Cops and Hackers
Cybervigilantes and hackers argue that 21st-century crimes are happening in a universe where traditional law-enforcement methods are obsolete. How the digital age is forcing police to step up their game.
(All illustrations by Sébastien Thibault)
Amanda Todd's suicide would have likely been a low-profile investigation for police, had it not not been for the video the Port Coquitlam, B.C., girl released five weeks before she died. In it, the 15-year-old described her shame and isolation following a relentless cyberbullying campaign that started two years earlier, when Todd had flashed her breasts during a video chat with an older man-who later emailed the images to her family and friends when she refused to undress again. The heart-wrenching YouTube footage went viral after Todd took her life on October 10, 2012. (The video has since received over 20 million views.) Bloggers worldwide expressed shock and anger; and hundreds of memorial Facebook pages went up, containing tens of thousands of posts. But along with its grief, the online community also expressed a desire for justice.
Caught off guard by the reaction, the RCMP assigned about two dozen officers to find the man who had bullied Todd. Five days after the RCMP started their search-and failed to announce any leads or suspects-a New Jersey member of "hacktivist" juggernaut Anonymous entered the fray.
Emerging in the mid-2000s, Anonymous is an underground network of cyberactivists whose participants reside across the English-speaking world, including in Canada. They have no mission statement, gatekeepers or leaders. Individual Anons hook up on Internet chat forums and collaborate just long enough to pull off an operation, which they publicize via YouTube videos of masked speakers talking overtop a Dark Knight-inspired soundtrack. (They are notorious for "denial of service" attacks, in which activists overload, and crash, government or corporate websites with information streaming from multiple computers.) The group then disbands until another cause emerges.
When the Todd story broke, the New Jersey Anon had been investigating a web forum called The Daily Capper, where people share screenshots taken from video chats with underage girls. He noticed that one contributor, who went by the alias kody1206, had blackmailed another teen in much the same way Todd's tormenter had. What's more, this man also contributed to the forums in which the Todd video had circulated. The evidence didn't prove that the man was Todd's bully, but it showed a network of incriminating associations. "I wasn't 100 per cent sure," the Anon acknowledges, but "you would have to be insane not to realize the connections."
He quickly assembled a compendium of personal information, including email address and the link to a Facebook page, for a 32-year-old from New Westminster, B.C. That same day, he revealed-or "doxed"-the identity behind kody1206.
In the online world, anonymity is power-indispensable not only to political activists flouting oppressive regimes or whistle-blowers channelling information to reporters, but also to criminals looking to commit stealth acts of fraud, theft and bullying. Doxing ("dox" stands for "documents") is the weapon of choice for Internet crusaders because it removes the privilege of anonymity from those perceived to have abused it. For Anonymous, it's the punishment that fits all online crimes.
The outing of kody1206 took social media by storm. The RCMP, predictably, were outraged. While they haven't explicitly denied that the man known as kody1206 is a suspect, they allege the Anonymous accusations are "unfounded." Sgt. Peter Thiessen, a spokesperson for the RCMP in British Columbia's Lower Mainland, says the police are fully equipped to handle the Todd investigation. He's frustrated by what he considers unnecessary interference. "They're commenting on a police investigation they have no part in," he says.
Anonymous's lightning-quick reflexes left the RCMP in the awkward position of being upstaged by an Internet action that made them appear sluggish and ineffective. The dynamic between law enforcement and hacktivists, however, has become far more than just a public-relations battle. It's a turf war over who has the right to police the Internet.
For Christopher Schneider, a University of British Columbia sociologist who specializes in digital media, the incident was yet another example of how police departments are facing a new cohort of competitors: cybervigilantes, unencumbered by legal protocol and able to respond swiftly at a time when speedy resolutions are not only valued but expected.
"We want everything instantaneously, including justice," says Schneider, who claims that Anonymous's cavalier attitude about due process is setting a dangerous precedent. The RCMP are currently following up on over 1,000 tips relating to the Todd case, a process that includes tracing IP addresses, investigating leads, filing warrants, cross-referencing information and nailing down eyewitness testimonies. These techniques may seem antiquated in our go-anywhere, see-anything digital era, but police work is still the route through which credible cases are built and convictions secured. "It takes time to go through all of the data to prove a perpetrator did what we think he did," explains Schneider. "When you're potentially going to deprive somebody of their liberty, you've got to be sure, beyond a reasonable doubt, that they're guilty."
Over the last decade, the Mounties have set up special units that seek to catch online predators, often by doggedly scanning chat rooms for suspicious activity. But as much as police denounce their new competitors, the fact remains that groups like Anonymous have advantages that cops don't. They know how to navigate the web's seedy back alleys and can interact with people not immediately accessible to authorities. (After doxing kody1206, the New Jersey Anon was approached by the founder of The Daily Capper, who offered a cache of new incriminating information against kody1206.) Police may have money and resources, but Anons know the Internet like nobody else.
"It would be nice if the police had some sort of way to reach out to hackers and legally bring them on board," says Richard Frank, a Simon Fraser University criminologist and computer scientist. "These people would be an invaluable resource to police." At the very least, he argues, groups like the RCMP need to get better at exploiting social media, engage the public more effectively and develop the same intimate familiarity with subcultures as that possessed by their hacker counterparts. If they don't, Frank says, the police will continue to be outpaced by online predators and the cybervigilantes who pursue them.
Over the past decade, the Internet has helped agentless authors become international bestsellers and turned YouTube musicians into chart-topping stars. Crime-fighting is yet another area where the line between professional and amateur is disintegrating. It's no wonder there's tension between the two groups.
Vigilantism, however, never exists in a vacuum. It signals a larger dissatisfaction with police. In Canada, this skepticism dates as far back as 1836, when Quebec City residents joined together to combat a rash of banditry that had overwhelmed the authorities. In the 1890s, Yukon miners set up posses to punish thieves and outlaws, compensating for a lack of competent policing in the region.
But law enforcement has also encouraged public participation by turning to citizen watchdogs. Three decades ago, with rising crime rates and budget cuts making police work increasingly difficult, Canadian precincts started to outsource their work to the public. In 1980, the RCMP battled vandalism, grain theft and cattle rustling in rural Alberta by organizing range-patrol operations in pickup trucks outfitted with CB radios. By year's end, they'd enlisted over 1,000 volunteers, resulting in what residents described as a noticeable decline in crime. A year later, Ottawa municipal authorities founded Canada's first Neighbourhood Watch program, in which citizens were asked to conduct surveillance from their homes, leading to a 70 per cent drop in break-ins. Alberta's range-patrol program still exists today, and variations of the Neighbourhood Watch model are used in every major Canadian municipality.
Tech-savvy police departments have started to build on this legacy. Last July, the Toronto Police Service released Canada's first Crime Stoppers app, a free smartphone application through which users can access updated information about wanted criminals, notifications concerning crimes committed in their neighbourhoods and GPS directions to the nearest police stations. Most importantly, the app enables citizens to submit photographic or video evidence of suspicious activity: robberies, assaults, hit-and-run accidents. Before being forwarded to the authorities, all submissions are "washed" by Crime Stoppers personnel so the cops can't ascertain the senders' phone numbers or IP addresses. While anonymous evidence is inadmissible in court, it can aid detectives by corroborating pre-existing hunches or pointing out new avenues for investigation.
Det. Darlene Ross of Crime Stoppers Toronto insists that the program doesn't aim to enlist permanent volunteers. "We're not asking people to become agents for the police," she says. Still, she hopes that whenever one of the app's 30,000 Toronto users happens to collect pertinent material, he or she will forward it on.
The thing is, crowd-sourced policing works. On June 15, 2011, the Vancouver Canucks experienced a bitter Game 7 defeat to the Boston Bruins in the Stanley Cup finals. By 8 p.m. that evening, roughly 100,000 Vancouverites were streaming through the downtown core-some of them looting stores, breaking windows and burning cop cars. Few of them stopped to consider that they were under surveillance.
In the wake of the city's previous hockey riot 17 years earlier, police had set up kiosks across the city where citizens could review media footage and identify perpetrators. In 2011, the evidence came from a more ubiquitous source: hundreds of smartphones, on which bystanders collected 15,000 photographs and 1,500 hours worth of video evidence, much of which was uploaded to blogs and Facebook pages.
The aftermath of the 2011 riots saw the rise of one of the world's biggest "name and shame" campaigns, in which hundreds of websites posted images and videos of alleged rioters, sometimes even matching names to pictures using Facebook photos as evidence. Some of these forums-like identifyrioters.com and the now defunct canucks2011.com-were explicitly dedicated to outing riot participants, but others were pre-existing blogs that jumped on the bandwagon in the heat of the moment. The blog Delicious Juice, run by a Vancouver technical writer named Kimli Welsh, began posting evidence about the Vancouver riots almost immediately, including the names of underage suspects. Her readership ballooned from an average 4,000 hits a week to 200,000 in 36 hours. Welsh insists that she was merely holding people accountable for their public actions: "If you don't want to be called out for lighting a cop car on fire, don't light cop cars on fire."
Schneider is uneasy about these crowd-sourcing efforts, which, he points out, "are sometimes in direct violation of the law." They frequently subvert due process by incriminating suspects who have not been proven guilty. They also violate young offenders' rights by identifying underage suspects by name, as was the case with Nathan Kotylak, a high-school athlete whose family received death threats after photographs of him vandalizing a police car appeared online. But cops are hesitant to clamp down on such activities, despite their dubious legality, since they're an invaluable, and free, resource.
Sgt. Laurence Rankin was the Vancouver officer in charge of investigations during the riots. He set up an email hotline to redirect the flow of information away from vigilante forums and into the hands of police. But he and his team couldn't avoid tapping into the wealth of public information available online. In short, they realized they could use doxing to their advantage.
Within a month, their inbox had received 4,000 emails, of which 1,000 contained links to other sites, mainly Facebook pages but also blogs and message boards. They received, for instance, over 5,500 video clips, each of which had to be scrutinized scene by scene to isolate evidence of criminal activity. Then components of different videos were stitched together, creating a narrative of a suspect's activities over the course of the riot. Rankin and his team used these forums in an attempt to trace each piece of evidence back to its source, knowing that if they could zero in on whomever had filmed a given piece of online evidence, they might get testimony that could stand up in court.
Rankin, who's still sifting through digital evidence on the riots a year and a half later, describes cybervigilantism campaigns as "a double-edged sword." On one hand, the material helped police press over 500 charges against 173 people. On the other hand, it was unsubstantiated and morally questionable. "We had to discourage vigilantism through our messaging," Rankin explains, but admits such initiatives were at times "very useful."
Cyberpolicing isn't only about doxing and online shaming. For Josée Plamondon, it's also about keeping authorities honest. Plamondon is a middle-aged digital librarian with frizzy hair, a wide, enthusiastic smile and a passion for hacking. In the spring of 2012, as details about the rigged bidding process among Montreal construction companies became a source of daily news, it occurred to her that there must be a better way to make the public aware of such crimes. Police had been receiving tips concerning collusion in the construction industry since at least 2003, and yet the scandal had remained inexplicably under wraps.
Plamondon started working with 10 peers-including computer programmers, web designers, a project manager and a specialist in fraud detection-to build ContratsNet, an application designed to comb the roughly 20,000 construction contracts awarded by the municipalities of Montreal and Laval over the last six years. Plamondon and her team first met in August 2012, at a preparatory meeting for an anticorruption "hackathon" organized by Montréal Ouvert, a non-profit organization that promotes open access to civic information. "It's very hard to prove somebody is corrupt," explains Montréal Ouvert co-founder Jonathan Brun. "Your main avenue should be transparency, making information accessible and readable."
The city of Montreal releases its public-sector agreements in a scattershot manner. They're irregularly formatted and stored in remote corners of government websites. By studying these records, people might have, early on, spotted signs of backroom dealings. But finding evidence of corruption requires sifting through large amounts of data-something few have the time or patience to do.
ContratsNet uses two main tools for this legwork. The first is called a scraper. It penetrates the source code of a document-say, a PDF file-then scours it for relevant material, such as the value of a contract.
In order to broaden her group's analysis, Plamondon had the original idea of incorporating a new "semantic analysis" software called Nexalogy, which analyzes sentences by breaking them into their constituent parts: subject, object and verb. By feeding the published summaries from government bidding meetings into a Nexalogy-based program, ContratsNet can instantly divine the connections between different search terms. To see which companies bid on asphalt contracts, for example, one merely has to click on the word "asphalt," and a network of associations appears on the screen. While scrapers dig up raw data, Nexalogy will draw a weblike "lexical map" of the industry as a whole, enabling users to literally see the terrain that they're investigating.
Plamondon isn't alone in this mission. Sébastien Pierre, a tall, wiry graphic designer and Montréal Ouvert co-founder, is devising an interactive graph that will chart the influence of private interests partly by using LinkedIn to match political donors to the companies for which they work. When the graph is finally available online, users will be able to tell at a glance who has donated to which political party and whether they've been rewarded with contracts.
The dominant image of hackers as "black hat" agents, people who use the Internet to spy, vandalize and coerce, applies to only a small portion of the worldwide society. Plamondon and her colleagues belong to the free and open-source software (FOSS) movement, a subculture of "white hat" hackers that includes everybody from the hippie pioneers of the 1960s who took LSD and tinkered with circuit boards, to the dispersed communities that collectively built the Firefox Internet browser.
Like Anonymous, the FOSS community often works independently of mainstream institutions, but its actions don't stray into vigilantism. It doesn't conduct witch hunts or name names. Instead, if FOSS hackers can agree on one thing, it's the belief that a more galvanized public, empowered by online investigative tools, can prevent corruption from being ignored in the future. In 2010, activists in Panama built Mi Panama Transparente, a web forum where citizens can submit anonymous complaints about crime or corruption. The website has triggered several journalistic exposés-including a 2011 investigation into fiscal mismanagement at a Panamanian hospital-and is now being adopted by an advocacy group in Mexico. And for the last decade in the United States, the Sunlight Foundation has released pro-transparency applications, such as Political Ad Sleuth, a crowd-sourced database-searchable by state and by TV market-of corporations that are financing political ad campaigns.
Although still in the early stages of development, ContratsNet has already revealed that a handful of companies are dominating the sector, despite the presence of hundreds of competitors. It has also shown that companies are routinely winning contracts by undercutting their rivals during the bidding stage but then overbilling by as much as 25 per cent when the contract is completed.
None of these revelations are breaking news-the provincial government's Charbonneau Commission has already exposed these crimes. But by analyzing contracts electronically, ContratsNet has achieved in a matter of minutes what Quebec authorities have taken decades to do. When ContratsNet finally goes live this year, Plamondon hopes citizens will scrutinize the data, journalists will use it as a springboard toward further investigations, and anticorruption activists in other cities will adapt it for their own purposes. "We want an application that will raise red flags," says Plamondon, explaining that the website will include a search function, as well graphs and tables that will point to any suspicious trends.
The open-source premise behind ContratsNet challenges the secretive processes of police work. Whether you're a hacktivist exposing illegal acts, an amateur blogger posting footage of criminal events or a FOSS developer mining publicly available data, you're working under one assumption: the more we know about our world, the more power we have to control it. This thinking isn't going to disappear, so police will have to find ways to live with it.
It's hard to imagine the RCMP and Anonymous joining forces, but Frank, the Simon Fraser criminologist, argues that police should create channels whereby Internet users, including hacktivists, can report on online developments. "Right now," he says, "if I were to discover something suspicious online, I wouldn't know where to go with it." What's more, there's nothing stopping law enforcement from using, and even adapting, FOSS technologies. But first, we'll need a paradigm shift in police thinking.
Brun and the other members of Montréal Ouvert invited Montreal police to their anticorruption hackathon held in a community-centre gymnasium on the east side of the city. Anybody was welcome to drop by, grab a coffee and chat with the creators. "As far as we know," says Brun, "not a single officer showed up."