The deep web and recruiting radicals

As extremism moves into the deep web to take its message underground, law enforcement faces a new challenge, Alex Szokalski writes.

With the rise of Salafi-Jihadism, radical material in the form of glossy, high production, magazine format ads were – and still are – available on the ‘surface web’, or the regular Internet, with a simple Google search.

This material was easy to find for those who were feeling marginalised and could provide a narrative to justify and normalise extremist values. In turn, this viewing could lead to individuals developing radical ideologies.

Available on the general Internet, law enforcement had the ability to track who was accessing such material, and if it was being distributed. It also provided insight into the thought processes of extremist organisations and their methodologies.

This proved invaluable in creating counter-terrorism strategies and tracking extremist activity. One downside, however, is that it is not possible to accurately know how many people traded this information via hard drives or printed hard copies, so it’s true spread could, in fact, be much larger than law enforcement estimates.

In an increasingly cyber reliant age, privacy is also becoming a concern. With products such as TVs, door locks, and cars being wired into the Internet, people understandably want to ensure their personal information is safe and secure.

More on this: Morrison’s ineffective proposal to counter online extremism

This has led to the use of encrypted messaging and email services, along with methods of providing private Internet browsing through the use of VPNs (Virtual Private Networks). However, they can also be used to hide extremist behaviour.

No doubt, extremist groups are aware they are being monitored.

As digital surveillance grows in scope and capacity, such groups will begin to examine ways of ensuring their information is not so easily intercepted.

Those who have been flagged for accessing extremist material must be more closely monitored if they are also found to be searching for methods to enhance their Internet privacy.

Encrypted messaging services work by scrambling an outgoing message, that is only unscrambled at the receiving end with an encryption key.

In the app WhatsApp for example, the encryption key is not even known to the developer of the app, but rather is an end-stage function that occurs when the individual receives the message. This means that if law enforcement compels the developer to decrypt sent messages they cannot, as they do not hold nor can they access decryption keys.

VPNs work by rerouting an Internet user’s IP (Internet Protocol) through various servers to make it appear as if it has come from a different location. This can be used for benign reasons, such as to access different Netflix content, but can also be an attempt to hide more sinister browsing.

Of particular concern is what is known as the deep web. The deep web is only accessible using a VPN browser such as the TOR (The Onion Router) browser, which reroutes an Internet user’s IP through a number of nodes, effectively hiding their IP and real location.

An Internet Service Provider such as Telstra can see that someone has connected to the deep web, but all activity beyond this is not visible. Once connected, users can access private websites which generally have no identifiers.

More on this: Is Australia fooling itself on countering violent extremism?

The TOR browser was created by the US Naval Research Laboratory as a means of communicating anonymously online but has since spread beyond that scope. It is also used by journalists to allow the flow of information into and out of totalitarian regimes.

The deep web is roughly 500 times that of the regular web in raw data terms. To put this into perspective, the deep web is estimated to contain 7,500 terabytes of data, as compared to the 19 terabytes of data found on the regular web.

This presents a number of concerns, both for an individual using this service and for law enforcement.

Major search engines index websites on the surface web. They compile a list of keywords in a hosted website and pull those websites up when people search for them. Sites on the deep web are not indexed, and purported search engines on the deep web are unreliable at best and blatantly fake at worst.

Websites on the deep web are often hosted on private servers, and without possessing the specific onion address, websites are difficult to find. Further, hosts and site owners are able to monitor their traffic and determine who is accessing their websites.

Websites exist undetected on the deep web with a wealth of extremist information – sharing their ideology and the narratives of their cause, as well as information on how to construct bombs or avoid law enforcement detection.

This cuts both ways, however, and the deep web could actually allow law enforcement to circumvent the anonymity of TOR, more easily identifying those seeking extremist material by setting up a fake onion site and monitoring its traffic.

More on this: How should the world tackle far-right extremism?

Still, it raises significant challenges. If a host suspects that law enforcement is accessing their site, they can simply change the address. When this happens, it can be very difficult to find it again. Website links can be shared via encrypted messages or even simply be passed physically on a scrap of paper, and are difficult for law enforcement to track.

As privacy concerns grow, legitimate as they may be, those who endeavour to spread extremism will use the same means to avoid law enforcement.

Extremists using encryption services and the TOR service are much better equipped to avoid detection than those on the surface web.

Policy to counter this should focus on monitoring individuals who search the web for instructions on TOR browsers, VPNs, and encryption services alongside searches for extremist material, be it white power or jihadist extremism. Counter-terrorism efforts could also include the setting up of fake extremist websites to monitor who is accessing them, effectively circumventing the anonymity of TOR.

Policymakers should be careful, however, to protect civil freedoms. Attempting to shut down services like VPNs and TOR on the basis of extremism would be too blunt a response. Press freedom would be dealt a crippling blow and those in totalitarian regimes could lose their voice.

There exists a network of deep web users who attempt to add to the growth of the deep web in a positive and constructive way, to promote and ensure civil rights, press freedom, and personal privacy, not extremism.

It is critical to seek out and engage these individuals, perhaps by creating a deep web forum, in an effort to track down extremists and remove their content from the deep web. These problems may be new and difficult, but law enforcement must face them with creativity and collaboration.