Limiting anonymity helps expose terrorists (and hackers) * TorrentFreak
Home > Law and Politics >
The International Center for Law and Economics believes that cloud hosting providers and related services should do more to deter illegal activity. Responding to a request from the US Department of Commerce, the research center further notes that anonymous online activity through proxy servers, VPNs, the Onion (Tor) network, and even 8chan, can complicate law enforcement. .
Many people see optional anonymity as a key feature of the internet, but more and more calls for tighter identity checks are being heard.
Such requirements are not new. In everyday life, many people have encountered situations where they have had to prove their identity. When opening a bank account, for example. But online it’s rare.
That should change, according to some voices. In recent years, copyright holders and industry groups have called for stricter “know your business customer” rules. This effort is starting to bear fruit in Europe and more in the United States, similar calls are being heard.
Earlier this year then-President Donald Trump signed an executive order that partially addresses this issue. The executive order aims to prevent foreign cybercriminals from using infrastructure as a service (IaaS) products based in the United States. Specifically, this can be achieved by requiring these services to properly verify and maintain the identity of non-US customers.
The US Department of Commerce is studying the best way to implement this proposal. To do this, it launched a public consultation soliciting the contribution of various experts and stakeholders.
Last week, the response from the International Center for Law and Economics (ICLE) was posted online. This independent bipartite research center draws on contributions from academics and regularly shares its thoughts on important policy debates. This includes the executive decree on cybersecurity.
According to ICLE, real anonymity is hard to come by on the Internet. Using the term “pseudonym” would be more appropriate. However, some tools and services definitely make it harder for law enforcement to track down criminals.
VPNs, Tors, and proxy services can be used for good. However, they can also be abused by malicious actors, the research center notes.
“[I]However, when anonymity is combined with easily accessible tools such as virtual private networks, proxy servers and The Onion Network (Tor), it can tend to confuse law enforcement, ”they write.
Carefully calibrated policy
The overall message of the research center is clear. ICLE believes that, through a carefully calibrated policy, IaaS providers may be required to collect and share sufficient information to identify criminals.
This information does not need to be complete or infallible. The goal should be to minimize the burden on IaaS providers and their customers while collecting enough information to identify bad actors.
“[T]he Department pursues a sound policy by instituting KYBC requirements on IaaS providers. Ultimately, the question is not whether to adopt such a policy, but how best to do it, ”writes ICLE.
“Understanding that no system will be perfect and that the large amount of customer relationships from IaaS providers are expected to continue relatively unloaded, the final ministry rules should capture most of the bad actors by relying on the obligation to provide minimal, but sufficient user information. “
Tor, VPN and 8chan
The research center believes that less extreme policy interventions can have a big effect. At the same time, however, it also suggests that IaaS products aren’t the only problem.
ICLE notes that other “anonymous” online services, including 8chan and file sharing platforms, have been used by terrorists, including those involved in the attacks in San Diego and Christchurch.
“In the case of an attack on a synagogue in April 2019 in San Diego, for example, the author allegedly both took inspiration from the attack on the 8chan forums and used the site to advertise his actions and attract more attention from like-minded users.
“The perpetrator of the San Diego attack also used other services that allow anonymous interaction, such as Pastebin and Mediafire. Similar sites offering free anonymous file sharing are widely available online, ”adds ICLE.
Anonymity is also abused by copyright infringers. Although the research center notes that this is not as dramatic as terrorist attacks, services such as VPNs can cause application problems.
“For example, LiquidVPN was sued earlier this year for designing and marketing its services as a ‘no-log’ VPN. LiquidVPN has promoted its service as allowing the use of peer-to-peer networks and pirate streaming websites with impunity, as the company would not be able to comply with requests from ISPs or licensees. rights to unmask users.
These examples could offer policy lessons that can help the government shape its approach to anonymity in the context of IaaS providers, the researchers write, adding that existing privacy regulations such as the European GDPR should be kept in check. ‘spirit.
ICLE is not the only organization supporting the new regulations. The Motion Picture Association (MPA) also supports the decree and has asked to extend it to other services such as DNS servers, reverse proxies and cryptocurrency exchanges.
Coincidentally, or perhaps not, the MPA is also a financial contributor to the ICLE. In the latest MPA tax return that we could find online (2018), the film industry group reported a contribution of $ 200,000 to the research center.
A copy of the International Center for Law’s comments and suggestions in response to the US Department of Commerce consultation is available here (pdf)