Of the Dark Web, online sex offender registries, and paedophiles

• A sex offender registry only works if you can catch them first to register them
• Online investigations and government hacks should not be view lightly

THIS will easily be the most controversial blog post I ever write, so consider yourself forewarned.
 
It’s controversial because it touches on multiple taboos in our society: Sex, child abuse … and security theatre.
 
You see, there’s been a growing call for a national sex offender registry, especially in the wake of news that a British paedophile had sexually abused up to 200 children in Malaysia, over a prolonged period of time.
 
The news is especially shocking for Malaysians, who are still coming to grips with the fact that a foreigner had abused our children, in our country, right under our f**king noses, and we’re only now learning about it, years after the abuse had taken place. And the details are still sketchy.
 
Many have renewed the call for a sex offender registry. The idea being that if we start registering sex offenders, we could more easily monitor them, and be able to limit their ability to abuse children.
 
It’s a great idea, but it wouldn’t have prevented these 200 children from being abused – because Richard Huckle (pic) had not previously been convicted of any sexual abuse, he wouldn’t have been on the registry even if we had one.
 
Then we have calls for better screening of people who work with children. Another great idea, but again, one that wouldn’t have been effective in stopping Richard Huckle.
 
Perhaps an extremely thorough and indepth screening process that included interviews with his parents, grandparents and fourth grade history teacher would have uncovered something about his psychology that could have triggered some alarms, but that level of screening is unrealistic and a gross invasion of privacy.
 
Finally, we have calls for better sex education in schools, which I’m 100% in favour of. Proper sex education may have prompted one of Huckle’s victims to speak out or report the issue, which may prompted his arrest at a much earlier time – but ultimately, these were impoverished children who were not given access to proper education anyway, so sex education in public schools probably wouldn’t have helped them.
 
But are we forgetting something obvious?
 
You gotta catch them first
 
A registry relies on you being able to catch paedophiles. After all, sex offenders are only registered once they’re caught, and not before.
 
If Malaysia really wants a registry to work, we not only have to implement it, but aggressively pursue paedophilia wherever it may be, to arrest and begin registering these offenders. We can’t be sitting about, shaking our legs, hoping for more victims to step forward and report their abusers. We need to thoroughly pursue pedophilia online, and search it out wherever it might be.
 
But that makes some people uncomfortable, and for good reason – it’s creepy.
 
In the Huckle case, the investigators managed to track him down because he was a frequent visitor to an online paedophile forum called the Love Zone.
 
Australian police manage to tie the identity of the operator of the Love Zone to a real-life Australian, and through sheer luck, catch him while he was actually administering the website. From there, they got a list of visitors to the site, which led them to Huckle.
 
The Love Zone was hosted on the so-called ‘Dark Web,’ which I assume means a TOR-hosted website.
 
TOR (originally The Onion Router) is a piece of technology that allows for the anonymous hosting of websites – as well as anonymous browsing, but you knew that already!
 
Govt-sanctioned hacking
 
So how does the US Federal Bureau of Investigation (FBI) or Australian police actually find paedophiles who host their disgusting content on the Dark Web?
 
They HACK them. Yup, government agencies actually hack into these websites and gain access.
 
And in some cases, they hack not just the servers that host the content, but the visitors to these sites.
 
At this point you’re probably saying, ‘So what, Mr Tech Evangelist? Who cares about the Dark Web, it’s a downtrodden network of hoodlums and drug dealers, why should we care about undermining the TOR network, or law enforcement hacking computers on them?’
 
Well, for one thing, the TOR network is how many journalist and whistleblowers securely use the Internet: Bloggers who speak out against Mexican drug cartels, and dissidents of repressive regimes, and yes, even regular Facebook users.
 
A vulnerability on the network makes these already vulnerable individuals even more vulnerable –but that’s not all.
 
Users on TOR start out anonymous by default, in many cases unless the user is hacked, his or her identity remains a secret – and this complicates law enforcement, which is based on geographic jurisdiction.
 
And while nobody has sympathy for paedophiles getting hacked, the truth is more complicated.
 
The FBI and Playpen
 

 
When the FBI ran an operation on Playpen, a massive online paedophile forum, the agency didn’t shut it down once it managed to take control of it. Rather, it continued hosting child pornography on its own servers in the hopes of further unmasking the site’s frequent visitors.
 
Let me rephrase that last sentence: In trying to find out visitors to Playpen, the FBI hosted child pornography on US Government servers!
 
The FBI didn’t just host the content, it started hacking the computers of visitors to the site, and managed to get thousands of ‘real’ IP (Internet Protocol) addresses.
 
Yes, but what the FBI did was bloody genius. Since it controlled the servers of the website, it injected a little Flash application that would run on the visitor’s machine, and ping back the real IP address instead of routing it through TOR.
 
There’s a lesson there for everyone: Disable Flash … NOW!
 
It all sounds a bit technical, but basically the FBI hacked the computers of every visitor to Playpen, used its hack to expose the visitors’ true identities, and then nailed those paedos with arrest warrants.
 
In the end, 137 paedophiles were caught in the operation, and most people rejoiced. Who wouldn’t have liked the sight of hundreds of child abusers being sent to prison?
 
Except nobody went to prison, thanks to those meddling civil libertarians.
 
The legal complexities of hacking
 
You see, civil libertarians weren’t exactly pleased with two things. For one, the FBI didn’t reveal the nature of the hack, and a federal judge agreed with them, saying:
 

 
The second issue with the FBI hack was a ‘technicality’ regarding the issuing of warrants. The magistrate who issued the warrant for the FBI to hack into computers visiting Playpen was in Virginia, but the visitors to the site were from areas outside his jurisdiction.
 
The warrants were not valid, and hence the entire exercise was deemed illegal.
 
It seems those meddling civil liberties are afforded to paedophiles as well as us regular folks. Who knew?
 
The kneejerk reaction would be to allow warrants to expand beyond geographic boundaries, but that would be an enormous expansion of government powers – and something that shouldn’t be viewed lightly, even if it allowed us to catch hundreds of paedos.
 
Conclusion
 

 
The point is, sex offender registries and screening procedures would have no effect in combating child sex abuse unless we actually catch the paedophiles to begin with.
 
And in the age of the Internet, the only way to catch them is to aggressively search them out on the Dark Web, and if needs be, visit and hack into every single kiddie porn forum there is.
 
But as we saw, allocating government dollars to allow law enforcement officers to visit child porn forums, hack into them, and continue hosting their content seems a pretty hard thing to stomach.
 
It gets even more disturbing, as kiddie porn forums are usually international in nature, and extend beyond the limitations of laws we have in place today.
 
What we truly need is the proper legal framework to address the jurisdictional complexities it poses, and a task force with the requisite technical skills to find and compromise these sites.
 
If politicians wanted to work on something, it should be that.
 
Keith Rozario blogs at keithRozario.com covering technology and security issues from a Malaysian perspective. He also tweets from @keithrozario. This article first appeared on his blog and is reprinted here with his kind permission.
 
Related Stories:
 
Apple vs FBI: What you need to know
 
Net censorship: Do the ends justify the means?
 
Unpeeling the Dark Web with OnionCity
 
 
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.