by Power, Mike
In 2009 Laszlo Hancyez, an American programmer, made the world’s first purchase using bitcoins.5 He sent the bitcoins to a British man who called in a credit card payment transatlantically. It was a pizza, and it cost 10,000 – a sum worth £75,000 in November 2012. Today, many thousands of bitcoins are circulating around Silk Road users, and around 12,000 per day are spent on the site, at a value in late 2012 of around £7.50 each.
Silk Road users value the currency for its supposed anonymity, although it is not entirely untrackable to the curious and competent, nor is it entirely safe. Live by the chip, die by the chip: in June 2011 a user named Allinvain claimed that 25,000 coins had been stolen from his computer. A week later, a hacker compromised security at MtGox, a Japanese firm which handles the vast majority of cash-to-coin exchange, and pretended to be selling off a vast chunk of the currency. As a consequence the price dropped to zero, allowing him to steal thousands of coins. The system was then flooded with speculators, forcing MtGox to limit withdrawals to US$1,000 worth of bitcoins a day to stem the flow and prop up the dollar-value of the currency.6
Network analysts Fergal Reid and Martin Harrigan of University College Dublin wrote a 2012 paper baldly titled ‘Bitcoin is Not Anonymous’. In it they demonstrated what the high-tech coining community knew – that the blockchain recorded all transactions. Reid posted in a comment thread following the release of his paper, ‘You don’t get anonymity automatically from the system. A lot of people out there think you do.’7
But the determined user can retain anonymity easily enough in the US at least, by entering a bank and paying cash into an exchanger’s account, for bitcoins are now traded just as dollars and euros are. (They now have a value that is decided by the market. The total bitcoin market capitalization stood at £72 million in November 2012 – with around 10 million coins valued by the secondary market at around £7.50 each.) By this method, cash exits the real world, and from there can enter the miasmic smog of this market.
Bitcoin addresses are generated anonymously and instantly, and infinitely. You can launder bitcoins bought with pounds from your bank account and send it through 100, or 1,000, anonymous bitcoin accounts that you have generated and which you control in just a few hours, then use them to buy drugs. There is no trace, especially if you connect to the net with Tor.
And there are many services online where users can buy other digital currencies, and convert them into bitcoins. Liberty Gold is a virtual metal-backed currency from Costa Rica, purchasable automatically from anonymous servers with Western Union cash payments, whereby participants swap the transaction number for invisible currencies which they can then swap into other currencies. You could for a short period in 2011 even buy bitcoin by SMS: users would buy a simcard from Poland, or Belgium, or one of a dozen other countries, charge it with cash, send a text and receive their coins to their handset. ‘Mixing’ services too, can tumble the coins in and out of thousands of other bitcoin transactions and accounts, making a dense web of mathematics even denser still. When most investigators can’t even understand the basics of encryption, the likelihood that they or a jury member will reach an understanding of bitcoin is minimal.
And when most small-scale drug transactions are small, under £100, who’s watching? The answer, so far, is that no one has been busted using evidence from the bitcoin blockchain. Bitcoin addresses, where you receive and store coins, are randomly generated strings of letters and numbers, and there’s no ID check system – and you can create another in moments. If that’s not enough, the more paranoid users can use a service such as Bitcoinfog, which matches deposits and transactions randomly, paying out the total you paid in in a series of different amounts. Then there are instawallets, temporary, one-time-use holding accounts where coins can be stored for a few seconds over an anonymized net connection and spat out elsewhere. Or there’s Coinapult, a jokey service allowing users to sling coins to each other across the ether. There are games such as Satoshi Dice, a gambling game that allows micro-bets on random chance algorithms. Since the currency is divisible to eight decimal places, the thousands of tiny bets further complicate the block chain and disguise criminality.
There’s no denying that this is a minority sport, and that the process is arduous, and can sometimes fail completely. Online wallet services, where coins can be stored on the net, rather than on your computer’s hard drive, are often scams that can easily fleece users. The complexity of the system does not lend itself to the kind of impulse purchase made by some drug users. But that hasn’t stopped thousands of users of the Silk Road from embracing the technology. Networks grow and proliferate if they are populated, required and scalable. Bitcoin, Tor and the Silk Road fulfil all of these criteria.
Might this arcane and hidden world spawn new and different versions of itself? Those who believe this system is so complicated that it will never catch on might perhaps consider that within living memory, even configuring basic internet access took expert knowledge. Nowadays, we only actually notice our net connections exist when they drop.
Encryption is what makes this market possible, and what makes it so hard for lawmakers to attack. Encryption works by scrambling information and only allowing the holders of two sets of keys to decode that information. The public key is known to everybody and is published. The secret key is held only by the recipient. Alice wants to tell Bob some sensitive information – or indeed any information intended only for his eyes. So Alice uses Bob’s public key to encrypt the message to him. Bob uses her private key to unlock, or decrypt the information. No one else can read it.
In a 1991 paper, Phil Zimmermann, coder and security specialist, and author of the software package Pretty Good Privacy, wrote:
It’s personal. It’s private. And it’s no one’s business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don’t want your private electronic mail (email) or confidential documents read by anyone else. There’s nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution. The only way to hold the line on privacy in the information age is strong cryptography.8
If governments or police wanted to read the messages between Silk Road users, they’d have to spend years in so-called ‘brute force’ attacks, where hundreds of millions of possible passwords are tried one after the other.
In the UK, though, if you are investigated by police and use encryption, and refuse to give your passwords to investigators, you will be charged with a crime and jailed under the Regulation of Investigatory Powers Act (RIPA). No matter what your defence, no matter what crime you are under investigation for, even in the absence of any other evidence, if you maintain your right to private communications, you will be deemed a criminal and jailed.
IT website The Register reported in 2009 that the first person jailed under part III of the RIPA was ‘a schizophrenic science hobbyist with no criminal record’. Found with a model rocket as he returned to London from Paris, he refused to give police the keys to his encrypted data, indeed, he refused to speak at all, and was jailed for thirteen months. Six months into his sentence the man, named only as JLF, was sectioned under the Mental Health Act and does not now know when he will be released.9
It’s highly likely that legislators will one day use the menace of online drug deals as a justification for intruding into people’s privacy. A happy consequence for the government of its targeting of this straw man folk devil will be unfettered access to all our private thoughts and conversations.
You can never be sure a conversation is private without encryption, John Callas, an American computer security expert who co-founded PGP Corp with Zimmermann, tells me. The German government broke Skype’s encryption models by releasing malware and viruses into the wild that can easily unscramble voice calls across the network, allowing it to eavesdrop at will, he tells me – across a Skype line. ‘In the old days, hundreds
of years ago people could speak privately by going out and taking a walk around the green and talking among themselves and there was no way people could listen in,’ he told me. ‘Today [with long-distance communication so commonplace] there’s no good way to do that except by using technology. Encryption lets you have a private conversation with anyone else, and that’s needed by business and anyone that wants to talk in private.’
The history of encryption is a fascinating tale of early net privacy campaigners facing down the government – and winning. From the 1970s onwards, encryption was considered military hardware and could not be exported from the US. In 1995 Phil Zimmermann had the source code for PGP printed in book form and sent to Germany from the US, since the export of literature was not banned. An engineer in Germany scanned the code, recompiled it and distributed it online. The export regimes were eventually liberalized, as the government had to accept that encryption was nothing more than maths. ‘These networks were not designed to respect orders,’ deadpans Callas.
Could governments roll back encryption advances in order to prevent online drug dealing, and halt secret communications? ‘I think the toothpaste is out of the tube,’ says Callas. ‘Cryptography, in some form, is used by people every day all the time. Whenever you buy something online, your purchase details and delivery details are all encrypted. There are reasons for that – there are gangs that want to steal your info and defraud people with it. The reality is that among the other problems society has, including the Mafia stealing from old ladies, the way to protect them is encryption. It is flat technologically impossible to manage encryption,’ he told me.
Callas is certain government will focus on the drugs issue in the upcoming debates around encryption and privacy. ‘Encryption is why the big NSA [National Security Agency] facility in Utah is being built. The NSA understands it is a new century and they need new technology for what they are doing,’ he said. The new NSA facility is a data-harvesting plant in the desert near Utah. It will cost two billion dollars to build, will measure a million square feet, and will be able to store 500 quintillion pages of information. It is Callas’ belief that this centre is being built for traffic analysis purposes – seeing who is talking to whom, how often and for how long – and to engineer password-breaking technologies. Though encryption is essentially uncrackable, passwords are generally trivial to break. Traffic analysis can also be used to gather valuable data on communications that have passed through Tor.
In just under two years, the Silk Road administrators have used technology and ingenuity, along with innovative crowdsourcing solutions to internal and external threats, to achieve what thousands of campaigners have toiled since the 1960s to achieve: the right for people to buy and sell natural and artificial chemicals that affect their consciousness in ways they choose without interference from the state. It is a paradigm shift that cannot easily be reversed.
The growth of Silk Road may have provoked the very public forced closure in 2012 of one of the net’s longest-standing online drugs markets. The Farmer’s Market, or TFM as it was known, was an accident, or more accurately, a bust, waiting to happen. The site operated for a number of years as an email-only service at [email protected]. Later, it ran its business on the anonymizing Tor network but, foolishly, even there, used the Hushmail encrypted email service to serve its thousands of international customers rather than using its own encryption. The site sold mainstream psychedelics – MDMA, LSD, ketamine and high-potency marijuana and hashish, along with DMT, psilocybin mushrooms and mescaline. Its vendors were connoisseurs, and offered rare cannabis strains and seeds seldom available anywhere else. It was mainly a boutique online marijuana store and its descriptions showed the expertise of the obsessive.
TFM’s existence was an open secret in the online drug dealing and purchasing community – far too open. The only startling thing about the closure was that it took so long. The site was like a proto-Silk Road, but crucially, as court papers would reveal in 2012, it accepted payment methods that were traceable and insecure. Users could join the site with no invitation, and therefore with no background or reputation checks. With its drop-down menus and creaky lo-fi design and jagged fonts, it felt a rather rustic kind of place, an artisanal street market – if street markets had rickety oak barrels filled with pounds of free-flowing crystal ketamine and fragrant sprigs of marijuana rather than single-estate coffee beans and overpriced sourdough bread.
The bust came one year after mainstream media outlets became aware of the Silk Road’s existence; it was a showboating exercise to satisfy political pressure from the US to do something about the new internet drug menace – and maybe to scare off users from buying drugs online generally. The bust was hardly hi-tech, nor was it particularly ingenious, however much the police attempted to portray it that way. Undercover agents infiltrated the network posing as buyers, and simply made orders that revealed the network’s international links, names, bank account details of the recipients of funds, and addresses connected to the dealers.
Every criminal enterprise has a weak point, and one of TFM’s most fundamental errors was that it took payment via various insecure and far-from anonymous means, from PayPal to Western Union international transfers. They also accepted I-Golder, a digital gold currency, and Pecunix, a similar currency, which stores its ingots in Swiss vaults but is incorporated in Panama, the Central American banking powerhouse that borders Colombia to the south and east.
The Pecunix payments were laundered through various PayPal accounts, and then sent through various accounts in Hungary, Western Union payments skipping across continents to become balances on-screen in I-Golder and Pecunix accounts, and back, and forth until TFM’s dealers thought, mistakenly, that the money was crisply laundered. They were wrong. The transactions had been tracked through these systems; the paper trail was easy to follow. If they’d used bitcoin, the site’s operators would be free men today.
The indictment alleged that between January 2007 and October 2009, The Farmer’s Market processed 5,256 orders with a value of US$1.04 million. The site had over 3,000 customers in thirty-five countries, including buyers in every state of the USA. Forty-two-year-old Marc Willem, the lead defendant also known as adamflowers, was arrested on 16 April 2012 in Lelystad, Netherlands. The day before, Michael Evron, an American citizen living in Buenos Aires, Argentina, was arrested as he attempted to leave Colombia. Six other dealers and accomplices were arrested at their homes throughout America. At the time of research, none of their 3,000 customers had been targeted. The indictment ran to sixty-six pages, and documented hundreds of drug deals that the group had administered. The network was huge, covering countries in Central, Latin and North America, Eastern and mainland Europe. The men were charged before the United States District Court for the Central District of California on charges of conspiracy to distribute controlled substances, conspiracy to launder money, distribution of LSD, aiding and abetting, continuing criminal enterprise and criminal forfeiture. When the news broke online, panicked chatter spread across dozens of sites.
Police called the group ‘sophisticated’ and said it used ‘advanced anonymizing online technology’. This was not true; the group used proprietary encryption on a webmail service, Hushmail, which publicly stated it would cooperate with police if asked to do so. The ‘advanced anonymizing software’ was simply Tor, which, though it is indeed advanced, is something even the most technically illiterate web user can use easily. Briane Grey of the DEA said the operation – named Adam Bomb – ‘should send a clear message to organizations that are using technology to conduct criminal activity that the DEA and our law enforcement partners will track them down and bring them to justice’.10 The police’s intention was to give the impression they had infiltrated an elaborate and complex market; they had not – they had just sent a few emails and issued a few subpoenas to follow the money.
In the final analysis, TFM was low-hanging fruit for the police, and in grabbing it, they merely showed their hand early
and revealed the weak points of any online peer-to-peer drug smuggling network – communications and payment. The slew of news stories also told anyone who was listening that it was possible to buy drugs online, and that it was the dealers, rather than the site’s 3,000 happy users that the police were targeting.
The Silk Road’s payment and communication systems remain essentially impenetrable. It’s here on the Silk Road that the early net evangelists’ vision of a world where information flows freely, where no central hierarchy rules, and where the network takes precedence over the individual has finally been realized. Whether you celebrate or lament the fact that drugs such as cocaine, heroin and LSD are now available online with just a little effort and very little likelihood of legal consequences, it is undeniable that we are at a turning point in legal history.
Through a decades-long process of chemical and technical innovation, drug users and producers have beaten the laws made by a political system whose only response to increased drug use is a harmful, expensive, counterproductive and ultimately failed strategy of criminalization.
Over the course of the century or so that drug laws have existed in any meaningful form, a clear pattern has emerged. As each law to prevent drug consumption is made, a means to circumvent it is sought, and found. Those means can be chemical, legal, social or technological. We stand today at a crossroads formed by those four elements, with the web making possible communication between distant strangers, facilitating the sharing of limitless quantities of information, and enabling the distribution of drugs anywhere in the world. Where do we go next?
Notes
1. Nicolas Christin, ‘Traveling the Silk Road: A Measurement Analysis of a Large Anonymous Online Marketplace’, Carnegie Mellon INI/CyLab, July 2012; http://arxiv.org/abs/1207.7139
