The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> ALINA USTINOVA: Hello, everyone. We are going to start like now.
So I hope everyone who wants to join joined us. We will have a wonderful discussion.
My name is Alina. I'm from the Centre for Global IT for the youth Russian IGF. Today we will discuss a wonderful topic, DarkWeb.
I will make a remark that we will call everything we discuss the DarkWeb, but it is not like the term that usually is used to describe correctly what we are going to talk about because it is common knowledge. We will speak about it.
What we are going to discuss today, we will try to understand why people basically are afraid of DarkWeb and why maybe DarkWeb is not so threatening as we think actually.
And in the end we will try to answer the one question, so is it the cybercrime heaven or another layer of the web where society can also find benefits?
We are going to start with the basics because people sometimes they kind of mess with the terminology and they think that DarkWeb is actually something that only contains bad things. And they mess it up with a thing called deep web.
Our first speaker Milos. Can you please tell the different between DeepWeb and DarkWeb?
>> MILOS JOVANOVIC: Thank you very much. Thanks for organising this panel. It is very interesting. You know, topic because we should discuss about the DarkWeb, DeepWeb and all things on the Internet. Speaking about, I will start with DeepWeb. Speaking about DeepWeb we should say that DeepWeb is part of the Internet which is an indexed, speaking about conventional search engines like Google, like Yahoo and so on and so on.
If you understand how Internet works, we see some resources on the Internet. Which is available via, we can easily search on Google and so on and so on. But another part there are a lot of resources which is not available easily. So we should understand the architecture of the Internet. The main system, we have IP addresses, so on and so on.
We see the Global Network, I don't want to go into the fragmentation processes and so on. If you look at the Internet, there is a global available network in every part of our world. We should understand that there are a lot of resources which are available only via IP addresses.
So they have some different aspects how we can control this, what is behind this, what can we do accessing these resources. And this is a really interesting.
So speaking about DarkWeb and DeepWeb, you know, in our I would say community there are a lot of con fugues and misunderstanding what is DarkWeb, what is DeepWeb. Many people would say that DarkWeb and DeepWeb are similar concepts and speaking about terminology and so on and so on.
But I would agree with this. Speaking about DarkWeb, many people think that when we speak about DarkWeb, we generally speak about some bad behaviors, you know, buying some weapons, drugs, and so on and so on.
But on another hand we should underline that they are very similar approach when we speak about DarkWeb and DeepWeb. I would say that this is all about unindexed sources on the Internet.
So we can do bad things regularly when we visit some other publicly available, I would say, resources, speaking about Facebook, about social networks. About all other resources which we use every day. It is not only when we speak about DarkWeb that this is bad behaviors, speaking about some illegal things, so on and so on.
We should understand how Internet works. I would conclude that if we compare DarkWeb and DeepWeb, it is all about unindexed resources on the Internet.
>> ALINA USTINOVA: Thank you very much for answer. And of course, yes, the main concern of all the people that DarkWeb brings only cybercrimes, bring nothing wrong. So our next speaker Fifi will be joining us online. Do you hear us?
>> ABRAHAM SELBY: Yes, I can hear you.
>> ALINA USTINOVA: My question to you, in terms of cybersecurity, why DarkWeb tools for an ordinary user is considered dangerous?
>> ABRAHAM SELBY: Okay. All right, thank you for this. And as my colleague has explained the DarkWeb, it could be, we have a good side and bad side of it, not only for the criminal aspect of it.
Let me address this. When we are using DarkWeb tools, as you say, in terms of cybersecurity to the ordinary user, DarkWeb becomes very dangerous because we see that users are not familiar with how to use them safely. So how to use the DarkWeb's can be also dangerous. If you are able to use it safely, because people use it. They use it criminal activities and other stuff. But there are some specific risks that it can be seen and involved.
When we are talking about DarkWeb, one, it could be the malware aspect of it, that is part of the cybersecurity whereby there are some distributed malwares on the Internet which contain viruses that people use. They also have scams. Using the DarkWeb there are a lot of scam because people use for illegal activity. People are being scammed like phishing, scam attacks, phishing mills, maybe targeted to the ordinary user.
Let's say illegal activity, as my colleague was saying, people would be using it for some sexual aspect or child sexual abuse and materials and other stuff on the Internet.
When you move forward we also see the aspect of some people who don't have the capacity to learn how they can use it. This is in a sense that people who are using DarkWebs in conjunction with using the criminals online at the same time. So they may not be able to see how they can protect themselves.
This has various aspects of it, it is very cyberconcerned because the ability to use it very wisely can also help you protect you, but you might also know that DarkWeb tools are not encrypted. They are not protected like, unlike the normal applications. Where all the people use it for normal and DeepWeb applications for, and general aspects. They can also use for criminal activities.
The ability to use and also the ability to protect yourself.
Why is it? It is for the ordinary user? It is not highly secure and encrypted, whereby the DarkWeb also like you can be monitored at any time when a third-party organisation or for criminal offenses investigation. So these are the various consents that we have been -- concerns that we have been raising for the ordinary user. Because they are very prone to other threats on the Internet when they are using DarkWeb because they think that they want to access information privately. Thank you very much.
>> ALINA USTINOVA: Thank you for your input.
So does anyone want to add? Milos.
>> MILOS JOVANOVIC: I want to clarify when we speak about DarkWeb, DeepWeb, we need to understand that DarkWeb is part of the DeepWeb. Speaking about DeepWeb as I mentioned before, it is part of the overall network, the overall Internet. When we speak about DeepWeb, it is indexed. When we speak about cybercrime and illegal things and everything that is, you know, trending topic today, we should understand that it is not only exclusively on DarkWeb or DeepWeb or public resources. It is available everywhere.
When we speak about DarkWeb, we should understand there are many techniques, how you, which gives you availability to hide your metadata and so on. Onions protocol and different techniques talking about how to hide your metadata. So the main question, speaking about privacy, about security, is how to secure your own metadata in the concept of security.
So we should not make misconfusion and misunderstanding. DarkWeb is part of DeepWeb. We can consider all the resources on the Internet which are not indexed on search engines as a part of the DeepWeb. Yeah.
>> ALINA USTINOVA: So yes, this is the main concern and main confusion, you're right.
I want to ask Izaan, why actually like, now when people think DarkWeb is only criminal activity, only people who use databases and steal them and load them there and use it for some kind of bad behavior. But actually, is there something good in the DarkWeb? What benefits can it bring to the people?
>> IZAAN KHAN: Thanks, Alina. That is a very interesting question. I feel that the DarkWeb basically just a bunch of hidden services that are made available through tools like Tor and so on, can provide benefits that any other piece of technology that really has those anonymizing features or pseudoanonymizing features would provide to an individual who needs them. There are use cases for the DarkWeb to have services than only people from a tightly knit community can access. Those could potentially be journalists or individuals researching or communicating in situations of extreme censorship or duress, for example.
There are numerous website shall for example the New York Times that have mirror websites on the DarkWeb to allow individuals to access that when that content is usually going to be Internet from the ClearNet as we call it.
Digital activists have many, organisations and protests, as sometimes happens on these DarkNet platforms. So I think there is a lot of interesting use cases for this kind of technology, but over and above that I also feel that in general people should have the ability to protect their privacy online. And they should be able to use whatever services are at their disposal. This is one of them.
And of course, this gives rise to legitimate concerns on the other side of the coin which we see by law enforcement, how are we going to be able to tackle cybercrime online? Is all hope lost if we have totally anonymized services? No, we don't have to throw out the baby with the bath water as it is so-called and get rid of every privacy enhancing to go because it makes law enforcement difficult. There have been many cases of successful law enforcement that have taken place in DarkNet contexts.
We saw the shutdown of the Silk Road and second iteration of that and other DarkNet markets where drugs and other paraphernalia were stolen and being sold online.
We have seen other tools by law enforcement such as open source intelligence or infiltration to get rid of CSAM material on the DarkNet as well and apprehend those offenders. We have seen other hacking techniques, if there is a misconfigured server on the DarkNet, they can take advantage. They can run their own access nodes and sniff, and other techniques to fight cybercrime without having to get rid of that technology.
It is always an arms race. If you have removal of this technology, there will be another technology to replace it. There has to be than a approach, how we balance these issues of anonymity and things like free expression. That is my two cents on this.
>> ALINA USTINOVA: Yes, thank you. Izaan. Actually yesterday we had a wonderful talk with the Tor Project, yes, with the actually -- I hope he will join us maybe today and express the position of the Tor Project because they said interesting statistics that onion services is like where actually DarkWeb pages exist. It is like only one to 3 percent of the whole Tor browser traffic. So people access Tor browser not specifically to do something bad or some criminal activity, but just to use it as a VPN service, for example, because it encrypts your surfing the web traffic, but technology develops.
We see that lots of things appear now. And maybe with that technology it can affect both DarkWeb tools and not only in the DarkWeb it sell.
My question to Gabriela will be: How do you think emerging technologies in the future affect the whole DarkWeb?
>> GABRIELA: Thank you so much. I want to ratify the importance of what was said before. The DarkWeb in general is a tool, not the enemy. We are fighting the criminal organisations. So the crime on the Internet and the DarkNet is the problem.
When it comes to emerging technologies they can play a significant role in the fight against again these crimes in the DarkNet. The first of all that is again very popular everywhere. If you think of red tech technology, machine learning, AI. These technologies can be, for example, employed to identify patterns and anomalies in DarkNet activities, assessing law enforcement agencies and tracking illegal activities and identifying potential threats.
So again, you can just think of what is happening in the banking sector right now. You have the QAC softwares that are helping to understand the different money laundering techniques and patterns. This is something that can be reused eventually to seek some sort of criminal behavior and anomaly in the DarkWeb as well.
Then you have the improved encryption and cybersecurity aspect of it. Talking about enhancing techniques and security measures that can help protect sensitive data and prevent unauthorized access to DarkNet platforms. Again, many, many different hacking attacks and attempts are, of course, very much I would say popular. There is a race between DarkNet marketplaces right now. So if Silk Road Zero or Hydro or many others were shut down, there were sort of a competition between other DarkNet marketplaces that was taking place. It is still ongoing.
So they are trying to undermine each other. Here, of course, this is something that can be thought of in the future, thinking of a solution in terms of improved encryption, cybersecurity.
Then you have the blockchain and the disputed technology which again is very I would say popular. It is not a new technology. But these can be used to create transparent and tamper proof records, making it more challenging for criminals to conduct transactions on the DarkNet without leaving digital footprints. Then the events analysis which again is very popular I would say in the commercial Internet, if you will. So here again we are talking about leveraging big data analytics, which could help law enforcement agencies and of course other actors to undercover hidden connections, track financial flaws and identify individuals involved in criminal activities on the DarkNet.
Of course, the collaboration tools are the most important ones today. So enhanced collaboration tools can improve the coordination among everyone involved. Of course, work with the DarkWeb networks all together. In Europe we have the DNS directive a few years ago which kind of revolutionized if you will the overall understanding of cybercrime. European countries had to open a cybercrime unit within their organisations, which is very important. This is exactly what I would generally advocate for in every single country to do.
So again, I would say do not restrict the personal opinions online because again we are talking here about civil liberties and what other speakers were talking about the importance of having the option to be private on the Internet.
Again, I would say just the focus on the biometric identification of users is in my own opinion the wrong direction. I'm seeing several countries trying to implement that type of tooling, but again the identification of users is in my opinion a wrong focus. We should maybe focus on the technology. We should focus on the software companies, on the applications, how are they used. We should assess having maybe technical due diligence on the softwares. And trying to actually stop them rather than, or modify the use of software rather than focus on the users.
>> ALINA USTINOVA: Thank you, Gabriela, that's wonderful input to our discussion.
Let's say, we did cover one topic concerning DarkWeb. It is actually the protection of Intellectual Property. Many of the people, and we discussed this yesterday with the Tor Project. They said that many people, of course, use Tor browser for downloading some patent pirating. This messes with the whole system, the whole connection. It is very, very big files to download.
I want to ask the online speaker, Pedro, a question. How does the usage of DarkWeb tools actually DarkWeb affect protection of Intellectual Property?
>> PEDRO LANA: Hi, everyone. I would like to first of all wish everyone here greetings from Brazil. I hope everyone has arrived in the early morning after an amazing IGF night.
But to get back to the issue here, I would like especially to build upon Izaan's comments. And I kind of like to use Intellectual Property as an example for everything. Everything thematic that I work on, Intellectual Property can be used as something especially when talking about Internet and cooperatives, Intellectual Property is at the basis of it, right?
So it was among the first most important discussion that is we had in Civil Society, in private sector, governments.
It kind of nowadays it isn't so much on the highlights, but it still comes up from time to time as something that kind of inflates the debate once again.
On this occasion I would like to use Intellectual Property infringement as a good example on how DeepWeb and DarkNet can be weaponised, arguably, and as a representation of the idea that there is something threatening, and even if the argument is absolutely wrong. After all when you search for Intellectual Property in DeepWeb or more specifically in what you call the DarkWeb, the DarkNets, you would tend to think this is a place made for criminality and you will see like a lot of lawyer firms talking about Intellectual Property crimes happening on this place.
And of course, it is a place that facilitates the sharing of illegal copyrighted material. You can find books under patent enforcement on the superficial levels of the Internet, especially with wonderful tools, and the industry to date has to search and take down content, not always legal ones. Legal ones also get taken down by these sort of tools.
Also some types of severe Intellectual Property infringements, such as commercialization are especially problematic here. But the dangers that are actually, they actually kind of are the same that we find on the surface net. They are even less concerning the sheer number of people who have access to normal websites and those who have access to DeepWeb terms. Copyright infringement is not just a problem for the people doing it, but multitude of people affected through normal market failure, the possibility of existence of a certain business or the impossibility of revenue for the creator.
More than that, DarkWeb infringements are presented as an example of the alleged dangers of copyright piracy online. People with organisations use the threats of the DarkWeb to actually enhance and extend the fear on overall sharing of content online. Just reinforcing even more how these policies are modeled towards regions and systems of copyrights. These illegal frameworks became obstacles to the objectives, aims of promotion because of the informational society reforms that were based on the same idea of how piracy was a pandemic and why we needed to refrain a bit on the Internet potential so we can avoid telecom infringements.
The point here, I would like to discuss later, how we need to be careful on how these ideas around DarkNet and DarkWeb are presented, used so we don't end up just trading something that is something problematic for something that is systematically and seriously problematic.
So back to you.
>> ALINA USTINOVA: Yes, thank you for your input. Actually I have wonderful news because I found out that joining us online is actually one of the Tor Projects.
I actually think it would be great to hear the perspective from one of the most like famous browser that is usually connected with the DarkWeb, but so Pawel, can we give him the power to Pawel online so he can speak?
No? Okay.
I will go to the tech team to get -- but before I go, maybe speakers can discuss, can make a discussion? Yes, we will discuss about DarkWeb, how we actually can -- can we actually regulate it? Or can we actually control some kind of the thing that in the web? Because there are lots of, you know, policies. There are lots of laws created to govern the Internet because we all hear, but can we actually, parts of the web that we call the DarkWeb, be governed?
I ask this question to every speaker. Anyone want to start?
>> ABRAHAM SELBY: Okay, I can start.
>> ALINA USTINOVA: Fifi, yes.
>> ABRAHAM SELBY: Looking at the regulating of DarkWeb, it is quite a complex task and very challenging.
But there are some ways that we can regulate. We must ensure there is law enforcement. And the law enforcement agencies must be able to investigate and prosecute organisations that use DarkWeb for criminal activities. Because people can use the DarkWeb to do good things, good resources, as my colleagues were saying.
The technology aspect, the governments come to implement, to disrupt the DarkWeb activities and many aspects. One thing we are doing is education awareness. We are creating education awareness.
Let me give this small scenario that we will be able to understand. Despite the challenging solutions related to the DarkWeb there have been some approach in the various years and some others say that -- I have done personally, that in some cases DarkWeb we are trying to be regulated. Maybe in 2013, the ABI shutdown in Silk Road and the largest DarkWeb marketplace.
When we are looking in 2020 to the U.K. government to announce plans to introduce new eggs legislation that would give law enforcement the power to investigate and prosecute DarkWeb crimes. That gives mitigation and awareness and the technologies that we can put behind in terms of new encryption and governance, that can really help to regulate that.
It is a collaborative effort. And one entity cannot do. We are all involved. We must be able to be strict on our own use of online tools and resources. DarkWeb as we were saying is not only for crimes. You can also use it to do.
One thing I would also say, in this life, you cannot detect darkness unless you have been in darkness before. So it is very important for us to learn how we can use this DarkWeb so that we can make policy regulations behind it as Pedro was saying.
This is my take on it. There are a few regulations we can do, but it is a collaborative effort between institutions, we individuals, and stakeholders.
Thank you very much.
>> MILOS JOVANOVIC: When we speak about traffic flows, so on, we should think about how to control all our Internet, speaking about -- if we talk about fragmentation process, which occurs right now in geo political circumstances. What is happening across the globe in the Middle East, so on, we should see different technological zones. When we talk about serenity which is important topic in China, Russia, North America, and so on, we should understand that controlling information channels and traffic flow, I mean speaking against cybercrime and how to protect your own infrastructure, how to protect your own citizens, so on, so on, it is a job for national governments, I would say.
So when we speak about Internet as a Global Network, we should understand that it is a Global Network but control for every part is in the hands of local governments, I would say.
This is what China proposed, what Russia proposed and what other countries proposed. And this is a good example because, you know, when we speak about DarkWeb, about potentially controlling, monitoring traffic, so on and so on, we see fragmentation processes.
It is all about technological sovereignty. So I would give, I think it is a good example. When we visit China you are not allowed to use some western services. When you are in Russia, for example, there is strict laws that propose that all data of Russian citizens should be stored in the territory of Russian Federation. When you go to America there is a huge discussion about Chinese manufacturing and so on and so on, speaking about the tech industry.
When we speak, moving back, I would like to make parallel with the Internet. It is all about hardware, software and protocols. If you want to maintain and to control our national Internet space, I would say information channels, it is really important that we invest in I would say technological sovereignty of every country at the national level.
So only if we have strong powerful institutions and forces and speaking about some agencies and monitoring institutions, so on and so on, we will be able to fight against cybercrime and to protect our own interests.
>> ALINA USTINOVA: Okay, thank you. So you mean that protection of citizens is in the hands of the local government? Okay.
Does anyone want to add to regulation? Izaan, thank you.
>> IZAAN KHAN: I think that's an interesting question primarily because we need to define exactly what we mean by regulation. There are already regulations that exist. Like, you know, basic criminal law. Don't do crime.
So if you are talking about regulation in the sense of is there a technological way to be able to control what people do online? As I mentioned it is an arms race. The government can try as hard as it can to take down these unlawful services and activities. Individuals will try to find ways around that. That is always going to be a cat and mouse game.
In terms of making the lives of law enforcement slightly easier, one interesting example of basically a type of forum shopping essentially is that law enforcement officials in many parts of the world are not actually allowed to commit crime in the course of fighting crime. And specifically in the case of the DarkWeb, in order to gain trust of individuals who are accused of or being suspected of trading in CSAM material, you cannot try to gain their trust by yourself sending CSAM material to them unless, if I'm mistaken, the last time I read in the case of Australia.
So a lot of international cooperation centres around the Australian government because their officials know that they have to be able to gain their trust in order to detect and figure out who these individuals are. They are allowed to do that because the judges and the law is drafted in such a way that there is a sort of carve-out or exemption.
We need to think about solutions like that where you are able to come up with these sorts of solutions that don't necessarily involve cracking the technological nut of what Tor and I2P and all these other services provide but also enable for more pragmatic approach towards tackling cybercrime in these sort of contexts, these anonymous contexts.
That I think is my sort of two cents on the problem. Because when we talk about regulation, we need to talk about what exactly we are trying to regulate and what mode of regulation are we using. Sure, there is the law, but there is also ways that we can regulate through controlling information flows and data retention, stuff like that as well. We need to recognize what the limitations of each mode of regulation could be. If you say don't do crime, somebody could still do crime.
Is there a technological way to do this? If not, is there a way that we can make our own lives easier to be able to tack em the cybercrime when we are going and venturing out in that space. There are different approaches and layers of this regulation that need to be considered. It is not a simple problem. I am hoping and I have trust in our institutions to be able to do that in a balanced manner basically. Yeah.
>> ALINA USTINOVA: Thank you, Izaan. That is a important point that you made. Gabriela, you want to add as well?
>> GABRIELA: Just a few sentences to what was already said.
As I see it, my profession is to talk and about risks. And I try to mitigate the different risks and not go in haunted territories, let's put it like this.
When it comes to the DarkWeb and everything concerning this, I would say that it is a risk in this situation, the abuse of power in the name of fighting crime. So this is something that we should be aware of because data is the new oil today. If you will, it is not something that is happening from yesterday to today. It is already like from a decade that we see this type of activity is going. What I would suggest is really to focus on cybercrime agencies on DarkWeb teams that would work with academia, with the different actors in the field. Aeropol has a DarkWeb team focusing on exactly these type of illegal activities.
It is also very important to report illegal activities. For example, you know, monkey sees, monkey reports in a very I would say private manner because web browsers are never welcomed in any country. This is something that should be normalized, if you will. And the awareness and mandatory as I see it cybersecurity lessons for government people, for everyone involved in data, you know, whether it is patient data in a hospital, anyone like an administrator in the hospital, the very first person you come and give your ID to, that person needs to go through a cybersecurity lesson and educational workshop.
This kind of three-points that I really feel strongly about is something that is the basis of where we can actually give our input because true, an agency, we can always advocate for certain things, for certain techniques. We can learn from each other and we can help.
Of course, whoever is part of the sector already can definitely support the educational lessons. These are very simple actually lessons. You don't need to be, let's put it that way, a technical genius to understand certain things. Everyone knows here in this room that the cybersecurity breaches are generally connected to human breach. So it is all related to humans.
So we like dogs or we like, you click on a link. You do something. You don't think that person, you know, has some malignant thoughts. It's a lady or it's a young boy, but this is phishing. So you have many, many different situations that just regular citizens should be aware of. We are living in a digital era and this is not something that is so special anymore. It just needs to be normalized and put into a system that makes sense for everyone. So everyone should be part of it and, you know, this type of topic should be again normalized, standardized in order to tackle this type of topics in the future.
>> ALINA USTINOVA: Okay, thank you. So I was told that the Panelists now can add something as a Tor Project. Please, Pawel, we want to hear your whole view on the DarkWeb theme.
>> PAWEL ZONEFF: Thanks for giving me the space to say a few things. Ultimately I think we are mirror a lot of the sentiment that has been expressed today in the sense that there are probably many more positive use cases as it pertains to certainly the use of Tor software, whether it is accesses our software and onion sites and some of the other censorships or Convention tools that we provide. For us, we are helping millions of daily users to securely access the Internet and access their right to information and privacy.
And safeguard their human rights online. Whether that is from day-to-day online activity and protecting your rights to say no to non-con send sensual tracking to certain parts of the world even be able to access news sites.
I know that onion services have been discussed. We point out the scale and the statistics referenced earlier. Actually if we are looking at the traffic on our Tor network, only 1 percent, a little over 1 percent are solely, is traffic that is only directed to onion services.
So meaning the sites that are completely confined to the Tor network. That is an extremely small number especially if you want to open up the conversation to potential illicit uses of the Tor network.
So it is such a small fraction, it is really hard to account for any nefarious activities carried out online. What we are seeing is that our network is primarily used for censorship circumvention, for maintaining your right to privacy.
The fun fact actually around onion services, the most popular onion service seems to be Facebook and news sites. We are really seeing that these provide a valuable service in people's ability to partake in democratic day-to-day actions.
>> ALINA USTINOVA: Yes, thank you very much. It was important to hear that because people usually associate the Tor browser with various illicit activities. We held a session in our IGF youth session, we had a session on DarkWeb and one speaker said you should not think that every DarkWeb browser is a criminal for opening the browser.
So I think --
>> PAWEL ZONEFF: If I can add to that, I think this is a very important point that you make. Because this is not just Tor browser. This goes back to many other technologies such as encryption. We had a panel about this before yours, but the truth is that there is a very powerful force right now that is trying to malign the use of privacy preserving technology, whatever it is, whether it is Tor or signal or any other kind of platform that utilizes encryption to make the case that this constitutes some sort of nefarious intent. That is a slippery slope and something as a community we all need to be outspoken against.
Because I don't remember who exactly said that, that there is regulation needed and that they have a huge trust in law makers. I don't think that people across the globe have the same trust in their lawmaker especially as we see a lot of them lack the fundamental understanding of how privacy preserving technology actually works to the extent that governing laws are now made that roll back a lot of international standards as it pertains to human rights, access to information and freedom of expression.
So we need to all be vigilant and ensure that we continue to have a right to privacy and encryption.
>> ALINA USTINOVA: Thank you very much, yes, that was a very important point to make.
So we move to questions and I give word to our he online moderator, and we have questions in the chat.
>> MARIA LIPINSKA: Yes, yes, hello. We have one question from Corida, if I read it correctly. Can you share your insight on the potential use cases of the use of the DarkWeb, given its reputation and how it might impact the future of online privacy and security?
The first question. And we want to ask, we want the audience to share other questions, of course, from the online participants and audience. Thank you.
>> ALINA USTINOVA: Okay. So who would like to answer the question? So the question was -- yes, okay. Yes, Pedro?
>> PEDRO LANA: I would also like to comment on something that you were debating before.
>> ALINA USTINOVA: You want to go back?
>> PEDRO LANA: Yes, but actually Gabriela and Izaan told exactly what I was going to say. After that I would comment about cryptgraphy. The thing here is when we are talking about regulating DarkWeb and DarkNet, if it is possible to regulate, it is not a real question or the most important question but more precisely, why we need to regulate it and what we need to regulate because pointing out more precisely what the problem is and how to tackle it without affecting the rest of the technology is really the scope we have here. The question that has been made about how it might impact the future of privacy and security is if we talk about regulating the DarkNet -- sorry, the DeepWeb, the DarkNet without being careful about ideas of more regulation, legislation, stronger institutions, this may end up becoming a problem to those who care about and use the spaces for great uses, good things such as communication basis, where freedom of expression is restricted, so on and so on.
>> ALINA USTINOVA: Yes, thank you for your input. Going back to the question, the question was, what other positive things can DarkWeb being to the original user. We actually covered lots of that including like it gives you basically like private connection and freedom of expression in most of the time because you can like access some web services that are not available, for example in your country or. Because actually, going back to the conversation with the founder of the Tor browser -- you want to add?
>> MILOS JOVANOVIC: If you lose in your country if you don't access -- how we use technology, to fragmentation processes, if you want to regulate something, I think it is not possible to regulate exclusively DarkWeb, DeepWeb. We see DarkWeb is part of DeepWeb and DeepWeb is part of all network. So we should see layer as one level.
All network. So now we need some approach how to deal with some challenges in the geo political sphere. If you protect something, you know, in your country, maybe it will be allowed in other countries.
So if you access these services you violate the laws in the other country. It is not an easy discussion from a regulatory side. From the technical aspects, you know, you can talk about almost everything. You can talk about Tor and aspects, you can protect your data, traffic, so on and so on, I don't think there is, you know, a right way. And that you are able to protect what you are doing in the network.
Speaking about standard stuff, about encryption techniques, IS certificates, so on and so on. It is a huge discussion, complex, so on. But I think there is no privacy on the Internet.
>> ALINA USTINOVA: Okay. That is an interesting thought.
So going back to the question, I think we actually covered lots of the positive impacts of the DarkWeb. But so I think if everyone in the audience like on site has questions. Would you like one question from on site and one question from the online audience?
So do we have a mic?
Please represent yourself and ask your question.
>> AUDIENCE: Okay. Good morning, everyone. My name is Ishmael from Gambia. And I lead a cybersecurity company in the country and we provide training for law enforcement and University students in the areas of cybersecurity, research and education.
So I have a question. Before that I want to give a preempt on that. That was the training that we had for one of the law enforcement agencies and one of the inspectors, officers said, if a thief broke into someone's house and the case is reported to the police, we come, check how the thief broke in. Maybe through the door or the window.
And if someone has $1 million, in his account and the following morning is it is zero dollars, how do I know which window they break? What I am trying to emphasize here is the issue of DarkWeb and regulating the Internet and all that, I think as my colleague said yes, it's important that we also notice the fact that local governments regulators have different opinions and ways of -- I would say particular will on how they want to regulate the Internet in their space.
But the main purpose of the IGF is for us to have a common ground on how we want the Internet to be operated and used globally. You know, so, for example, what works in the Gambia or Africa should be something very similar to what works for the U.S. or Ukraine or China. If not, you have big companies like China here will implement certain things, but then how about the already marginalised communities and nations that are already behind the current progress of the Internet? You know, with regards to education, technical support, accessibility, all that. How are those people going to fit into that discussion of each own way, in their own way, you know.
And then considering access to information, right to privacy and all that.
So I think I just want to understand how is marginalised communities feel, fit into this full discussion when they are already behind. Thank you.
>> ALINA USTINOVA: So does anyone want to answer this question? I think it is very important point.
Izaan, yes.
>> IZAAN KHAN: International cooperation is definitely one, and capacity building is definitely two. You need to be able to train law enforcement. The point that Pawel from Tor made is important. Lack of understanding for what the technology is and what it is capable of is what leads to bad policy outcomes and enforcement outcomes.
Up skilling and definitely giving law enforcement training on cybercrime-related issues and how Tor actually works. And Fifi, who probably isn't there, as Fifi mentioned, you can't fight the darkness unless you have been in the darkness. It is important to understand how Tor works. You can't operate in the abstract. You have to go in there and figure out how it works and put yourself in the mind of the criminal.
Capacity building is a big one. On top of that you have a lot of already existing international cooperation on fighting cybercrime. It was mentioned previously we have Europol and Aukus and other organisations to fight cybercrime on different fronts, geopolitical or individual level or organised crime, what have you.
So definitely focusing on those two areas, both the diplomatic and technical will probably be the best approach that not only yourself but as you mentioned any nation would have to fight this issue of cybercrime on the DarkNet and understand what is capable and what isn't.
That's my point of view. I'm not sure if there is anyone else?
>> ALINA USTINOVA: Anyone want to add something? You want?
>> MILOS JOVANOVIC: Speaking about fighting against cybercrime and I participated in some events in Serbia, you know. We had some excellent -- it is a multistakeholder approach. When you want to fight against some accident, you know, to do research what is happening in the investigation, so on and so on, we have a situation that 17 security intelligence agencies participated in just one investigation. So it is too complex.
Sometimes if you speak about Europol and different alliances so on, you need to go into multistakeholder approach and to communicate a lot of different parties to solve some problems and check what has happened exactly. The nature of network and packet transmission and the traffic flows and so on.
>> ALINA USTINOVA: Okay, thank you. Maria, back to you. Do we have other questions in the chat?
>> MARIA LIPINSKA: Not really, we don't have any. So maybe we will ask the audience onsite.
>> ALINA USTINOVA: Do we have any questions onsite?
Yes, please take the mic.
>> AUDIENCE: Good morning. I'm from Sri Lanka. Most Millennials have the bad habits of cybersecurity when compared to the Gen X and older peel.
In this context, actually why do you think young people are drawn to the DarkWeb? What are the activities that they are really engaged in? That's my first question.
My second question is how do you see the landscape of DarkWeb activities in the coming years? That means in the future, in the youth perspective? Thank you.
>> ALINA USTINOVA: So I guess the first question is very an interesting one. I think the person, I will answer that and give the word to everyone.
I think that young people are very -- they like to see what is forbidden because forbidden fruit is the sweetest one and they always want to try something new. Yes, yes.
It is actually because like when you restrict something, it is very interesting to know what you are restricting. Especially in the young age, it is very kind of protests things against the system. Like you want to do this, you want to say I can do this because I'm young and I know what I do and the old people out there they actually don't know what they are doing. I will find the right answer.
So I think one of the reasons is that. And the other, well, we actually have a new generation Alpha that has grown fully in the age of Internet. It was a very developed. So they knew how to use a phone probably before they knew how to speak.
Probably because of that, they grew with the opinion that Internet is not a threat but it is actually a very good benefit that they have. If you don't know how to use the Internet, if you are in Generation Alpha, it will be hard for you in future life. They fry to use every tool they can find on the Internet.
So maybe someone can add something to the point from our speakers? No one? Izaan?
>> IZAAN KHAN: Quick one. Usually why people would use these tools and access in services would be curiosity or privacy or necessity. One of those three things.
In terms of the landscape changing, we may see technological advancements that would further protect privacy which leads to further issues down the line potentially. As Pawel mentioned, there is work that the Tor Project is doing on anonymisation services, and other services as well that are popping up.
That may be one force in the landscape. Another force would be as previously mentioned the fight against encryption. We will see governments retaliate by saying we want to undermine encryption or have back doors. If we don't provide those back doors, it will be illegal to use these services.
That tension has existed since the history of the Internet. We are not fighting with sticks anymore. We are fighting with Internet weapons. That's it, thank you.
>> ALINA USTINOVA: Thank you. We are running out of time. I will ask every speaker, whoever is left, to have a closing remark. Just one minute. What actually we have discussed and I think maybe you can answer the question, should we like DarkWeb is a dangerous part of the web or just another part of the web. Just your opinion. Gabriela, you want to start?
>> GABRIELA: Again, as I said before, I would just say that DarkWeb in general is a tool and it depends on how it is used. Criminal organisations and whoever has bad intentions to deviate from the law in any given country will do that regardless, whether you have those tools or any other tools because what is important here is that the crime that we are talking here in the DarkWeb is actually the crime offline. It is just the tool that is facilitating to make it look like something different. You get a nice ClearNet website where everything is shiny and whatever. So it is kind of very easy to actually deflect from this type of situations in case someone has the intention to do that.
So the DarkWeb per se is not again the enemy. The enemy is the system that should fight more often and more strongly towards fighting organised crime because this is again just a tool.
I have spoken many times in different conferences about different cybercrime topics. Recently I'm focusing on AI-powered cryptocurrency, cybercrime because it is happening in a very unprecedented way and it is very, very quick. Every second something new is happening. 30 millions are laundered just like that.
You need to be realistic and try to understand that law enforcement and many times the politicians are not aware of how the Internet works.
If you hear some Congressional, U.S. Congressional hearings, it is clear that by the questions asked to Meta, Facebook, Twitter, all these names, but you see that they don't understand what is their business model about. If you don't understand how they make money, it is difficult for you to understand how other people can actually use that tool to create I would say other economies for themselves.
There is actually also a colleague of mine who got a very interesting idea. I fully support that, is to actually start hiring people, very creative people who should be from different backgrounds. It doesn't matter. But to try to understand how their software can be man I -- monopolized in a bad manner. For example, you have, I don't know, a type of software. Can it be misused? How?
This is actually something that is a discussion that is happening among high-tech startups, that they are working on AI, machine learning type of tools because again we are creating right now tools that can be easily manipulated into what other people need.
So the DarkWeb, no, it is not the enemy. We should be more aware and eventually, I don't know if that is correct or not but I would like to open the discussion on the registry, for example, of softwares and their official use and maybe have like a due diligence, a technical due diligence to understand different back doors or different misuse of someone who is interested in child pornography or anything like that, they will use even games, online games.
There was a case of a pony game. Little ponies between each other, finding each other on a game and in the chat, pony, pink pony is talking to the black pony, let's meet in room number one, and there they are discussing new terrorist attack or discussing where the trade of, you know, illicit narcotics or whatever is going to happen.
It is just the creativity that never stops. So the tool is not the problem. It is the different approaches that is what is important to focus on.
>> ALINA USTINOVA: Yes, thank you. So Izaan, your last remark?
>> IZAAN KHAN: To keep it very brief, I'm glad amongst the Panelists here there is consensus about the fact that Tor is just a tool and there are many positive and necessary use cases for this technology. And the fact that law enforcement has other mechanisms that exist. It is not all hope is lost for cybercrime. And yeah, like it is always a perpetual arms race. We will probably be revisiting this question in another 20 years with a different kind of technology. We'll see.
>> ALINA USTINOVA: Yes, online, Pedro, you want a last remark?
>> PEDRO LANA: Yes, really fast. I would like to highlight that many situations seem very -- we are answering many questions that were posted. Just as an example, DarkWebs are used to share the academic ecosystem for large countries. It is a crime in civil infringements, but maybe it is less of an ethical problem than part of the science industry, those that sustain with public funding, and which charge thousands of dollars for access.
>> ALINA USTINOVA: Yes, thank you. We are left with Milos.
>> MILOS JOVANOVIC: In conclusion, strategic approach, from my perspective, we can use all technologies on the right side, the dark side, what we think is right in the end. Speaking about DarkWeb, about DeepWeb, it is just a service of the Internet. I would say the door -- Tor is an application and so on.
So yeah, let's end with this. My approach is that we need to strengthen our local institutions and speaking about cybercrime, fighting against cybercrime. This is how we can protect the Internet globally because we need some processes. We need some fragmentation processes. We will see how it will, you know, how Internet will look like in the near future.
My approach is that we have to fight against cybercrime with a common approach, but with authorities of local governments. Thank you.
>> ALINA USTINOVA: Thank you very much. Thank you for joining us online, on site. We had a wonderful discussion. We can of course talk after session. If you want to speak more with us, we have like a booth in the booth village. You can always come and we have a wonderful discussion. Thank you very much.
Also in our booth we are giving invitation to our little evening gathering. If you want to have one, please take from our booth.