Inside the Dark Web - The Hackers and Scientists whoseTechnology is fighting against Internet Surveillance
Reem al Assil; Julia Angwin; Jacob Applebaum; Julian Assange; Tim Berners-Lee; David Chaum; Steve Crocker; Alex Hawkinson; Jon Iadonisi; Eugene Kaspersky; Rick Lamb; Troels Oerting; Thomas Olofson; Bruce Schneier; Paul Syverson; Peter Todd;Joss WrightPosted 19 February 2015 by Alkibiades
Twenty-five years after the World Wide Web was created, the issue of surveillance has become the greatest shame upon its existence. With many concerned that governments and corporations monitor people’s every move, this programme meets hackers and scientists who are using technology to fight back, and some law enforcement officers who believe it’s leading to opportunities for risk-free crimes. With contributors including World Wide Web inventor Tim Berners-Lee and WikiLeaks co-founder Julian Assange.
The documentary features statements, in alphabetical order, by: Syrian human rights activist Reem al Asim, journalist Julia Angwin, Tor representative Jacob Applebaum, WikiLeaks founder Julian Assange, World Wide Web pioneer Tim Berners-Lee, cryptographer David Chaum, ICANN chair Steve Crocker, SmartThings CEO Alex Hawkinson, internet security expert Jon Iadonisi, Kaspersky Lab founder Eugene Kaspersky, ICANN Senior Program Manager Rick Lamb, the Head of the European Cybercrime Centre Troels Oerting, information security specialist Thomas Olofson, cryptographers Bruce Schneier and Paul Syverson, Bitcoin developer Peter Todd, and Oxford Internet institute researcher Joss Wright.
- Date of recording: Wed, 2014-09-24
- Language(s) spoken: English
00:02 Introduction - On its 25 anniversary, the sickness that befalls the internet befalls the whole world
Narrator: It’s just 25 years since the World Wide Web was created. It now touches all of our lives, our personal information and data swirling through the internet on a daily basis. Yet it’s now caught in the greatest controversy of its life - surveillance.
Julia Angwin: This is a spy master’s dream. No spy of the previous generations could have imagined that we would all volunteer for the world’s best tracking device.
Narrator: The revelations of US intelligence contractor Edward Snowden have led many to ask if the Web we love has been turned against us…
Bruce Schneier: They don’t just want your search data or your e-mail. They want everything. And, as you are being surveilled 24/7, you are more under control. You are less free.
Narrator: Leading to soul-searching amongst those responsible for the Web itself.
Tim Berners-Lee: I used to think that in some countries you worry about the government and in some countries you worry about the corporations. I realize now that that was naive.
Narrator: But thanks to a collection of brilliant thinkers and researchers, science has been fighting back.
David Chaum: It’s really no surprise that the privacy issue has unfolded the way it has.
Narrator: Developing technology to defeat surveillance, protecting activists…
Reem al Assil: They tried to intimidate me. I knew that they don’t know anything.
Narrator: ..and in the process coming into conflict with global power.
Jake Applebaum: They are detaining me at airports, threatening me.
Narrator: But now, thanks to a new digital currency…
Announcer at Bitcoin event: If you’re buying less than half a Bitcoin, you’ll have to go to market price.
Narrator: ..this technology is sending law makers into a panic, due to the growth of a new black market in the Dark Web.
Jon Iadonisi: It was like a buffet dinner for narcotics.
Troels Oerting: Our detection rate is dropping. It’s risk-free crime.
Narrator: This is the story of a battle to shape the technology which now defines our world, and whoever wins will influence not only the future of the internet but the very idea of what it means to be free.
Julian Assange: The sickness that befalls the internet is something that befalls the whole world.
02:24 Internet of things and the private sphere
Narrator: Where does the outside world stop and private space begin? What details of your life are you willing to share with strangers?
Take this house. Every morning, lights come on. Coffee brews - automatically. Technology just like this is increasingly being installed into millions of homes across the world and it promises to change the way we live forever.
Alex Hawkinson: So there are sensors of all kinds, there’s lights and locks and thermostats and once they’re connected then our platform can make them do whatever you want them to do. So as an example, if I wake up in the morning, the house knows that I’m waking up. It can wake up with me. When we walk in the kitchen, it will play the local news and sort of greet us into the day, tell us the weather forecast so we know how to dress for the day and so on.
Narrator: This technology is known as the internet of things, where the objects in our houses - kitchen appliances, anything electronic - can be connected to the internet. But for it to be useful, we’re going to have to share intimate details of our private life.
Alex Hawkinson: So this is my things app. It can run on your mobile phone or on a tablet or something like that. I can do things like look at the comings and goings of family members. It can automatically detect when we come and go based on our mobile phones or you can have it detect your presence with a little sensor, you can put it in your car or something like that. So when we leave the house, and there’s no-one home, that’s when it’ll lock up and shut down all the electricity used and so on.
Narrator: For most of us, this is deeply private information. Yet once we hand it over, we have to trust a company to keep it confidential.
Alex Hawkinson: The consumer really owns 100% of their own data so they’re opting in. It’s not something where that data would ever be shared without their giving their permission.
Narrator: This house represents a new normal, where even the movements within our own home are documented and stored. It’s a new frontier. The internet is asking us to redefine what we consider private.
04:54 The history of global network connections - looking back at the first information revolution
Narrator: To understand the enormous changes taking place, it’s necessary to come here. Almost 150 years ago, this hut was on the frontier of the world’s first information revolution - the telegraph. It was a crucial hub for a global network of wires - a role that is just as important today.
Joss Wright: Seeing the cables in a room like this shows that the physical infrastructure needed to move information around the world hasn’t changed very much in the past hundred years. I think that the internet, we tend to think of as a cloud floating somewhere off in cyberspace, but they’re physical wires, physical cables and sometimes wireless signals that are communicating with each other.
Narrator: Cornwall, where the telegraph cables come ashore, still remains crucial for today’s internet. 25% of all traffic passes through here.
Joss Wright: Running from the United States and other places to the United Kingdom are a large number of the most significant fibre-optic cables that carry huge amounts of data.
06:03 Technical aspects of data collection by British intelligence agencies
Narrator: Alongside this information super-highway is a site belonging to the UK Government, GCHQ Bude. We now know that this listening station has been gathering and analysing everything that comes across these wires.
Joss Wright: Any data that passes across the internet could theoretically come down these cables, so that’s e-mails, websites, the bit torrent downloads, the films that you’re accessing through Netflix and online services.
Narrator: The sheer amount of data captured here is almost impossible to comprehend.
Joss Wright: In terms of what the GCHQ were looking at, we’ve got from internal documents that, in 2011, they were tapping 200 ten-gigabit cables coming into Cornwall. To give a rough idea of how much data that is, if you were to digitise the entire contents of the British Library, then you could transfer it down that set of cables in about 40 seconds.
Narrator: Tapping the wires is surprisingly simple. The data carried by the fibre-optic cable just needs to be diverted.
Joss Wright: A fibre-optic cable signal is a beam of light, travelling down a cable made from glass. Pulses of light represent the pieces of information travelling across the internet, which is the e-mails, the web pages, everything that’s going over the internet.
Narrator: Every 50 miles or so, that signal becomes sufficiently weak that it needs to be repeated, and this is the weak spot.
Joss Wright: And it’s very easy to insert an optical tap at that point.
Narrator: And that’s just what GCHQ did. A device was placed into the beam of data which created a mirror image of the millions of e-mails, web searches and internet traffic passing through the cables every second.
Joss Wright: What you effectively get is two copies of the signal, one going off to the GCHQ and one carrying on in its original destination. All of the information going over those cables is able to be replayed over the course of three days so you can rewind and see what was going over the internet at a particular moment.
Narrator: Analysing this amount of data is an impressive achievement but it also attracts criticism.
Joss Wright: When you see the capacity and the potential for that technology, and the fact that it is being used without transparency and without very high levels of accountability, it’s incredibly concerning because the power of that data to predict and analyse what we’re going to do is very, very high and giving that power to somebody else, regardless of the original or stated intentions, is very worrying.
09:13 Humans analyzed by algorithms - changes in public opinion on privacy and the internet
Narrator: We only know about the GCHQ project thanks to documents released by US whistle-blower Edward Snowden, and the revelation has begun to change the way many people think about privacy and the internet - among them the inventor of the World Wide Web, Tim Berners-Lee.
Tim Berners-Lee: Information is a funny sort of power. The way a government can use it to keep control of its citizens is insidious and sneaky, nasty in some cases. We have to all learn more about it and we have to in a way rethink, rebase a lot of our philosophy.
Narrator: Part of changing that philosophy is to understand that our lives are not analysed in the first instance by people, but by computer programmes.
Tim Berners-Lee: Some people just don’t have an understanding about what’s possible. I’ve heard people say, “Well, we know nobody’s reading our e-mails because they don’t have enough people.” Actually, hello, it’s not… These e-mails are not being read by people. They’re being read by machines. They’re being read by machines which can do the sorts of things that search engines do and can look at all the e-mails and at all the social connections and can watch.
Sometimes these machines learn how to spot trends and can build systems which will just watch a huge amount of data and start to pick things out and then will suggest to the security agency, well, “These people need to be investigated.” But then the thing could be wrong. Boy, we have to have a protection.
Narrator: The Snowden revelations have generated greater interest than ever in how the internet is being used for the purposes of surveillance. But watching isn’t just done by governments.
11:08 Data mining done by technology companies
Narrator: The most detailed documenting of our lives is done by technology companies. Two years ago, tech researcher Julia Angwin decided to investigate how much these companies track our behaviour daily. Her findings give us one of the best pictures yet of just who is watching us online every minute of every day.
Julia Angwin: When I talk about the underbelly of the information revolution, I’m really talking about the unseen downside of the information revolution. You know, we obviously have seen all the benefits of having all this information at our fingertips. But we’re just awakening to the fact that we’re also being surveilled all the time. We’re being monitored in ways that were never before possible.
Narrator: Every time we browse the internet, what we do can be collated and sold to advertisers.
Julia Angwin: So, basically, online there are hundreds of companies that sort of install invisible tracking technology on websites. They’ve installed basically a serial number on your computer and they watch you whenever they see you across the Web and build a dossier about your reading habits, your shopping habits, whatever they can obtain. And then there’s a real market for that data. They buy and sell it and there’s an online auction bidding for information about you.
Narrator: And so the people who know your browsing habits can also discover your deepest secrets, and then sell them to the highest bidder.
Julia Angwin: So let’s say a woman takes a pregnancy test and finds out she’s pregnant. Then she might go look for something online.
Narrator: By making pregnancy-related searches, this woman has become a hot property for the people looking for a good target for advertising. The process of selling then begins. Within seconds, she is identified by the companies watching her. Her profile is now sold multiple times. She will then find herself bombarded with ads relating to pregnancy.
Julia Angwin: She may well find that she’s been followed around the Web by ads and that’s really a result of that auction house. Now they will say to you that they know, they know she’s pregnant but they don’t know her name but what’s happening is now that, more and more, that information is really not that anonymous. You know it’s sort of like if they know you’re pregnant, and they know where you live, yes maybe they don’t know your name. That’s just because they haven’t bothered to look it up.
Narrator: We continually create new information about ourselves and this information gives a continual window into our behaviours and habits. The next stage of surveillance comes from the offices buildings around us, sending out Wi-Fi signals across the city.
Julia Angwin: OK, so let’s see how many signals we have right here, Wi-Fi. So we have one, two - 16, 17, 18, 19, 20, 21, oh, and a few more just added themselves, so we’re around 25 right now. Right there at this point we have 25 signals that are reaching out, basically sending a little signal to my phone saying, “I’m here,” and my phone is sending a signal back saying, “I’m also here.”
Narrator: As long as your phone’s Wi-Fi connection is on and connected to a signal, you can be tracked.
Julia Angwin: Google, Apple, other big companies are racing to map the whole world using Wi-Fi signals and then, whenever your phone is somewhere, they know exactly how far you are from the closest Wi-Fi signal and they can map you much more precisely even than GPS.
Narrator: And we now know that this data has been seized by governments as part of their internet surveillance operations.
Julia Angwin: The NSA was like, “Oh, that’s an awesome way to track people. Let’s scoop up that information too.” So we have seen that the governments find all this data irresistible.
15:06 Loss of privacy as a matter of control
Narrator: But is this simply a matter of principle? Is losing privacy ultimately the price we pay for peaceful streets and freedom from terror attacks?
This man thinks we should look deeper. Bruce Schneier is a leading internet security expert. He was part of the team which first analysed the Snowden documents.
Bruce Schneier: They don’t just want your search data or your e-mail. They want everything. They want to tie it to your real world behaviours - location data from your cellphone - and it’s these correlations. And as you are being surveilled 24/7, you are more under control. Right? You are less free, you are less autonomous.
Narrator: Schneier believes the ultimate result from all this surveillance may be a loss of freedom.
Bruce Schneier: What data does is gives someone control over you. The reason Google and Facebook are collecting this is for psychological manipulation. That’s their stated business purpose, right? Advertising. They want to convince you to buy things you might not want to buy otherwise. And so that data is all about control.
Governments collect it also for control. Right? They want to control their population. Maybe they’re concerned about dissidents, maybe they’re concerned about criminals.
Narrator: It’s hard to imagine that this data can exert such a level of potential control over us but looking for the patterns in the data can give anyone analysing it huge power.
Joss Wright: What’s become increasingly understood is how much is revealed by meta-data, by the information about who is sending messages and how often they’re sending them to each other. This reveals information about our social networks, it can reveal information about the places that we go on a day-to-day basis.
All this meta-data stacks up to allow a very detailed view into our lives and increasingly what we find is that these patterns of communication can even be used in a predictive sense to determine factors about our lives.
Narrator: And what some people fear is what the spread of this analysis could lead to.
Joss Wright: Ultimately the concern of this is that, in a dystopian scenario, you have a situation where every facet of your life is something that is open to analysis by whoever has access to the data. They can look at the likelihood that you should be given health insurance because you come from a family that has a history of heart disease. They can look at the likelihood that you’re going to get Alzheimer’s disease because of the amount of active intellectual entertainment you take part in on a day-to-day basis. And when you start giving this level of minute control over people’s lives, then you allow far too much power over individuals.
18:17 Early concerns about the dangers of large computer networks
Narrator: The picture painted is certainly dark but there is another way. It comes from the insights of a scientist whose work once seemed like a footnote in the history of the internet - until now.
The story begins in the late ’70s in Berkeley, California. Governments and companies had begun to harness the power of computing.
They seemed to promise a future of efficiency, of problems being overcome thanks to technology. Yet not everyone was so convinced. David Chaum was a computer scientist at Berkeley. For him, a world in which we would become increasingly joined together by machines in a network held grave dangers. As computing advanced, he grew increasingly convinced of the threats these networks could pose.
Joss Wright: David Chaum was very far ahead of his time. He predicted in the early 1980s concerns that would arise on the internet 15 or 20 years later - the whole field of traffic analysis that allows you to predict the behaviours of individuals, not by looking at the contents of their e-mails but by looking at the patterns of communication. David Chaum to some extent foresaw that and solved the problem.
David Chaum: Well, it’s sad to me but it is really no surprise that the privacy issue has unfolded the way it has. I spelled it out in the early publications in the ’80s.
Narrator: Chaum’s papers explained that in a future world where we would increasingly use computers, it would be easy to conduct mass surveillance. Chaum wanted to find a way to stop it.
David Chaum: I always had a deep feeling that privacy is intimately tied to human potential and that it’s an extraordinarily important aspect of democracy.
Narrator: Chaum focused on the new technology of e-mails. Anyone watching the network through which these messages travelled could find out enormous amounts about that person. He wanted to make this more difficult.
David Chaum: Well, I was driving from Berkeley to Santa Barbara along the coastline in my VW Camper van and out of nowhere… You know, it was beautiful scenery, I was just driving along and it occurred to me how to solve this problem I’d been trying to solve for a long time. Yeah, it was a kind of a, you know, a eureka-moment type. I felt like, “Hey, this is it.”
Narrator: Chaum’s focus was the pattern of communications that a computer made on the network. If that pattern could be disguised using cryptography, it would be harder for anyone watching to identify individuals and carry out effective surveillance, and Chaum’s system had a twist.
David Chaum: Cryptography has traditionally been used to provide secrecy for message content and so I used this message secrecy technology of encryption to actually protect the meta-data of who talks to who and when, and that was quite a paradigm shift.
22:10 One cannot be anonymous alone, only relative to a set of people
Chaum had realized something about surveillance. Who we talk to and when is just as important as what we say. The key to avoiding this type of traffic analysis was to render the user effectively anonymous. But he realized that wasn’t enough. He wanted to build a secure network and to do this he needed more anonymous users.
David Chaum: One cannot be anonymous alone. One can only be anonymous relative to a set of people.
Narrator: The more anonymous users you can gather together in a network, the harder it becomes for someone watching to keep track of them, especially if they’re mixed up.
David Chaum: And so a whole batch of input messages from different people are shuffled and then sent to another computer, then shuffled again and so forth, and you can’t tell as an observer of the network which item that went in corresponds to which item coming out.
Narrator: David Chaum was trying to provide protection against a world in which our communications would be analyzed and potentially used against us.
Joss Wright: Chaum’s response to this was to say, in order to have a free society, we need to have freedom from analysis of our behaviors and our communications.
Narrator: But Chaum’s system didn’t take off because communication using e-mail was still the preserve of a few academics and technicians. Yet his insights weren’t forgotten. Within a decade, the arrival of the World Wide Web took communication increasingly online. The US Government understood the importance of protecting its own online communications from surveillance. It began to put money into research.
At the US Naval Research Laboratory, a team led by scientist Paul Syverson got to work.
24:41 On the origins and functions of Tor, a toolset for online anonymity
Paul Syverson: Suppose we wanted to have a system where people could communicate back to their home office or with each other over the internet but without people being able to associate source and destination.
Narrator: Syverson soon came across the work of David Chaum.
Paul Syverson: The first work which is associated with this area is the work of David Chaum. A Chaum mix basically gets its security because it takes in a bunch of messages and then re-orders them and changes their appearance and spews them out.
Narrator: But this was now the age of the World Wide Web. The Navy wanted to develop anonymous communications for this new era. So Syverson and his colleagues set to work on building a system that could be used by operatives across the world.
Paul Syverson: You have enough of a network with enough distribution that it’s going to be very hard for an adversary to be in all the places and to see all the traffic wherever it is.
Narrator: Syverson’s system was called the Tor network. Tor stands for “the onion router”. It works like this: A user wants to visit a website but doesn’t want to reveal their IP address, the marker that identifies their computer. As they send the request, three layers of encryption are placed around it like the layers of an onion.
The message is then sent through a series of computers which have volunteered to act as relay points. As the message passes from computer to computer, a layer of encryption is removed. Each time it is removed, all the relay computer can see is an order which tells it to pass the message on. The final computer relay decrypts the innermost layer of encryption, revealing the content of the communication. However - importantly - the identity of the user is hidden.
Paul Syverson: Somebody who wants to look at things around the Web and not necessarily have people know what he’s interested in. It might just be the local internet services provider, he doesn’t want them to know which things he’s looking at, but it might be also the destination.
Narrator: Syverson’s system worked. It was now possible to surf the net without being watched. As David Chaum had observed, the more anonymous people, the better the security. The Navy had what they believed was a smart way of achieving that…
..open the network out to everyone.
Paul Syverson: It’s not enough for a government system to carry traffic just for the government. It also has to carry traffic for other people.
Joss Wright: Part of anonymity is having a large number of people who are also anonymous because you can’t be anonymous on your own.
Narrator: What Syverson and his team had done, building on the work of David Chaum, would begin to revolutionize the way that people could operate online. Over the coming years, the Tor network expanded as more people volunteered to become relay computers, the points through which the messages could be relayed.
Joss Wright: What Tor did was it made a useable system for people. People wanted to protect what they were looking at on the internet from being watched by their ISP or their government or the company that they’re working for at the time.
Narrator: But Tor’s success wasn’t just down to the Navy. In the mid-2000s, they handed the network over to a non-profit organization who overhauled the system. Now the network would be represented by people like this - Jake Applebaum ..researchers dedicated to the opportunities they felt Tor could give for free speech.
29:18 An example from Syria - online anonymity, free speech and political activism
Jacob Applebaum: We work with the research community all around the world, the academic community, the hacker community…
It’s a free software project so that means that all the source code is available. That means that anyone can look at it and see how it works, and that means everybody that does and shares it with us helps improve the program for everyone else on the planet and the network as a whole.
Narrator: Applebaum now travels the world promoting the use of the software.
Jacob Applebaum: The Tor network gives each person the ability to read without creating a data trail that will later be used against them. It gives every person a voice. Every person has the right to read and to speak freely, not one human excluded.
Narrator: And one place Tor has become important is the Middle East. During the Arab Spring, as disturbances spread across the region, it became a vital tool for dissidents…especially in places like Syria. One of those who used it from the beginning was opposition activist Reem al Assil.
Reem al Assil: I found out first about Tor back in 2011. Surveillance in Syria is a very big problem for activists or for anyone even, because the Syrian regime are trying all the time to get into people’s e-mails and Facebook to see what they are up to, what they are doing.
Narrator: By the time the Syrian uprising happened, the Tor project had developed a browser which made downloading the software very simple.
Reem al Assil: You basically go and download Tor in your computer and once it’s installed, whenever you want to browse the Web, you go and click on it just like Internet Explorer or Google Chrome.
Narrator: Reem had personal experience of the protection offered by Tor when she was arrested by the secret police.
Reem al Assil: I denied having any relation with any opposition work, you know, or anything and they tried to intimidate me and they said, “Well, see, we have… we know everything about you so now, just we need you to tell us,” but I knew that they don’t know anything. By using Tor, I was an anonymous user so they couldn’t tell that Reem is doing so-and-so, is watching so-and-so. So that’s why Tor protected me in this way.
Narrator: Syria was not the only place where Tor was vital. It’s used in China and Iran. In any country where internet access is restricted, Tor can be used by citizens to avoid the gaze of the authorities.
Jacob Applebaum: China, for example, regularly attacks and blocks the Tor network and they don’t attack us directly so much as they actually attack people in China using Tor. They stop them from using the Tor network.
32:29 “Collateral Murder” - whistleblowers using Tor
Narrator: But Tor wasn’t just helping inside repressive regimes. It was now being used for whistle-blowing in the West, through WikiLeaks, founded by Julian Assange. Assange has spent the last two years under the protection of the Ecuadorian Embassy in London. He is fighting extradition to Sweden on sexual assault charges, charges he denies.
Julian Assange: I’d been involved in cryptography and anonymous communications for almost 20 years, since the early 1990s. Cryptographic anonymity didn’t come from nowhere. It was a long-standing quest which had a Holy Grail, which is to be able to communicate individual-to-individual freely and anonymously. Tor was the first protocol, first anonymous protocol, that got the balance right.
Narrator: From its early years, people who wanted to submit documents anonymously to WikiLeaks could use Tor.
Julian Assange: Tor was and is one of the mechanisms which we have received important documents, yes.
Narrator: One man who provided a link between WikiLeaks and the Tor project was Jake Applebaum.
Jacob Applebaum: Sources that want to leak documents need to be able to communicate with WikiLeaks and it has always been the case that they have offered a Tor-hidden service and that Tor-hidden service allows people to reach the WikiLeaks submission engine.
Narrator: In 2010, what could be achieved when web activism met anonymity was revealed to the world. WikiLeaks received a huge leak of confidential US government material, mainly relating to the wars in Afghanistan and Iraq.
The first release was this footage which showed a US Apache helicopter attack in Iraq. Among those dead were two journalists from Reuters, Saeed Chmagh and Namir Noor-Eldeen. The Americans investigated, but say there was no wrong-doing yet this footage would never have become public if Chelsea Manning, a US contractor in Iraq, hadn’t leaked it.
Julian Assange: Chelsea Manning has said that to the court, that he used Tor amongst a number of other things to submit documents to WikiLeaks. Obviously, we can’t comment on that, because we have an obligation to protect our sources.
Narrator: The release of the documents provided by Manning, which culminated in 250,000 cables, seemed to reveal the power of anonymity through encryption.
Julian Assange: Because with encryption, two people can come together to communicate privately. The full might of a superpower cannot break that encryption if it is properly implemented and that’s an extraordinary thing, where individuals are given a certain type of freedom of action that is equivalent to the freedom of action that a superpower has.
Narrator: But it wasn’t the technology that let Manning down. He confessed what he had done to a contact and was arrested. Those who had used anonymity to leak secrets were now under fire.
36:19 Governmental action against WikiLeaks and Tor
WikiLeaks had already been criticised for the release of un-redacted documents revealing the names of Afghans who had assisted the US. The US government was also on the attack.
Hillary Clinton: The United States strongly condemns the illegal disclosure of classified information. It puts people’s lives in danger, threatens our national security…
Narrator: Meanwhile, the Tor project, started by the US government, was becoming a target.
Jacob Applebaum: It’s very funny, right, because on the one hand, these people are funding Tor, because they say they believe in anonymity. And on the other hand, they’re detaining me at airports, threatening me and doing things like that. And they’ve even said to me, “We love what you do in Iran and in China, in helping Tibetan people. We love all the stuff that you’re doing, but why do you have to do it here?”
Narrator: Thanks to Edward Snowden, we now know that this culminated in the Tor network being the focus of failed attacks by America’s National Security Agency. They revealed their frustration in a confidential PowerPoint presentation called Tor Stinks, which set out the ways in which the NSA had tried to crack the network.
Jacob Applebaum: They think Tor stinks because they want to attack people and sometimes technology makes that harder. It is because the users have something which bothers them, which is real autonomy. It gives them true privacy and security.
37:52 Tor, the Dark Web and illegal activities online
Narrator: Tor, invented and funded by the US government, was now used by activists, journalists, anybody who wanted to communicate anonymously, and it wasn’t long before its potential began to attract a darker type of user.
It began here in Washington. Jon Iadonisi is a former Navy SEAL turned advisor on cyber operations to government.
Jon Iadonisi: There was some tips that came in out of Baltimore, two federal agents saying, “You are a police officer, you really should take a look at this website and, oh, by the way, the only way you get to it is if you anonymize yourself through something called the Tor router.”
Narrator: What they found was a website called Silk Road.
Jon Iadonisi: And they were amazed when they were able to download this plug-in on their browser, go into the Silk Road and then from there, see, literally they can make a purchase, it was like a buffet dinner for narcotics.
Narrator: Silk Road was a global drugs marketplace which brought together anonymous buyers and sellers from around the world.
Jon Iadonisi: And what they found was people aren’t just buying one or two instances of designer drugs but they’re buying massive quantity wholesale.
Narrator: In London, the tech community was watching closely. Thomas Olofsson was one of many interested in how much money the site was making.
Thomas Olofson: Well, in Silk Road, they have something called an “escrow” system, so if you want to buy drugs, you pay money into Silk Road as a facilitator and they keep the money in escrow until you sign off that you have had your drugs delivered. They will then release your money to the drug dealer. We’re talking about several millions a day in trade.
Narrator: The extraordinary success of Silk Road attracted new customers to new illegal sites. This part of the internet even had a new name - the Dark Web.
Thomas Olofson: A dark website is impossible to shut down because you don’t know where a dark website is hosted or actually even where it’s physically located or who’s behind it.
40:24 Bitcoin - transacting money without intermediary
Narrator: And there was one other thing which made Silk Road and its imitators difficult to stop. You paid with a new currency that only exists online, called Bitcoin.
Thomas Olofson: Before, even if you had anonymity as a user, you could still track the transactions, the money flowing between persons, because if you use your Visa card, your ATM, bank transfer, Western Union, there is always… Money leaves a mark. This is the first time that you can anonymously move money between two persons.
Narrator: Bitcoin is no longer an underground phenomenon.
Announcer: Buy Bitcoin, 445. Sellers will sell at 460. If you’re buying less than half a Bitcoin, you’ll have to go to market price.
Narrator: This Bitcoin event is taking place on Wall Street.
Announcer: 45 bid, 463 asked.
Narrator: But how does the currency work? One of the people best placed to explain is Peter Todd. He’s chief scientist for a number of Bitcoin companies including one of the hottest, Dark Wallet.
Peter Todd: So, what Bitcoin is, is it’s virtual money. I can give it to you electronically, you can give it to someone else electronically.
Narrator: The key thing to understand about Bitcoin is that these two people trading here are making a deal without any bank involvement. It’s a form of electronic cash and that has massive implications.
Peter Todd: So, of course, in normal electronic banking systems, what I would say is, “Please transfer money from my account to someone else’s account,” but fundamentally, who owns what money is recorded by the bank, by the intermediary. What’s really interesting about Bitcoin is this virtual money is not controlled by a bank, it’s not controlled by government. It’s controlled by an algorithm.
Narrator: The algorithm in question is a triumph of mathematics.
This is a Bitcoin transaction in action: To pay someone in Bitcoin, the transaction must be signed using an cryptographic key which proves the parties agree to it. An unchangeable electronic record is then made of this transaction. This electronic record contains every transaction ever made on Bitcoin. It’s called the block chain and it’s stored in a distributed form by every user, not by a bank or other authority.
Peter Todd: The block chain is really the revolutionary part of Bitcoin. What’s really unique about it is it’s all public so you can run the Bitcoin algorithm on your computer and your computer’s inspecting every single transaction to be sure that it actually followed the rules, and the rules are really what Bitcoin is. You know, that’s the rules of the system, that’s the algorithm. It says things like, “You can only send money to one person at once,” and we all agree to those rules.
Narrator: And Bitcoin has one other characteristic which it shares with cash. It can be very hard to trace.
Peter Todd: Well, what’s controversial about Bitcoin is that it goes back to something quite like cash. It’s not like a bank account where a government investigator can just call up the bank and get all the records of who I’ve ever transacted with without any effort at all. You know, if they want to go and find out where I got my Bitcoins, they’re going to have to ask me. They’re going to have to investigate.
Narrator: The emergence of Bitcoin and the growth of the Dark Web was now leading law enforcement in Washington to take a close interest.
Jon Iadonisi: Transactions in the Dark Web were unbelievably more enabled and in many cases could exist because of this virtual currency known as Bitcoin. So, as people started to take a look at Bitcoin and understand, “How do we regulate this, how do we monitor this? Oh, my God! It’s completely anonymous, we have no record,” they started seeing transactions in the sort of the digital exhaust that led them into Silk Road. And so, now you had criminal grounds to start taking a look at this coupled with the movement from the financial side and regulatory side on the virtual currency. So these two fronts began converging.
45:01 The downsides of online anonymity
Narrator: The FBI began to mount a complex plot against the alleged lead administrator of Silk Road who used the pseudonym “Dread Pirate Roberts”.
Jon Iadonisi: They really started focusing on Dread Pirate Roberts and his role as not just a leader but sort of the mastermind in the whole ecosystem of the platform, right, from management administratively to financial merchandising to vendor placement, recruitment, etc.
Narrator: Dread Pirate Roberts was believed to be Ross Ulbricht, listed on his LinkedIn entry as an investment advisor and entrepreneur from Austin, Texas.
Jon Iadonisi: Taking him down was really almost a story out of a Hollywood movie. I mean, we had people that staged the death of one of the potential informants. We had undercover police officers acting as cocaine… under-kingpins inside Silk Road. So, at the conclusion of all these different elements, they actually finally ended up bringing in Dread Pirate Roberts and now are trying to move forward with his trial.
Narrator: Whether or not he is Dread Pirate Roberts, Ulbricht’s arrest in 2013 brought down Silk Road. In the process, the FBI seized 28.5 million from the site’s escrow account, money destined for drug dealers. Yet the problem for the US authorities was that their success was only temporary. The site is now up and running again.
Thomas Olofson: It re-emerged just two months later by some other guys that took the same code base, the same, actually the same site more or less, just other people running the site, because it’s obviously a very, very profitable site to run.
Narrator: And Silk Road has now been joined by a host of other sites. One of the boom industries on the Dark Web is financial crime.
Thomas Olofson: Yeah, this website is quite focused on credit card numbers and stolen data. On here, for instance, is credit card numbers from around 5-6 dollars per credit card number paying in equivalent of Bitcoins, totally anonymous.
Narrator: The cards are sold in something called a “dump”.
Thomas Olofson: I mean, it’s quite a large number of entries, it’s tens of thousands. You get everything you need to be able to buy stuff online with these credit cards - first name, last name, address, the card numbers, everything, the CVV number, everything but the PIN code, basically.
Narrator: The Dark Web is now used for various criminal activities - drugs and guns, financial crime, and even child sexual exploitation. So, is anonymity a genuine threat to society? A nightmare that should haunt us? This man who leads Europe’s fight against cybercrime believes so.
Troels Oerting: The Tor network plays a role because it hides criminals. I know it was not the intention, but that’s the outcome and this is my job to tell the society what is the trade-offs here. By having no possibilities to penetrate this, we will then secure criminals that they can continue their crimes on a global network.
Narrator: And despite the success over Silk Road and others, he is worried for the future.
Troels Oerting: Our detection rate is dropping. It’s very simple. The business model of the criminal is to make profit with low risk and, here, you actually eliminate the risk because there is no risk to get identified, so either you have to screw up or be very unlucky as somebody rats you out. Otherwise, you’re secure. So, if you run a tight operation, it’s very, very difficult for the police to penetrate so it’s risk-free crime.
Narrator: So, does the anonymity offered by the Tor network encourage crime or simply displace it? Those who work for the project are well aware of the charges it faces.
Jacob Applebaum: There is often asserted certain narratives about anonymity and, of course, one of the narratives is that anonymity creates crime so you hear about things like the Silk Road and you hear, “Oh, it’s terrible, someone can do something illegal on the internet.” Well, welcome to the internet. It is a reflection of human society where there is sometimes illegal behaviour.
Narrator: These arguments aside, for users wanting to avoid surveillance, Tor has limitations - it’s slow, content isn’t automatically encrypted on exiting the network and some have claimed a bug can de-anonymise users. Tor say they have a fix for this problem.
50:07 A trend towards complete transparency?
Narrator: Whilst the search for a solution to bulk surveillance continues, this man has a different approach. He is Eugene Kaspersky, CEO of one of the world’s fastest-growing internet security companies. 300 million users now rely on its software. For Kaspersky, widespread anonymity is not a solution. In fact, he thinks we need the absolute opposite, a form of online passport.
Eugene Kaspersky: My idea is that all the services in the internet, they must be split. So, the non-critical - your personal e-mails, the news from the internet, your chatting with your family, what else? - leave them alone so don’t need, you don’t need any ID. It’s a place of freedom. And there are critical services, like banking services, financial services, banks, booking their tickets, booking the hotels or what else? So please present your ID if you do this. So, it’s a kind of balance - freedom and security, anonymity and wearing the badge, wearing your ID.
Narrator: In his view, this shouldn’t be a problem, as privacy has pretty much disappeared online anyway.
Eugene Kaspersky: The reality is that we don’t have too much privacy in the cyber space. If you want to travel, if you want to pay with your credit card, if you want to access internet, forget about privacy.
Narrator: Yet, the idea that we could soon inhabit a world where our lives are ever more transparent is very unpopular.
Tim Berners-Lee: Some people say, “Privacy is over, get over it”, because basically we’re trending towards the idea of just completely transparent lives. I think that’s nonsense because information boundaries are important so that means that we’ve got to have systems which respect them so we’ve got to have the technology to produce, which can produce privacy.
52:26 Cryptography today - the limits of privacy are now defined for a generation
Narrator: For those of us who might wish to resist surveillance, the hunt for that technology is now on and it is to cryptographers that we must look for answers.
If you want a demonstration of their importance to today’s internet, you only have to come to this bunker in Virginia. Today, an unusual ceremony is taking place.
Computer voice: ‘Please centre your eyes in the mirror.’
Narrator: The internet is being upgraded.
Computer voice: ‘Thank you, your identity has been verified.’
Man in queue: Right, we’re in.
Rick Lamb: This is the biggest security upgrade to the internet in over 20 years.
Narrator: A group of tech specialists have been summoned by Steve Crocker, one of the godfathers of the internet.
Steve Crocker: We discovered that there were some vulnerabilities in the basic domain name system structure that can lead to having a domain name hijacked or having someone directed to a false site and, from there, passwords can be detected and accounts can be cleaned out.
Narrator: At the heart of this upgrade is complex cryptography.
Steve Crocker: Work began on adding cryptographically strong signatures to every entry in the domain name system in order to make it impossible to spoof or plant false information.
Narrator: To make sure these cryptographic codes remain secure, they are reset every three months. Three trusted experts from around the world have been summoned with three keys, keys that open these safety deposit boxes.
ICANN employee: So, now we are opening box 1-2-4-0.
Narrator: Inside are smart cards. When the three are put together, a master code can be validated which resets the system for millions of websites.
Rick Lamb: We are very lucky because every one of these people are respected members of the technical community, technical internet community, and that’s what we were doing. Just like the internet itself was formed from the bottom up, high techies from around the world.
ICANN employee: So, step 22.
Narrator: A complex set of instructions is followed to make sure the system is ready to operate.
ICANN employee: And now we need to verify the KSR. This is the key step.
Rick Lamb: So, this is it. When I hit “yes”, it will be signed. There you go, thank you very much.
Narrator: These scientists want to use cryptography to make the architecture of the internet more resilient. But, for users, cryptography has another purpose. We can use it to encrypt our message content.
Jacob Applebaum: So, if we want to change the way that mass surveillance is done, encryption, it turns out, is one of the ways that we do that. When we encrypt our data, we change the value that mass surveillance presents. When phone calls are end-to-end encrypted such that no-one else can decipher their content, thanks to the science of mathematics, of cryptography.
Narrator: And those who understand surveillance from the inside agree that it’s the only way to protect our communications.
Edward Snowden (on video): The bottom line, and I’ve repeated this again and again, is that encryption does work. It’s the defense against the dark arts for the digital realm. This is something that we all need to be not only implementing but actively researching, improving on the academic level.
Narrator: However, there’s a problem. It’s still very difficult to encrypt content in a user-friendly way.
Julia Angwin: One of the best ways to protect your privacy is to use encryption, but encryption is so incredibly hard to use. I am a technology person and I struggle all the time to get my encryption products to work.
Narrator: And that’s the next challenge, developing an internet where useable encryption makes bulk surveillance, for those who want to avoid it, more difficult.
Tim Berners-Lee: At the moment, the systems we’re using are fairly insecure in lots of ways. I think the programmers out there have got to help build tools to make that easier.
Narrator: If encryption is to become more commonplace, the pressure will likely come from the market.
Julian Assange: The result of the revelations about the National Security Agency is that people are becoming quite paranoid. It’s important to not be paralyzed by that paranoia, but rather to express the desire for privacy and by expressing the desire for privacy, the market will fill the demand. By making it harder, you protect yourself, you protect your family and you also protect other people in just making it more expensive to surveil everyone all the time.
Narrator: In the end, encryption is all about mathematics and, for those who want more privacy, the numbers work in their favour.
Julian Assange: It turns out that it’s easier in this universe to encrypt information, much easier, than it is to decrypt it if you’re someone watching from the outside. The universe fundamentally favors privacy.
Narrator: We have reached a critical moment when the limits of privacy could be defined for a generation. We are beginning to grasp the shape of this new world. It’s time to decide whether we are happy to accept it.
BBC | Horizon | Inside the Dark Web | Season 51, Episode 4, 2014, 59 min., Director: Mike Radford
Video source: http://freedocumentaries.org/documentary/bbc-horizon-inside-the-dark-web… The Dark Web BBC Horizon
Picture from http://www.bbc.com/news/technology-29032399