Senators publicize Silk Road

On Sunday, June 5, 2011, Senators Charles Schumer of New York and Joe Manchin of West Virginia sent a letter to Attorney General Eric Holder and Drug Enforcement Administration (DEA) Administrator Michele Leonhart, demanding the suspension of Silk Road, a website that allows people to buy and sell drugs online anonymously.

According to New York Senator Chuck Schumer:

“[Silk Road] allows buyers and users to sell illegal drugs online, including heroin, cocaine, and meth, and users do sell by hiding their identities though a program that makes them virtually untraceable. It’s a certifiable one-stop shop for illegal drugs that represents the most brazen attempt to peddle drugs online that we have ever seen. It’s more brazen than anything else by lightyears.”

Silk Road makes use of a digital, peer-to-peer currency called bitcoins, which allow payments to be untraceable. Regarding bitcoins, Schumer argued, “It’s an online form of money laundering used to disguise the source of money, and to disguise who’s both selling and buying the drug.”

In response to the Senators’ demands to shut down Silk Road, the DEA spokesperson Dawn Dearden said:

“[The DEA] is constantly evaluating and analyzing new technologies and schemes perpetrated by drug trafficking networks. While we won’t confirm or deny the existence of specific investigations, DEA is well aware of these emerging threats and we will act accordingly.”

Bitcoin users argue…

Although many people were only made aware of bitcoins through the media spotlight on Silk Road, the digital peer-to-peer currency was not designed to facilitate online drug abuse or money laundering. The currency is acquired through exchange sites, which allow users to transfer actual currency, such as euros or US dollars, into the digital currency. While hackers use bitcoins for donations, there are also a number of legitimate uses for bitcoins, such as funding organizations including the Electronic Frontier Foundation (EFF).

Unfortunately, because the senators presented the threat of Silk Road and bitcoin as one in the same, many seem to believe that bitcoins facilitate black market transactions. The reality is that bitcoin operates independently from Silk Road.

Proponents of the currency argue that shutting down bitcoin because it can be used to purchase drugs is much like banning cash, since it could be used for illicit purchases. Bitcoin users are concerned that the US government might shut down exchanges, such as Mt. Gox, which are used to purchase bitcoins.

Silk Road Unaffected

Targeting the bitcoin currency would be an entirely pointless activity, in terms of targeting Silk Road transactions. Because the site is hosted by the Tor network, it can easily shift servers and possibly change payment methods. Thanks to Tor’s anonymizing service, personal information is kept hidden from the authorities.

The process of exchanging hard currency into bitcoins is not completely anonymous. There are exchanges with actual bank accounts, such as the Mt. Gox Bitcoin Exchange, which some fear may be targeted by the US Justice Department and other law enforcement agencies. Some bitcoin users maintain that if transactions involving bitcoin exchanges are banned, a layer of shell companies might continue to facilitate the change.

Furthermore, US law enforcement agencies may have trouble stopping the exchange of the digital currency without collaboration from their peers worldwide. It’s long been speculated that the bank account for Mt. Gox is located in Japan, and other evidence points to other exchanges operating outside of the US.

Summary

This article takes a look at the website Silk Road, which has recently come into the focus of two US Senators Charles Schumer and Joe Manchin, in June 2011. The Senators called for the Drug Enforcement Administration to shut down the website, which facilitates the buying and selling of illegal drugs – such as heroin, cocaine and meth – completely anonymously. Silk Road is able to hide the identities of its users through the Tor anonymity network, along with the use of bitcoins, which are an untraceable peer-to-peer currency.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:

-          De-centralized architectures (III.B.b.)

-          Privacy-enhancing technologies (III.B.c.)

-          Anonymity tools – applications and payment processing (III.B.d.iii.2.)

Projects such as the Tor Project and bitcoin, which focus on decentralizing systems and hardening infrastructure and apps against censorship is an ongoing process. This article discusses how bitcoin, a relatively new attempt at a decentralized internet currency works.

What are Bitcoins?

In 2009, Satoshi Nakamoto created bitcoin, a peer-to-peer digital currency system that aims to re-establish privacy and autonomy by avoiding banking and government middlemen. The bitcoin system allows individuals and merchants to generate and exchange modern money in a direct manner. Bitcoins are a type of “virtual” currency, which can be thought of as the virtual currency in online games, where people outside the game are able to trade it for physical money.

How does Bitcoin work?

Bitcoins are generated by users on the internet running a bitcoin miner, which is a free application. Mining bitcoins requires a certain amount of work per block of coins. The amount is automatically adjusted by the network to ensure that bitcoins are created at a predictable and limited rate. Bitcoins are then stored in an online wallet, and can be transferred to other individuals. Currency services exist in order to exchange bitcoins for hard currency.

The first step is to download the official bitcoin client, which runs on Windows, Mac and Linux. It will create an online wallet and download transaction history automatically. Once the wallet is set up, the user will be ready to receive bitcoins. Bitcoins can be received for products and services. The following are merchants that will trade coins for cash or credit card payments:

-          bitcoinexchange.com – this allows users to buy and sell bitcoins using euros through SMS/Phonepayment or bank transfer

-          bitcoin4cash.com – this offers bitcoins for cash sent through the mail. There is also a service to pay for bitcoins through bank wire.

-          bitcoin2cash.com – is another service that offers bitcoins for cash sent through the mail.

Some advantages of using bitcoins include:

-          Transferred from person to person, eliminating the need for banks or clearinghouses

-          Service fees are much lower than traditional transfer methods

-          Bitcoins can be used in any country

-          No prerequisites

Growth of Bitcoins

The use and value of bitcoins continues to increase. In fact, in October of 2010, each bitcoin was worth about $0.06. By March 2011, each bitcoin was worth about $0.87 and as of June 1, 2011, one bit coin was worth about $8.67. The places bitcoins are accepted are increasing as well. For example, the following websites accept bitcoins as donations:

-          Electronic Frontier Foundation (EFF)

-          Freenet Project

-          Singularity Institute

-          I2P Anonymous Network

Since its introduction, the following services have been developed, in order to provide new ways of buying and selling bitcoins:

-          CoinPal – Uses PayPal to purchase bitcoins.

-          CoinCard – Allows the use of bitcoins for the purchase of gift cards.

-          Mt. Gox – The leading bitcoin exchange.

-          BitcoinUSA – Complies with all US government regulations on financial exchanges.

-          bitcoin-otc – an “over-the-counter” marketplace that conducts trades between parties in the channel.

Bitcoin Concerns

As of June 2011, bitcoin is being targeted by two US senators, after suspicions that the currency is being used to buy drugs anonymously. Democratic senators Charles Schumer (New York) and Joe Manchin (West Virginia) wrote to the US attorney general and the head of the Drug Enforcement Administration (DEA) regarding the untraceable nature of the currency.

According to Dawn Dearden, a DEA spokesperson, the DEA is “constantly evaluating and analyzing new technologies and schemes perpetrated by drug trafficking networks. While we won’t confirm or deny the existence of specific investigations, DEA is well aware of these emerging threats and we will act accordingly.”

Many observers fear that the government might then decide to shut down bitcoin exchanges, such as Mt. Gox, which would significantly hurt the bitcoin economy. Some argue that the value of bitcoins is artificially inflated by speculators, so if these speculators panic, the value of the currency will probably crash. Users point out that it is unlikely that government institutions would completely eradicate the use of bitcoins. Since it is a decentralized system, all it takes is two people running the open-source client software to keep bitcoins going.

Summary

This article takes a look at bitcoins, a peer-to-peer currency introduced in 2009. The bitcoin system is decentralized, which means there is no single authority that issues currency or tracks transactions. Bitcoins can now be used to purchase products and services and they can be exchanged for dollars, euros or other currency. As of June 2011, bitcoins are at the center of a scandal suggesting that they are being used to anonymously purchase black market goods.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:

-          De-centralized architectures (III.B.b.)

-          Privacy-enhancing technologies (III.B.c.)

-          Anonymity tools – applications and payment processing (III.B.d.iii.2.)

The scheduled drug raid was a joint operation with MI5, MI6, the US Drug Enforcement Agency and organized by the Serious Organized Crime Agency.  SOCA received £416 million in funding for 2006 (about $625 million), but did not release how much of that budget went for the covert operation.  An internal source claimed to The Times – London that the aborted operation cost over £100m ($150M). The agent responsible for the loss, referred to only as ‘T’, lost her purse somewhere between the airline terminal, the immigrations checkpoint and a bus from El Dorado airport in Bogota, Columbia.  She was heading to her new office at the British Embassy.

A Soca spokeswoman said: “Soca has introduced its own clearly defined data handling and security policies. During the year to March 2009 — the first year we have been required to report any breaches — there wasn’t a single breach of personal or sensitive data by Soca staff.”

The agencies took the first steps by defining data handling policies and measuring/reporting against them.  An inquiry and formal investigation into the event occurred, and remedies put in place appear to be working.  The obvious question – why was encryption not used for this sort of situation?

The secure computer on a USB key was developed for just this sort of cloak and dagger thing. There are encryption routines built into every commercial operating system available today.  Dozens of security vendors sell encryption software, ranging from Full Disk Encryption, to mobile device encryption, to file level and storage encryption.  The US National Security Agency helped Microsoft with Windows Vista. They designed a security enhanced version of Linux.  The British Intelligence folks have their hands in a few secured systems as well.

Encryption ought to be just another wicket in the engrained security processes of an intelligence operation.  In fact, encryption ought to be a requirement for every organization that processes private or mission critical information.  Security product provider Checkpoint points out the dire situtation best in a February 2009 UK survey: “…less than 50% of the UK public and private sector organisations use any form of data encryption.”

As a privacy professional, knowledge of information security and its ramifications to privacy are paramount to successful data protection.  Personally Identifiable Information, Private Health Records, Personal Financial Information – it’s all only as confidential as the protections surrounding it.  If the security provisions do not guarantee the data are available and the integrity’s intact, there could be more than fines or company reputation at stake.