Formulating unique conception of the Web in “Weaving the Web” Berners-Lee emphasized that the intention was to create a system with “one fundamental property: it had to be completely decentralized. ” In the vision of Berners-Lee: “That would be the only way a new person somewhere could start to use it [the Web] without asking for access from anyone else” (Berners-Lee, 18).
In the initial years of the Web’s functioning, Berner-Lee’s ideal of a highly decentralized universal system has been shared by tens of millions of people around the world who have appreciated and marveled at an invention that makes it unexpectedly easy for anyone with a computer to connect with anyone else with a computer, anywhere in the world, and to store and send information almost at will.
But the Internet and the Web have also moved to the center of attention for governments, business leaders, lawyers and judges, police forces and military establishments, and anyone else dependent on the rule of law and authority structures in modern society. This is a result of the ability and tendency of Internet users to simply skirt or leap over many of the rules and institutions designed to maintain order in the pre- Internet world.
Previously designed rules and legal structures enacted for slower-paced, relatively public tangible transactions in a world rimmed everywhere with borders (local, provincial, national) suddenly were challenged as never before when the Internet made it physically conceivable to carry out transactions of almost any kind in a manner simultaneously immediate, anonymous, inexpensive, and seemingly borderless.
In contemporary context, the process of certain democratization, overcriminalization and simply lazier-affair went beyond predictable limits – internet identity theft, credit card fraud, hacking, terrorist activity, pedophile activity, etc makes evident that the need for adequate regulation of online environment. However, although this need seems to be logical, many questions on the feasibility of accomplishment of this task seem to be unanswered.
Contemporary safety measures like encryption or public boards aimed to protect individual privacy provide practical tool for people with criminal intent to exchange information with decreased risk to their personal identification. This paper aims to concentrate on some aspects of controlling of information/content transfers on Internet, particularly censorship, privacy and its connection with encryption. From the very beginning, it is necessary to recognise that the Internet does often route around censorship.
If someone closes one site down and that site is recreated (because it is easy to copy and send the files) elsewhere, particularly elsewhere in the world with different legal jurisdiction, then it is hard to prevent those accessing the Internet from seeing the information on that site. When Italian magistrates closed down the hacker-oriented site “Netstrike”, it was soon recreated elsewhere beyond the reach of Italian law. Moreover, a package of files was created allowing anyone able to host a website to recreate the Netstrike site.
The anti-McDonald’s website, “McSpotlight”, was initially located on computers in the Netherlands, despite many British workers being involved in its creation, because it was believed the Netherlands provided a more permissive legal system for such a site (Meikle, 75-81). In many ways the Internet can avoid censorship or at least ensure a multiplicity of views are heard, rather than those deemed legitimate by major state or corporate bodies. However, in other ways this is not so. First and foremost, the Internet is both decentred and centred.
Censorship has always been possible at the centre of the Internet, though there are few cases of such censorship. The Internet is centralised because it uses a translation between numbers and letters to define the location of Internet resources. Web pages download ‘cookies’ that track browsing histories. “Spyware” that keeps track of someone’s online habits is often unknowingly installed. Logs of anyone’s online adventures are kept by most ISPs and can be used to trace someone’s virtual movements.
Most email is sent as open, plain text that can be read by anyone with the skill and motivation. Companies and nation-states can put barriers to access to the Internet that block certain places on the Internet from those who are within the corporation or nation-state. Digitally correct activist groups know that the Internet is censorable, they know that it is a battle over the nature of technological objects and the values those objects are created with. It is a battle over the technical infrastructure of the Internet and the social values that can be embedded within this infrastructure.
To enable free flows of information in the Internet, digitally correct groups, including hackers, seek to imbue the Internet’s technological infrastructure with the values of freedom of information. It is here the concept of “peek-a-booty” has the potential to be an important weapon. It engages in the high stakes of national and international politics through the organised expertise of guerrilla or resistance technologists. While the purpose of peek-a-booty is not hard to explain – resist nation-states’ attempts to censor the Internet – the way politics is embedded in technologies is less clear.
The developers, Paul Baranowski and Joey DeVilla, explored the main features of peek-a-booty in four parts, each of which is primarily politico-technical in nature: distributed, steganography, anonymous connection and minimal discovery (Baranowski, peek-a-booty. org, 2006). The core of peek-a-booty concept is its distributive nature. Distributed networks, though they are more complex, are harder to shut down. A centralised network only needs it central server to be shut down and the network collapses; the clients are useless in network terms without their server.
But if all nodes are clients and servers then only shutting down the majority of nodes will shut down the network. Shutting down some nodes will shut down a portion of the network but the remainder will continue to function. While this looks like a technical argument, it is a concern only if a network needs to be designed with a deliberate attack in mind. If someone expects the network they are designing to be the target of sustained attempts to disable it then it is the social and political nature of the network that demands it be robust against attacks.
In the case of peek-a-booty, its aim of disturbing censorship of the Internet means it can expect to be the target of attack and being distributed therefore has important advantages. The second component of peek-a-booty is its use of steganography. Steganography means concealing messages as something innocuous. Peek-a-booty needs something like this in order to get through the firewall, if a message leaving or entering a nation can be identified by the firewall as a peek-a-booty-related message then it can be blocked.
The peek-a-booty message must be passed through the national firewall but not be recognised, it must have a virtual false moustache and glasses placed on it. Again we find a politico-technological choice made here. Peek-a-booty uses SSL protocols. These protocols define rules for a number of things provided by SSL: data encryption, server authentication, message integrity and client authentication for a TCP/IP connection. All in all, SSL hides data through encryption and it validates the servers serving the SSL request.
SSL is the major vehicle for secure online financial transactions and, because of this, SSL is built into all major browsers and web servers. SSL is a technology serving the commercialisation of the Internet and it is very difficult for any national firewall to block SSL messages as this would effectively cut off that nation from the majority of e-commerce transactions. Few sites behind a national firewall that blocked SSL would be able to offer goods for sale over the Internet using secure transactions and few customers would be able to buy goods securely outside the national firewall.
For commercial reasons SSL is difficult to block, even if SSL messages are carrying prohibited information rather than just buy and sell transactions. The possibility arises that an opponent of peek-a-booty might try to break the encryption on SSL and check inside SSL packets for relevant information. It is however unlikely that any nation would acknowledge decrypting and looking inside SSL transactions because this would undermine the security of online trade.
Breaking and examining the contents of SSL messages would mean seeing peoples’ financial details (credit card numbers and expiry dates, for example, or passwords to stored financial details), not just peek-a-booty-related information. Any nation known to be pursuing such a course would be quickly seen as a nation destroying the fabric of e-commerce. A second reason breaking SSL is unlikely is that SSL uses reasonably strong encryption and huge amounts of SSL messages are sent. This combination means it would be very difficult, on a regular basis, to scan all SSL messages and sift out commercial from non-commercial messages.
The sheer deluge of SSL messages passing through nearly all networks, combined with the difficulty of breaking any one SSL message’s encryption, means that even if a nation were willing to take the commercial and international political risk of scanning SSL, it would still face a formidable technical obstacle in achieving such a task. In this discussion it is also necessary to emphasise that the issue of protected privacy serves as a dual-edged sword, revealing new perspectives on encryption, internet relay chats, encrypted email, etc.
From the critical standpoint, various criminal groups, from pedophiles to terrorists can abuse the techniques designed for privacy protection. For instance, being decades old and experienced the hacking community utilises covert channels and steganography to hide data in transmission (Skoudis, 2002) and hackers’ skills in sharing information and tools anonymously are honed and proficient. It is not unreasonable to project that hackers will sell information and expertise to organised crime and/or terrorist groups. The hacker community may be sheltering and training perpetrators to occupy the shadows of cyberspace in organised crime groups.
Other criminal groups sought acceptance amongst their peers but they trusted the protection of Internet anonymity. Although they do not always have the technical expertise of the hacker community, it is widely assumed that they are obviously skilled in the use of encryption and remailers as well as the practice of Internet anonymity. Individual notoriety and personal anonymity are characteristics that have been observed in criminal groups and it is reasonable to expect that other criminal communities would also desire these outcomes.
According to Forde and Patterson, there appears to be an association between particular Internet activities and user identification. Internet practices that provide the strongest anonymity were used to camouflage extreme criminal behaviour (Forde and Patterson, 28). From this perspective, Internet activity associated with web browsing can be excluded because it provides a relatively weak anonymity. However, encrypted email provides a safe and confidential communication as well as material distribution. Encrypted emails or utilisation of remailers make the tracing of IP and subsequent identification extremely difficult.
Therefore, it is evident that intentions of Internet community and agents to establish a practice of privacy protection result in the abuse of available techniques to mask privacy. While encryption techniques are readily available, an awareness of the penalties associated with transactional security has to be taken into account by criminal groups. For example, securing a SSL requires a hand-shaking process that identifies the parties at each end of the connection. This facility makes it difficult for external parties to read the communication, however it requires communicators to declare their virtual identities.
Therefore, even though perpetrators can create “secure” networks they must address the issue of member identification and the attendant risk of membership exposure. Consequently, virtual private networks (VPNs) are a dual-edged sword. Their technological construction provides excellent protection against external attack; nevertheless members could be compromised by an individual member’s inappropriate action. As a result, if very high levels of trust exist between group members then they can be expected to use VPNs. Otherwise they can be expected to use Internet services offering (or allowing) anonymity.
The increased use of encryption by criminal groups to protect communications and other materials on the Internet hinders the activities of law enforcement to combat crime. As encrypted electronic files become more difficult to decrypt due to the increasing sophistication of the tools, the rate of non-recoverable encryption escalates and less criminal activity will be detected. In addition, as Marcella and Greenfield point out, as the use and strength of encryption increases and encryption tools become a standard component of software suites, the threat to public safety will increase proportionately (Marcella and Greenfield, 51).
Bibliography
Berners-Lee, Tim. Weaving the Web, Harper San Francisco, 1999 Meikle, G. Future Active: media activism and the Internet, London: Routledge, 2002 Marcella, A. J. and Greenfield, R. S. Cyber Forensics, Auerbach Publications, London, 2002 Forde, P. J and Patterson, A. , Paedophile Internet Activity, Trends and Issues in Crime and Criminal Justice Series, No. 97, Australian Institute of Criminology, Canberra, 1998 Baranowski, P. Available at <peek-a-booty. org> Accessed Jan 20, 2006