Do dark networks aid cyberthieves and abusers? By Mark Ward

Technology correspondent, BBC News Published duration 19 June 2013

image caption Web firms have been summoned to Downing Street to explain how they are combating illegal material

The Downing Street summit has thrown the spotlight on the web and what can be done to expunge images of child abuse and to catch those that share such material.

While it is true that abusers seek and share images on the web, many take steps to hide what they are doing because it does such a poor job of protecting their anonymity.

Instead, many tech-savvy paedophiles have turned to so-called "dark nets", such as Tor, I2P, Freenet and many others.

These networks are specifically designed to conceal the identity and location of their users, said Christian Berg, co-founder of NetClean, a company which sells products used by police forces and anti-abuse agencies to classify images of child sexual abuse.

By contrast, everything connected to the web uses its own IP address to ensure data reaches its destination. When information moves online, IP addresses are widely logged, potentially giving police a start in any investigation into who is looking at images and where they go.

By a variety of technological tricks, the dark nets hide these giveaway identifiers, at the same time as they let people use the web.

"The traces you are leaving, the IP addresses, they are not yours," said Mr Berg. "These networks have become a major problem because they are free and easy to use."

Browsing these dark nets, especially Tor, is a sobering experience, said Mikko Hypponen, chief research officer at security company F Secure.

image caption Many supposedly criminal sites are run via Tor and trade on the anonymity it offers

"Everything goes," he said.

On these networks drugs, guns and credit card skimmers are openly on sale. They are places where criminal hackers, professional thieves and, apparently, hitmen advertise their services. Using one of the many web currencies, it is possible to buy lots of stolen credit card numbers, stolen hardware and pay someone to hack into a bank account or company.

Of course, said Mr Hypponen, it was likely that a lot of the goods and services being offered were actually scams seeking to steal from the gullible.

Despite this, he said, it was clear that some users of these networks were serious. Some domains run via the dark nets act as sharing points for illegal material - be that pirated movies or images of abuse. Investigations into who is behind the services being offered on these networks are largely futile, he said.

"The big difference between Tor and the web is that we will never be able to find out who runs a site or forum," Mr Hypponen added.

Good and bad

Given how much UK tech firms are being asked to do to clean up the web, should there be similar efforts to tackle Tor, i2p, Freenet and others?

For Mick Moran, Interpol's acting assistant director of cybersecurity and crime, who has spent years pursuing abusers, there is only one answer to that question.

"Tor as a concept is quite flawed," he said.

He described its supporters as "cyber-utopians" who mistakenly believe it, and its ilk, are forces for good because they are used in many places where political protests are harshly suppressed.

By contrast, he said, his experience of dark nets such as Tor was that their use by activists and the oppressed was more than outweighed by criminal abuse of such anonymising systems.

"They use it to access and exchange child exploitation material and child pornography," he said. "Because they are untraceable then society lacks the ability to enforce democratically put in place laws around this issue."

But the potential for a technology to be abused is no guide to whether it should be suppressed, said Phil Zimmerman, who invented an easy way to encrypt messages to stop them being spied on.

That technology, known as Pretty Good Privacy (PGP), was very controversial when it first appeared, he said. It was likely that it was put to criminal ends, but the usefulness of the encryption technology it drew on far outweighed that abuse.

"Just think about what we would have to do if we did not have strong encryption," he said. "We would not have any e-commerce or e-banking. The economy would go back to being entirely bricks and mortar."

In addition, he said, the lack of encryption and other similar technologies would radically erode privacy.

image caption Web commerce depends on technologies that hide identities

Mr Zimmerman has started a company called Silent Circle that adds encryption to phone calls to protect them from eavesdroppers. Silent Circle has no control over who signs up to use it and has no knowledge of the keys used to scramble conversations.

If the police turned up asking for access to users' accounts and conversations, Silent Circle would not be able to help them. Mr Zimmerman is sanguine about this and the fact that the technology may well be serving criminals.

"It's also being used to protect the lives of Navy Seals and soldiers in Pakistan," he said. "These are people putting their lives on the line to stop terrorism."

The encryption systems behind Silent Circle, PGP and the anonymising technology in Tor and the other dark nets were too valuable and did too much good for them to be taken away simply to satisfy the demands of the police, he said.

Stripping away these technologies would empower criminals as much as it would law enforcement, he said. If they did disappear, privacy over any and every communication network would utterly disappear.