whether or not there was income associated with the asset. Seen as a scourge by many with dual citizenship, Americans forever renouncing their citizenship have been on the rise, many because of the onerous requirements under FATCA.
So fellow classmates, what do you think this is all about? Is the government sincerely interested in shutting down the teeny-tiny dark web that is, no pun intended, seemingly on its last leg? Is it part of the United State’s war on drugs? Is it about the US wanting to have unlimited amounts of information about its citizens and their financial activity? Certainly the events of September 11, 2001 and terrorism subsequent to then give the government a very compelling interest in preventing and detecting terrorism, (and protecting against its financing and money-laundering related to terrorism) but just how much privacy must we give up in the interest of security? In Florida there is Constitutional right to privacy written into our constitution. Fla. Const. art. I, Sec. 23. The right has been held to be fundamental and thus requires a compelling state interest to use the least intrusive means to further the interest. Knowing this, States can provide leadership in the privacy arena because of the Constitutional options available. Would recognition of such a right at the federal level have changed the course of investigation into Silk Road and its successors? Or if California had a similar fundamental right? I don’t think it would have changed the investigation, but I do think it would have given Ulbricht unique constitutional arguments that could have changed the outcome of his sentence.
What about States where federally illegal drugs have been legalized and businesses are still effectively oustered from the banking system. Should they be forced to carry bags of cash? Doesn’t digital currency make more sense for these more vulnerable companies? They can’t seem to operate with or without the government, very much begging for federal attention to address the issue. The fed hasn’t answered the call though and the only progress that has been made on the fed/state dichotomy issue is the Cole memo, issued in 2013 by the US Dept. of Justice. What more can be done to allow states to serve as the laboratories for democracy?
Ben Franklin wrote “They that can give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” Has the United States struck the correct balance between privacy, security, and liberty? I very much look forward to your comments and our discussion on Wednesday.