CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Call out the hackers!

With child pornographers knowing more than law enforcement about cybertechnology, Dr. Christos Ballas argues it's time to even things out and enlist the services of hackers.

    The Internet isn't just for porn anymore. Unfortunately, a lot of people haven't gotten this message.

    Consider the recent Blue Orchid child pornography ring and Web site, based in Russia, which at last count has involved people in over 24 different countries. The U.S. purchasers of their videos could be sentenced to 15 years in prison, but in Russia there is no legal distinction between child porn and any other kind of pornography.

    Offenders there could get two years, at best.

    Or consider the example of Patrick Naughton, former Infoseek executive vice president, who in 1999 was charged with possession of child pornography downloaded from the Internet and for crossing state lines to have sex with a 13-year-old girl. Of course, the 13-year-old was really an FBI agent, who had been posing as a minor on the chat room dad&daughtersex. They arranged to meet at a pier, where Naughton was arrested upon arrival.

    Naughton spent the weekend in jail--arguably two days too long--because the day after Naughton's conviction, the U.S. Court of Appeals for the 9th Circuit overturned the law on which he was indicted, the Child Pornography Prevention Act of 1996. The Act defined child pornography as sexually explicit images that conveyed the impression that a minor was involved. This means that a picture of a 25-year-old woman dressed as a schoolgirl having sex is considered child porn.

    Wow.

    It is this section of the law that was found unconstitutionally too broad; and if a law is struck down, convictions derived from it must also be overturned.

    The structure of the Internet makes finding pornography easy, but catching pornographers very difficult. Current police maneuvers are based primarily on going to sites or chat rooms with suspicious names (like dad&daughtersex) and posing as a minor or a pedophile. But how many people are going to be caught this way, and how long will it take?

    Furthermore, it allows for the capture of only the least-savvy Internet users. Sure, there are child pornographers on sites and chat rooms like dad&daughtersex--a testament to how cavalier and secure the majority of pedophiles are with regard to the possibility of being captured; but the majority of the porn is where you wouldn't expect to find it. Recently, child pornography was found in a newsgroup on ferrets and high school football.

    Who's going to look there, when there are at least a hundred sites that begin with the word "teen"? And there isn't any child porn in regular pornographic Web sites because those sites exist to make money; and you can't make money if the FBI sends you to prison.

    Needle in a haystack?
    In fact, the majority of child pornography comes from individuals who molest children. They will take photos and trade them with other pedophiles. Trading (and seduction) doesn't take place on Web sites; they take place in newsgroups or chat rooms. Another maneuver is to use third-party servers like Yahoo Briefcase.

    A user creates an account with made-up personal information (which Yahoo does not check) and gets, for free, 6MB of storage space. What makes Yahoo Briefcase so useful (for pornographers as well) is that the owner can specify who has access to it, or even open it to everyone. Not only can law enforcement not access this, but they won't even know it exists; it doesn't show up on search engines.

    Given this, it becomes clear how futile current attempts at restricting child porn really are. To put the volume of porn in perspective, the average child molester will have molested 30 to 60 children before he is caught, and over 300 in his lifetime. It is practically inconceivable that fetishistic offenders have not taken photos.

    Therefore, putting restrictions on pornography as it appears on the Internet does nothing to stymie the actual harmful behaviors such as molestation or rape. In short: If child pornography cannot be located, it will simply be created.

    Think about this.

    Lessons from Napster
    The Napster controversy has taught us that you can't stop people who know more than you do. For the first time in history, the bad guys know more than the good guys.

    Think how hard it is to copy computer software, yet almost everything--Flash, Norton AntiVirus, Quake--has been cracked and made free on the Internet. Do you doubt this? Do a search on "crackz" and see what happens. How do we expect to stop child pornographers? How do we expect to even find them, when they're using mixmasters to remain anonymous? Do you know what a mixmaster is? This is exactly the problem.

    Can a suspected pedophile claim that a virus downloaded the porn without him knowing? Preposterous? But can a cop or a lawyer explain why the defense is preposterous?

    The point is simply this: Fight fire with fire. In the past, police have always had superiority. Better training, better knowledge, better guns. Not in cyberspace. While pornographers are usually not the brightest intellects, illegal Internet activity is generally perpetrated by those who know far more about the technology than everyone on the other end of the crime. Therefore, it makes the most sense to solicit the help of those who know the technology: hackers. The majority would probably jump at the chance to use their know-how for "good" ends. And, most importantly: What other choice do we have?

    Currently, we are trying to stop the spread of cancer by picking out one tumor cell at a time. If we remember that each molester may molest up to 300 children in his lifetime, can we really afford not to use every resource available to us?

    This is an adaptation of a talk given in Calgary, Canada.