The Blurry Line Between Fighting and Committing Crime on the Dark Web
19 March 2020
Avraham Chaim Schneider, Ariel Yosefi, Nimrod Kozlovski
Unanswered questions expressed in one of the last court filings by the legal team for Eric Eoin Marques, the man behind the dark web’s original Freedom Hosting platform, was a key element in the Defense’s strategy:
“[P]erhaps the greatest overarching question related to the investigation of this case is how the government was able to pierce Tor’s veil of anonymity and locate the IP address of the server in France … the government revealed vague details of how investigators discovered the IP address (and location) of the server. The undersigned contend that the … disclosure is incomplete and inadequate, and that additional discovery on this point is due.”
In its heyday, back in 2013, Freedom Hosting was the dominant cloud hosting operation for sites on the dark web. Estimates had upwards of half the dark web’s sites being hosted on its servers. Drug dealing, hack sharing, money laundering, even a fine upstanding criminal banking institution dubbed Onion Bank; these were the freedoms Marques was promoting on his platform, any one of which serving as excuse enough to put him away for many years. But it the end it was his hosting of a full 95% of child exploitation sites that did him in. This month Marques pled guilty, despite his lawyers having doubts as to the prosecution being forthcoming with procedural evidence:
“Regardless of whether the government agrees to provide additional discovery, the undersigned requires the continued assistance of an expert to evaluate the discovery provided thus far, most significantly to assist in evaluating the legality of the investigative techniques explained in the [documentation provided].”
In other words, Marques’s team was not all that convinced the FBI didn’t resort to criminal activity themselves to get the goods on their client. Some might make a moral argument that even if authorities broke a few rules here and there, the ends justify the means. Perhaps, but legally this wouldn’t hold up and his lawyers knew it, and the suspicion is the FBI knew it as well.
Jury is still out on jurisdiction
It’s notable the Defense specifically mentioned a lack of disclosure with regard to how authorities were able to crack Tor’s traffic to a case-critical server in France. Jurisdiction is one of the most problematic gray areas affecting the legalities of dark web investigations.
In an article on jurisdiction with regard to dark web in a 2017 addition of the Stanford Law Review, Professor Ahmed Ghappour details the problems stemming from the fly-by-night way lawmakers have been attempting to modernize laws on the books to satisfy the new realities of digital globalization. US Federal Rule of Criminal Procedure 41 (other Western States would presumably have similar governing laws) specified that a search warrant was to be issued only to a magistrate situated in the locality where the warrant was to be carried out.
The problem with this original formulation was the impossible chicken and egg scenario it created where law enforcement would first need a warrant to determine where the location of a server was in order to legally procure a warrant to search the server in the first place. Clearly the situation was untenable, so updated language was introduced in Rule 41(b)(6) that allowed magistrates to issue warrants without knowing the location of targeted devices in instances where said device “has been concealed through technological means.”
Seems a simple enough fix, but the devil is in the details. Although the intention of the amendment was for national use, the practical reality of the dark web’s global network, and the fact that investigators won’t know were their searches will lead them before they get there, pretty much guarantees the unauthorized violation of international sovereignty. Or as Ghappour puts it, “the largest expansion of extraterritorial enforcement jurisdiction in FBI history.” He further points out that the legality of national authorities launching cross-border exfiltration operations is still an open question:
“[The} well-established international law axiom [is] that one state may not unilaterally exercise its law enforcement functions in the territory of another state, which has not been adequately addressed by courts or scholarship in the context of cyberspace.”
Herein lies the legal Bermuda triangle that is the dark web, as authorities won’t know for sure they’re even involved in a cross-border operation if the target is a Tor hosted site, at least not until they execute. At which point, should they confirm the likely reality that their target is located outside their jurisdiction they may have already undermined their entire legal case against the suspect. Such a discovery might make an investigator want to leave out a few of these inconvenient details from a court filling.
Speculating legalities of the Wall Street bust
Not much has changed since Marques’s arrest in 2013. Back in March of 2019 authorities surprised the men behind Wall Street Market (WSM), another fine upstanding establishment for dark web degenerates. Of the three men accused – Tibo Lousee, Jonathan Kalla and Klaus-Martin Frost – Frost and Lousee’s arrests seemed to have been on the up-and-up, or at least there’s enough evidence to make the case that they were.
Kalla’s arrest, however, draws suspicion. According to court documents, Dutch National Police (DNP) were able to correlate administrative changes to the Wall Street Market made via a specific VPN provider, with overlapping time-frames of an IP (originating from the house where Kalla was staying) accessing the same VPN provider.
That’s some investigative magic there. Basically what the DNP are claiming is that they happened to be monitoring an individual using the same VPN provider that an administrator of WSM was using at the time changes were made to the site; and although WSM had a million subscribers at the time, (many of whom may have also been using the same VPN for all the investigators presumably knew) luckily they happened to be watching the right guy at the right time.
Based solely on the information above, it would seem at the very least a realistic possibility authorities used some questionable hacking techniques of their own to zero in on Kalla before they started monitoring him for evidence they could present in court. Again, the average internet citizen may be happy about the results, not caring much about the means; good riddance to bad rubbish and all that. But legal minds and libertarian hearts more familiar with these types of cases are expressing the same concerns summed up by Marques’s defense team. The combination of violating national sovereignty and individual rights is a slippery slope, one with a bottom that looks disturbingly similar to many authoritative regimes.
Still, it’s not all doom and gloom as there’s opportunity here as well. The legally gray areas of the dark web (should they be clearly legislated) could serve as the extremes that help to define the less convoluted areas of cyber law many local and international governing bodies are currently grappling with. Working all this out in advance may go a long way in avoiding the evolutionary consequences of a lawless vacuum and all the mayhem such a sociopolitical environment tends to foster. More of the right people need to get working on this, and the sooner the better.
A similar version to this article first appeared in C-Tech.