DATE: 17.00-18.00, 18 April 2018
VENUE: Committee Room 12, The House of Commons, London, SW1A 0AA
SPEAKER: Nikita Malik, Director of the Centre for the Response to Radicalisation and Terrorism
Vicky Ford MP, Darren Jones MP
EVENT CHAIR: Vicky Jones MP, Darren Jones MP
VICKY FORD MP
Ladies and Gentlemen, thank you very much for coming. Do you want to take your seats- thank you, thank you.
Ladies and Gentlemen, welcome to the House of Commons. Spring has sprung but unfortunately the central heating in this building has not yet realised that and the technology [inaudible] committee rooms is somewhat overheated. I am Vicky Ford, I’m newly-elected Member of Parliament for Chelmsford. I’m very proud to sit on the Science and Technology Select Committee and also to be co-chair of PICTFOR which is one of the all-party groups which brings together issues that involve digitally internet. I worked on digital policy for quite a few years now as previously I was in the European Parliament where we were often looking at things well with the UK and other countries. I’m having a fascinating tech day today- I started this morning with the Internet Watch Foundation which is leading the world in taking hideous pictures of child sexual abuse off the Internet. And I want to remind people that Britain has absolutely led that challenge. Over lunch time today, I had a very interesting meeting with the creative sector- a really important part for our sector- and they’re concerned not so much with illegal content as illegal use of their content, notably copyrighted content being illegally used and breaking the value chain and the impact. And then we’ve got this amazing report from Nikita Malik on behalf of the Henry Jackson Society that she’s going to present to you this afternoon. I’ve just had a quick look through the report whilst I’ve been sitting in the chamber and I see you’re going to take us deep, deep, deep into the dark side. I’m going to have to start this bit by giving my apologies- it’s very typical in the life of a Member of this Parliament that you never really know what’s going to be happening in the chamber day, but we’re right in the middle of a debate on the industrial strategy. And the industrial strategy is key for Science and Technology and Research in this country- we’re investing more into Science and Technology than any other government for the past 40 years and we need to continue to do so. Okay, I’m rather embarrassed that I am actually the only member of our Select Committee who’s down to speak in that debate so I don’t want to miss that debate but there are times in this Parliament when you might not know this so much of how it’s reported outside, but actually we do work quite well across party so I’m going to be saying some of the things we’ve agreed in our cross-party select committee in that debate and in a view of cross-party work here, after I’ve introduced Nikita, I’m going to slip away and then Darren Jones, who’s my excellent colleague from the other side of the House is going to take over and chair the questions. And I’ve also got my parliamentary advisor David [inaudible] here.
So this is a really, really important piece of work. The government is very, very focused, and cross-party we’re very focused, on what we can do to remove terror online. We also now know that we need to do more to counter money laundering and access to funds through the Internet as well as communications. And this study, I think, comes at a really important time. Thank you for coming to Parliament to present it, thank you for the work in the studies you’ve done- I do think that many opportunities as possible to inform Parliamentarians and wider society about this work is really important and good luck with your discussions today.
I’m going to introduce now Nikita who’s the Director of the Centre for the Response to Radicalisation and Terrorism. She’s published several ground-breaking reports endorsed by the UN Children’s Fund UNICEF, and many other organizations. Thank you very much for coming here. I understand as well you’re one of the Top 30 under 30 across the world so thank you for sharing your time with us today.
NIKITA MALIK, Director of the Centre for the Response to Radicalisation and Terrorism
Alright, so I’m going to start by talking through the report for about 20 minutes- I’m going to be ambitious and say 20 minutes and then I’ll open up the floor for questions. But the first thing I want to check is if everybody can hear me because that’s always a disaster when you’re speaking to yourself. Firstly, it’s a pleasure to be here today in the release of this report we’ve been working on for the last six months to be joined by- briefly by Vicky Ford MP- and also by Darren Jones MP. Thank you so much, and both of them are members, as she mentioned, of the Science and Technology Select Committee and thank you to all of you for joining us today.
So I want to begin by stressing the merits of new technologies and of technologies like the Dark Net like Encryption and Cryptocurrencies, which is the subheading of this report and is what we focused on. These systems are lapped for better security, they protect identities and they enable may including human rights activists, journalists, those who dissent against authoritarian regimes, to share information securely. The Tor Network, which is the Onion Router, has been used to communicate during state-sanctioned censorship. Cryptocurrencies such as Bitcoin remove the need for intermediaries like banks and financial institutions, and they enable individuals to transact, and they also empower those who would otherwise not have access to expensive remittance systems. They also provide financial services to poor and unbanked populations across the world. So there is no doubt that these systems present a great deal of good for the world. However, as is the case with other innovations, such systems can also be used to the advantage of criminals and terrorists. This is the topic of the report today.
I first began to think about the dark net when I was reading about a court case study by the name of Tower Hamlets versus B. This was a case study which happened in the Family Courts in 2016 in the United Kingdom. It was about a 16-year old girl who was able to radicalize herself using content she found on the Dark Net over a period of seven months in 2014. It got to the point where she had radicalized herself to want to go and join Syria and it was only through the intervention of SO15 Counter Terrorism Command that she was able to be taken off a plane that was heading to Syria at the eleventh hour. When she came back in 2014, she was still not deradicalized and she attempted to radicalize her sister. She took very sophisticated steps to hide her online presence. She cleared her data and her browsing history via a CC cleaner and she used a 16-digit alphanumeric password. She described herself as addicted to Islamic State material and numbed to images of brutality and death. So this got me thinking- how easy was it to access this kind of material that she was looking at? If you go through the family court case, there is an appendix of all the material she viewed to radicalize herself and sadly, a search in January 2018 of this year on Google meant that I was able to find all of this material actually on a Google search engine search. And this is all in Appendix 1 of the report. I also found that an Al Qaeda-linked organization by the name of Al-[inaudible] was able to campaign for fundraising on Twitter. Therefore, whilst technology companies have made some progress in removing and tracking this content, more remains to be done. This is what I will discuss in more detail when I come to the policy recommendations.
I would now like to break this down into three parts. First, I will describe the major trends of the report, then I will go through the methodology, and then some examples of the cases that we analysed. I will then talk about policy recommendations and will be happy to answer any questions. So while it is clear that the first decade of this century was defined by the battle against Jihadist safe havens which were physically located in Afghanistan, Pakistan, Yemen, in Syria and Iraq and so on, this report draws attention to the possible rise of the virtual safe havens- encrypted communication channels, hidden portions of the Internet, cryptocurrency accounts that are not registered with any banks and more. In doing so, it highlights the following trends:
– The first, which we’re all aware of through media reports, is terrorists being able to use encryption to hide. Evidence suggests that recruiters use the dark net to plan and launch terrorist attacks because detection by law enforcement is less likely. While initial contact can be made on surface web platforms, further instruction is often given on end-to-end encryption apps such as Telegram, on how to access jihadist websites on the dark net.
– The second is terrorists using the dark web for recruitment purposes. Given the largely inaccessible nature of encrypted channels like Telegram and areas of the dark net, mass recruitment rarely takes place on these channels. But, Islamic State is able to draw interested sympathisers from the surface web and social media into the dark net for further interaction and indoctrination.
– Terrorists also use the dark net as a reservoir of propaganda. We have begun to see an increasing removal of extremist and terrorist content on the surface web which is a great thing. But, when we have bunk removals, what tends to happen is that much of the evidence that can be used in the removal of this content is lost. Some of this material later resurfaces of the dark net. So we stressed in the report that technology companies should work with law enforcement to ensure that this material is archived effectively to understand patterns of behaviour.
– Finally, we also saw terrorists using cryptocurrency to evade detection and to fundraise. It’s very similar to how criminals would use the Hawala system of finance or similar types of cryptocurrency precisely because it allows you to stay anonymous. And by fundraising and making financial transactions online by Bitcoin, terrorists and other criminals can avoid interference from other financial regulators and other third parties who might hinder their operations.
So what was the methodology behind the report? A large portion of the evidence is anecdotal. While we found that extremism and terrorism was not widespread on the dark net, what we did find is that the level of criminality is huge. The report also highlights a number of cases where Islamic State members or supporters have used the dark net or cryptocurrencies to further a terrorist agenda. However, I must stress that these technologies have not yet been embraced by any terrorist group on an organizational level. However, this still remains of great interest to us because of the trends that might emerge from it in the future. We looked at academic literature, open-source material on terrorism, cryptocurrency and organized crime on the dark net, and we did an extensive study n publicly available British and US court cases that resulted in the conviction of individuals providing material support for terrorism. This was coupled with an investigation into the dissemination of terrorist propaganda, financing and criminal activity of dark net marketplaces.
So what were some of the case studies that we found? The first is quite an obvious trend and has been picked up by academics in the past which is the crime-terror nexus. There’s a trend that criminals and terrorists will continue to work together in this online space just as they do offline. It is clear to us that terrorists engage in criminal activities such as prostitution, the sale of human organs, weapons antiquities, the taxation of drugs, and people-smuggling groups, kidnap for ransom and money laundering to raise funds for terror-related activities. This largely takes place in conflict countries. However, what we call self-starter terrorists in the UK and Europe can also benefit from the sale of instructional materials, firearms, firearm components, drugs and fraudulent documents on the dark net. These two areas are no mutually exclusive. Drugs from Libya or Iraq can be sold on the dark net, money from kidnaps and ransom can be funnelled into terror-related activities. For example, as we know, Islamic State has a strong power base in [inaudible] which enables drug transfers through Libya to the Mediterranean Sea. Islamic State has worked with Italian organized crime groups to do this. Though we’re not certain where the drugs on the dark net come from, cannabis is one of the top-selling drugs on the dark net and European officials have found that it primarily originates from Morocco. Islamic State has worked with Italian organized criminal groups to smuggle cannabis from Morocco through to Algeria, then Tunisia, then the East of Libya and then into Europe. Document fraud also persists on the dark net, aiding human trafficking and illegal immigration. An initial search on something that I found called Dream Market- there used to be Silk Road which was shut down, then Alpha Bay which was shut down, now you have Dream Market and you have other marketplaces like [inaudible] market place- so an initial search on the Dream Market in January this year found 373 pages of results for fraudulent UK passports, some of which came with bills, bank statements and driving licences as proof of identity. The dark net can also be used to buy weapons- A week after the attacks in Paris in November 2015, it was reported that the four assault rifles had been originally obtained on the dark net by a man in Germany. [inaudible], who killed nine people in an attack in Germany in 2016 also used weapons that he bought on the dark net. He was inspired by Anders Behring Breivik 2011 far-right terror attack in Norway. In May 2017, British authorities convicted Sumata ullah of Cardiff for being a member of Islamic State. He had used his cyber expertise to create a one-stop shop that offered vast amounts of information including how to use Tor, how to hide extremist material from law enforcement and how to distribute propaganda on the dark net. A search we did on Dream Market also found over a thousand results on material related to security which included how to use firearms, and bomb making instructions. And we also- Chapter 4 of the report looks at cryptocurrency which parallels the Hawala payment system and which I can discuss in more detail if it comes up in the Q&A.
But I’d like to move on now to policy recommendations. In the report, we’ve put together extensive case studies of Silk Road 1, Silk Road 2, a rifle case in Liverpool, and Playpen. To try to understand what police and authorities were doing to monitor the dark net, and shut down those who were using it for illicit purposes, Page 3 of the report contains the infographic of the techniques used that we were able to find from publicly available court cases. It’s quite clear that the same techniques can be bolstered to examine the dark net and terrorism. I was pleased to see this time last week that our Home Secretary, Amber Rudd, announced £9 million to enhance the UK’s specialist capabilities which would include work to combat criminals who continually exploit the dark net. This was one of the recommendations we put forward in the report but I would add to this and say that GCHQ should also be sharing knowledge with ordinary researchers and universities to train them on understanding internal dark net hidden market places as well as on regulation and a code of conduct for intelligence gathering. Building and sharing intelligence capital in this way will help to deconstruct myths on the dark net by providing explanations and evidence on its use. To sussign here that the term itself –dark net- I mean when I was starting to look at it, I hadn’t actually gone on it yet and I thought it was this crazy place. And then you actually log in and it’s like the internet used to be in the nineties. It’s really slow and the marketplaces aren’t very effective so I think doing more, much more research in this area would, you know, bring down some of the misconceptions on how the dark net operates.
In terms of the surface web, we argued that technology companies should create a sub-regulatory system to remove and audit extremist content and release publicly available annual reports outlining their efforts in this space. The public should also be able to report and flag extremist content found on the surface web. For example, there is still no flagging system for users to report instructional terrorist manuals and disturbing extremist content on Google search results. With software often auto-predicting extremist literature or directing vulnerable people who may consume this content to more extremist literature in multiple languages. While a self-regulatory model to remove and audit extremist content is an ideal solution, it is yet to be realised to date. If such self-regulation continues to fail, the need for a regulatory body to supervise and assess the efforts of these technology companies in this space only grows. Therefore, in the report we have called for the government to create an internet regulatory body, an external body of experts which would be appointed with the role of regulating, scrutinizing and assessing the efforts of technology companies to remove extremist content and instructional terrorist content. It would operate in a similar way to the financial services authority, for example. It would review the efforts of technology companies to self-regulate content off their platforms, with a potential for fines being placed on those companies that consistently fail to remove instructional terrorist material, material support campaigns that fund terrorism, or propaganda shared by prescribed terrorist organizations and features within a certain timeframe. Fines can follow the model of breaching UK competition law and the internet regulatory body should work closely with a counter-terrorism internet referral unit and other existing regulatory bodies to achieve this. Part of the auditing process should include regular annual reports, which measure key metrics on compliance and reflect on areas of improvement and are available to the public. Money created from potential fines from companies that fail audit reviews can potentially be used to fund further intelligence capital on crime and terrorism on the dark net. This can involve funding research and analysis of marketplaces, the use of cryptocurrency and encryption, and learning how to infiltrate, study, examine and source terrorist content and data into an archive for researchers and law enforcement who need to refer to this material.
So three minutes over but that leads me to the end of my analysis.
DARREN JONES MP
Well thanks Nikita for your excellent summary, and excellent and very timely report.
As was mentioned in the beginning, my name is Darren Jones. I’m the Labour MP for Bristol Northwest and member of the Science and Technology Select Committee. And before my election, I was a technology and telecoms lawyer working at BT so I have some expertise in this space. I’m very interested to hear the conversation this evening not least because we’ve just come out of the line-by-line assessment of the Data Protection Bill, Bill Committee in the House of Commons which includes new laws for law enforcement intelligence service processing of personal data. And because yesterday I kicked off a new parliamentary commission on technology ethics where we’re working on a cross-party basis to try to understand the right balance between regulation and innovation and the role of the state in some of these issues. I think this is an example of how it is quite hard for regulation, especially primary legislation, to keep up with technological advances, and how we haven’t quite got it right in applying the rules and expectations from the real world into the digital world- this is very timely, so thank you for your work. It’s also terrifying and I’ve never been on the dark web either, I don’t think you can look without getting in any trouble but it might be interesting to see it. And so, my job for this evening is to try to call as may questions as possible. Please just say who you are and where you’re from. Please as ever try to limit it to questions and not speeches because we don’t have a huge amount of time, and I’ll try to get through as many of you as possible. So please show your hands if you’re interested- I think you were first, sir.
Thank you very much indeed. Euan Grant- Institute of Statecraft and speaking in the personal capacity, I’m former law enforcement intelligence and my question is based on a conversation when I was working in Jordan last year with a visiting representative of the European Police Training equivalent to [inaudible]. It was quite clear that what I said hit home on the lady recognizing the problem. How do you think we are getting the technical in line with the-you might call it- operational law enforcements? Because I was struck by the training programs on terrorism obviously in a country like Jordan doing a lot of the same- going around delivering similar in Turkey and Egypt and so on. What concerned me clearly, the lady recognized was that there was an aspect of throwing technology without, perhaps dialogue, on the operational issues which need to be factored in to the technical tracking and solutions. Basically interface- the computer nerds, with traditional policing happen to be beyond cliché into wider open-source law enforcement and intelligence information. Joining up the dots, where do we stand on that?
Yes, I think that’s a great question and there is definitely a movement- I can’t speak for what Jordan is doing but in the United Kingdom for special online dedicated units both in SF15 and in the National Crime Agency. So there is a movement there, however having said that I don’t think the two are exclusive because if we look at the – I don’t know if everyone got one of these when you came in but we looked at the different techniques that the police use. So panel-trap orders, infiltration of staff areas, sting operations, network investigative techniques and criminal error, and you certainly have a lot of this happening online but tons of it is also happening offline so if somebody is communicating on a dark net marketplace about drugs, eventually they’re going to have to meet that person and you know, give that package and that is precisely where you can catch that criminal. One of the case studies- a very sad one but we had to go through a number of dark net marketplaces to understand trends- one of them was Playpen, which was the largest marketplace for child pornography in the United States and the FBI eventually took that over and ran it- it was very controversial, they continued to run it so that they could catch these criminals offline red-handed and so I certainly think that the two don’t have to operate separately. Yes, there is a need for online intelligence but I think the police are doing a very good job offline too with traditional techniques.
How are the computer people reacting to that?
DARREN JONES MP
Shortly, one question per person.
Sorry, what was the question?
How are computer people responding to that?
What do you mean computer—?
To the offline work of the law enforcement agencies?
What do you mean computer people?
The people who do the software and algorithms.
Well I don’t think they’re reacting any different. I think no one is proposing, including us in this report, that the dark net should be shut down or that cryptocurrencies should be removed. The issue is that you have to have, you know, better monitoring and better ability to look at these different areas as you would need resources for policing offline as well.
DARREN JONES MP
I don’t think I’m supposed to be answering questions but I’m going to take Chair’s prerogative. There’s the rule about how you enforce the offline and the online world as well and so we’ve been debating the balance around the rights of privacy and the roles of the state in being able to persuade telecommunications companies whoever, to be able to hand over information and how that works. I mean, with our Investigative Powers Act which is broadly pretty good actually compared to international standards. But one thing that I think you pointed to which is really important is the global coordination that needs to happen and as a consequence of this, a really important part of the Brexit negotiations- I always say whenever I have the opportunity I would like Brexit to stop just for the record, but I’m not in government. As part of the Brexit negotiations we must maintain access with our counterparts in Europe around the sharing of intelligence and criminal data. I don’t think it was in my constituency but it was in the constabulary area in Somerset on the child pornography issue. There was a chap who was viewing child pornography that was happening live in Spain and because of our ability to share information- and this was on the dark net- not only were we able to arrest the chap in some part of Somerset, but we were also able to get our contemporaries to go in and save the victim from the abuse at the same time as well. So the coordination is really, really vital online and offline. That was me giving a speech when I said questions only. Second question, yes.
Thank you very much for your report, I really look forward to seeing it. My name’s Natasha Victor, I’m doing an MSc in Security at UCL and am also the Founder of the UCL Cyber Security Society. I’m specializing in radicalization online and so I’m doing [inaudible] that specializes in the [inaudible]. It’s linked to the question that was just asked about the jurisdiction- the legal jurisdiction. So, as Darren just mentioned about the interventions in Spain and litigations there- how would we, in terms of the legislation and the Interpol and Europol that would allow us to share information- do you think we need something like Cyberpol where we pick up all the jurisdictions around the world so that information is ready whenever?
I absolutely agree with you- I think that would be an excellent, wholesome move to have that international coordination simply because the internet is so global. And you see that very much when we, at HJS, we work with Google for example. You know, the stuff I found on the Google search engine- I did report it because I didn’t want it there. And stuff that is removed from the UK, it’s completely different for US legislation so it remains on for freedom of information so we require firstly, more of a global approach to removing content. But also I think there’s only benefits to be had from a global innovation approach as well and I know the conversations I’ve had with SF15 that, and also the case studies I saw, that the US was a little further ahead than us in monitoring some of this material and the FBI in removing it and I think there’s a lot to be gained from something like that. Cyberpol- that’s a good name as well.
DARREN JONES MP
I think you should trademark it. I think that’s a very good idea. But, yes.
Hi, I’m Alex. Thank you Nikita again for the report. We spoke briefly on Twitter this morning. I’m at UCL as well with Tasha but I’m studying Global Governance and Ethics. I’m writing a thesis on Cyber Warfare and I was just wondering, because in Chapter 3 you mentioned how the dark net’s facilitating weapons purchasing and trading tutorials sharing. Have you come across instances that showcase terrorists looking to obtain weaponised codes to have, you know, carry out cyber-attacks? Is that something that they’re going to look towards as a new form of warfare or is it just going to be the standard kind of warfare that we have right now?
I absolutely think that there is the ability to do that and that is something that needs to be examined. Unfortunately, it’s not examined in this piece of work because, you know, we had a time constraint and we wanted to look at guns and drugs and the profits from that. But I do think that that’s a fantastic thing to examine and with the changing nature of warfare, it’s only inevitable that we’re going to have something like that so we should be thinking of proactive ways to prevent it or react to it.
JULIAN LEWIS MP
Julian Lewis MP. Nikita, thank you very much for the clarity of your presentation and for your important- the work that you do. I hope I’m not portraying great technical ignorance when I ask this question- how easy is it for vulnerable people generally to get onto the dark net? What do we know about the infrastructure of the dark net, and are there any reasons, technical or moral, why the dark net cannot be attacked and closed down by the authorities in a way that obviously they can’t [inaudible].
Thank you so much Julian for coming as well, I know you’re very busy but if you look at the – I tried to explain in this diagram in the report. So basically, the Internet can be thought of like the sea- so the surface of the sea is where you have your Google search engines and your Yahoo and you don’t need a password or username to log into that. Then you have the depth of the sea which is where you need your passwords and your usernames, so that’s your emails, your banking systems, Facebook etc. And then part of the deep web is the Dark Net, so the deep web is the majority of the content that we have on the Internet and the Dark Net is the criminal aspect of that. Now the reasons behind why it shouldn’t be shut down is because- I’m a bit hazy on the background but it is covered in the report that it was originally set up by security officials and it is continually used by security officials as well to monitor information and for freedom associating people who want free speech and want to be able to, as I mentioned in the beginning of my report, be able to communicate freely- you know, it comes down to their liberties. And then I think there’s also the risk that- and I’ve always thought this- that if we block or ban something, there’s no stopping the alternative thing just coming up in a different form. So we saw that with Silk Road- the largest Dark Net marketplace- once it was banned, you have Silk Road 2 that came up and the same thing that happened, sadly, with Playpen- finally when they did remove it within a few weeks there was a similar marketplace that had come up. So where there is the means, there will be an end- I think if the criminals want to do it in this way, they will find a way to do it and I think the precedent that’s been set is this way, if we get on it we can look at it, access it and see what’s going on in this way.
JULIAN LEWIS MP
And the ease with which vulnerable people can get on to it?
Well I think the premise of the report which was the fact that this 14-year old- now 16- but, you know, this child essentially was able to do it. And for her it was child’s play for her to just go on and find all of this stuff and in a very effective way, wiping clean her computer, keeping her identity anonymous, and she had obviously downloaded a guide online to be able to do this so I think it is pretty easy.
DARREN JONES MP
It’s worrying, isn’t it? I like to think I’m quite tech-savvy but I have no idea how to do it. Now I’m conscious I’ve got three men and one woman so I’m going to call women as a priority if there are women questions, or questions from women even. The lady there, yes.
So basically I’m Sabira from the Asian Mums Network. I’ve got an [inaudible] seven years ago the Prevent Women’s [inaudible] so I continued my [inaudible].
At the moment I just run a fund through Google and ISD to put an Internet safety campaign to carry particularly women, with BME backgrounds and we’ve done some blogs on the Dark Web. I’m running a survey with the three key areas that women with lots of different backgrounds have said that in terms of lack of knowledge of the dark web, radicalisation and gaming. So how do we get that- what’s the best way do you think, to get that messaging to parents to be more vigilant?
And I’ve also heard some new technology by Disney called Circle where it’s like a [inaudible] but talking to mums especially who are worried about their children’s gaming habits and their mental health and their behaviour- their aggressive behaviour. So they’re saying that apparently Circle can basically- I think you can look up all the Internet activities within the household with this technology. I don’t know how widely it’s used- I don’t understand the technology at all but do you think in terms of the messaging to parents to understand- sort of the- how the dark web works? What do you think is the best sort of method?
So Sabira, I think the work you’re doing is excellent on Asian Mums Network and I’m really glad that you did that survey and you brought out those three issues. I think fundamentally there are two things: the first is what I already mentioned which is better monitoring and the police are doing that. But also, campaigns like the one that your company does and also campaigns funded by groups such as The Global Internet Forum to counter terrorism to kind of educate parents on these things. So I think you were there when we were at that conference with the Breck Foundation and I don’t know if everyone knows but the Breck Foundation was founded by a mum who lost her son, who was murdered because of PlayStation. So he was going on PlayStation- he didn’t become radicalized but he was interacting with other young boys. There was a lot of violent activity because PlayStation is quite violent and eventually through a chat forum, somebody groomed him and then invited him to a sleepover and beheaded him Islamic State-style, in the United Kingdom. And she started this foundation to raise awareness on that and I think there is definitely spaces whether its ‘Tower Hamlets versus B’ on the Dark Net, the Breck Foundation PlayStation. And there’s a normalization of violence happening online and it scares parents as it would scare anybody if you don’t know enough about the topic and you want to protect your children in this way. So I think campaigns like the ones you’re doing and the blogs that you’re doing on the Asian Mums Network are really important and I’m glad that you won funding for that because more money should be going to areas like that.
DARREN JONES MP
It poses an interesting balance as well if you think about recent events. For example, processing big data on social network. So clearly what happened with Cambridge Analytica and the legal basis on which they collected that data for those purposes appears to be unacceptable. But if you say to people actually: are you happy for your children’s data to be used over- if they are deemed to be at high risk of being radicalized based on content on Facebook- that we can then put counter-advertising on Facebook to try and pull them towards de-radicalization support, I think people might say yes to that. And there’s this constant play between getting the balance right between privacy and good and bad and evil and all this stuff and it’s quite hard stuff to get right in terms of legislation and regulation which is why we need to know what’s going on in order to have this informed debate.
Right, who was waiting for- someone and their hand up for a while. Not you? Okay. I’ll come to you and then I’ll come to you afterwards.
Thank you. Robert Clifford from the Home Office, Head of Data Strategy speaking purely from personal capacity.
It’s really an observation- there’s very interesting talk- I saw two themes [inaudible]. So one is, sort of, sanitizing the surface web and making sure things like Facebook, PlayStation do not, sort of, fringe into the daily lives of your average teen and poison them, and that’s absolutely critical. The other sort of key theme I’m hearing is the dark web, whether its technologically easy to do, or not, it’s only a certain minority of your demographic society who’re going to be accessing that. I think sometimes there may be slight dramatic [inaudible] of these two problems together. They require different reactions and challenges obviously so I’m interested to hear, sort of, your thoughts upon that. I don’t think we can deal with this Facebook- PlayStation issue in the same way as we can with the Dark Web.
I completely agree with you and in an ideal world I wouldn’t have to have anything on the surface web at all. I mean, the purpose of the report was very much to look at the dark net and to increase intelligence and to advocate for more resources to be given to JTRIG and to GCHQ and other to be monitoring it. Sadly, when I started looking into these case studies out of curiosity, I said can I find them on Google? Can I see this stuff happening on Facebook and Twitter? And it still was. And I think at this stage, absolutely we should have a self-regulatory system and we ourselves work with these companies, we share our research with them, we tell them that this stuff if out there. But it’s reached a point where, you’re absolutely right, it’s not clean, it’s still a mess- the surface web. And then on top of that, you have increasing trends happening on the Dark Web too. So in an ideal world I would probably have divided this into two papers but there is a little bit of overlap in the sense that you can go from stuff you find on the surface web, which teaches you how to use the dark net and then you’re in a space that’s pretty much unregulated or unmonitored.
It’s a thought, it’s not a question, apologies for that. It’s just breaking that link because, I mean the ambition of, sort of, taking down the dark web may not be achievable realistically as its expression of preventing that link.
Yes, and I wouldn’t advocate that it should be taken down I think if the techniques that we found, which have been remarkably effective, continue to be used and are bolstered then there should be no need to because we have preventative approaches to stop crimes from happening and we’re able to catch criminal from that way. What I would like is more proactive approaches for content to be removed off the surface web. Like you said, we shouldn’t be able to auto-predict this kind of stuff on Google and some of it is extremely disturbing and very violent. And I was surprised that it was the first or second result and you know, ‘Mujahedeen Poisons Handbook’. That’s been covered in all of the media outlets yet I bet if you google it now, it will still auto-predict it for you and correct the spelling if you got it wrong. That’s great that technology is working as it should but probably from an ethical point, not to the best for vulnerable people.
Thank you for your presentation. My name is Archibald, I’m an independent researcher. Basically what you presented is very interesting but you initially started with a good sight of Dark Web and what most people do. But when you look at it from a technological perspective, VPN or the Virtual Private Network is legal, which most people would use to communicate or transact business. And that is where the platform starts and [inaudible] cryptocurrency, then all the dark web issues continue. Once you advocate for a mechanism where-if there should be, say, an app created for communication between criminals it can be flagged out because if you create a VPN, right, it’s legal. Through that an app can be created for transactions to go on. How would you know if it’s not coming up on the normal network or surface on the computer? So I think that there should be a way or means to register whoever creates a platform because if [inaudible] for them is that all these [inaudible], it’s going to be more difficult to track some of these [inaudible]. Thank you.
Was there a question?
It was a question- like how do you register like creating a mechanism where like someone is creating a website to transact business. Because if you have a VPN obviously it’s legal, so when you create a platform to transact business, that’s when the dark web starts.
Well I think we are already battling with this because of encryption, so we’re unable to monitor the communications of people use Telegram or Kik or Whatsapp and similarly, the beauty of Bitcoin is that it is anonymous and we can do things. I mean, I think the move from the United States which is now being followed by the UK, that Bitcoin and other cryptocurrencies should come under anti-money laundering legislation is very important as the Hawala system did eventually. So there’s some level of regulation we can do. Having said that you know, criminals and terrorists will still continue to communicate anonymously and that’s when some of the techniques that police are using to capture them- when I showed this to one of my contacts in the police, he said the biggest one here is actually criminal error and he’s right. When you look at the court cases, there’s tons of times when criminals just make mistakes so they’re supposed to have a VPN and they forget, or they go into their local library and log in there and suddenly they’re able to tell that this is that person who’s done it. So it’s precisely because the police are one step ahead and they should continue to do so and the way we do that is through more resources as we can commit it.
DARREN JONES MP
Thanks. Did you have a question?
Hi, I’m Emily [inaudible], I’m a friend of Baroness Cox. With Tor, it’s something that’s obviously very easy to get hold of and it’s been promoted for most people to actually use and obviously, it’s very easy to get to the Dark Web through it and there’s people a lot younger than me that can use Tor and get to the Dark Web. It’s something that, I mean if you’re monitoring it, because there’s people as young as 10 that are using Tor, I mean surely you’d want to close down that and get some policing or at least a person to report it
I’m getting asked to go on Tor, like most of the people I know use Tor because they don’t want to be using Google because they don’t want to be getting people looking at their information and everything that came up with Facebook recently, everyone doesn’t want that, everyone’s moving to Tor and Tor is easy to go on the Dark Web. So is there anything that’s being done about promoting Tor or do you think people should be going onto Tor?
I think it’s fine to go onto Tor or to DuckDuckGo, which is the alternative to Google, because a lot of people want to protect their identities, and they don’t want ads, and it is kind of creepy that if you have a conversation about Coca Cola, suddenly you’re getting a bunch of Coca Cola ads all the time. And I think a lot of people- it goes back to the privacy debate, they say I have the right to be forgotten or I have the right for my privacy and so they find alternative things to do that. I think where it gets problematic is when you begin to look at the criminal underside: so if you’re beginning to go to some of these marketplaces and look for fake documents or drugs or guns, and the police are monitoring it in the sense that sometimes they’re scams so if you arrange to pick up drugs, it could be a policeman you’re meeting at the other end.
I mean it’s easy when you’re just searching through it, it ca lead you onto those websites but you wouldn’t be meaning to. Like you could be looking at one thing and it takes you to something that you weren’t even on in the first place.
Yes, and I think that rabbit-hole is something that needs to be monitored better and perhaps if it is encouraging you to do so then that’s something that needs to be brought up with the creators of Tor because their premise is: we created Tor for privacy and that’s what it’s for. But if it’s the case that you’re going on there and being encouraged to go to these marketplaces, then absolutely that should not be the case.
DARREN JONES MP
Okay, I’m conscious of time- we’ve got about five minutes, we need to wrap up. So I’m going to take a, I think a round of four and that’s going to be the end I’m afraid- so I’ve got one, two, three and four and my gender balance has gone entirely out of the window.
My name is Andrew Hay- I’m a [inaudible] and I specialise in providing open-source human and cyber intelligence. I’ve been doing research in this for the last thirty years. I had a stroke in 2015 and this is the first time my profile had come back up onto Google after [inaudible]. And so, I have a quite good insight into the dark web because I use the dark web often in order to supply the information that I need to supply. My question is what real evidence did you find in SF15 and the National Crime Agency where they actually are taking steps to monitor- I mean evidence not just what they told you, but you actually get to see what they can show you, what they’re actually doing or was it just the usual visit?
DARREN JONES MP
Okay, thanks. Number 2?
With GPR coming into place next month, what [inaudible] lack of [inaudible] technical or legal background skillset. Do you think the government should be putting more emphasis on IT and technical data skills [inaudible]?
DARREN JONES MP
Thank you. Number 3?
What steps did put in place to make sure that the data you were looking at on the dark web wasn’t blue-on-blue for example? So you mentioned the Mujahedeen’s Poison Handbook- if that is a Handbook that each and every single formula in there is actually incorrect and you couldn’t produce a poison from it that was actually- it’s a relevant concern because of the American Court website which [inaudible] and in the UK as well, the ancestors of [inaudible] terrorists. So the idea of looking at the documents on the Internet like the Mujahedeen Handbook, and that is informing us about a worry when it’s actually the reverse of that. It’s actually something that’s useful that terrorists would actually follow a recipe and get nothing. Have you thought about that in the process?
DARREN JONES MP
Okay, thank for that. And finally, question 4.
You spoke about the marketplace that’s used to sell drugs. I was wondering two points: One, what the percentage of the sales of drugs are? And b, whether a way of tackling these market places might be to attack their popularity by possibly legalising some of these things that are [inaudible]?
So four-and-a-half very difficult questions to answer.
The conversations: I would love to tell you that I had a- a sat at the back of the computer and watched them do it- I did not. I’m not vetted and as a result- and that’s very clear in the report- as a result, you know, not told directly and kind of percentages or case studies or even techniques are beyond what you wouldn’t be able to do if you didn’t have that kind of developed and high-security vetting. So maybe one day but not today.
And in terms of GDPR, I absolutely agree yes. I think the government should be putting more IT and technical skills into place -I think that’s a good idea.
In terms of the incorrect data and the practical use to terrorists, yes, actually I did mention the Mujahedeen Poison Handbook in this but there are definitely other cases on here of certain guides like the Mujahedeen Guide to the West. Now possession of that is an offence under Section 58 of the Terrorism Act and yet that’s still available as well. So I agree with you to the extent that some of the stuff- like the Poisons Handbook- is probably nonsense but there are definitely case examples of extremist material here which I think is extremely problematic.
And then in terms of the drug sales, how much of that- I don’t know the answer to the first part of your question on drug sales and whether that would go down if we were able to legalise some of this criminal activities on the dark net. I, again, don’t know the answer to that- I think that’s another debate to be had that we should be legalizing drugs in the UK and other things. But I really don’t have much to add to that.
DARREN JONES MP
My colleague in Bristol West, Thangam Debonaire, was recently on a BBC programme called Drugs Land and called for legalization and regulation of drugs not just to prevent criminality but to raise some extra taxes as well. I’m not sure whether I full agree with the argument but the debate has [inaudible].
Thank you very much for all of your questions and for your time this evening. I found that extremely interesting and useful and there’s much more to be done, clearly, to try and improve what we do here in the UK, in our relationship with the European Union and around the world too. A round of applause, please, for Nikita.