AStateofTrustwithouttheState:! The!Political!Economy!of...

1

A State of Trust without the State: The Political Economy of Pseudonymity and Cybercrime Henry Farrell Draft paper – please don’t cite or circulate without permission

There’s a significant and interesting disagreement between Margaret Levi

and Russell Hardin on the relationship between trust and the state. In a key early

book chapter written for the Russell Sage project on trust, Levi (1998) argues

against scholars who suggest that the state somehow drives out trust. Here, she

suggests that while the state often “reduce[s] the need for citizens to trust each

other,” it also “may facilitate trust by solving the essential information, monitoring

and enforcement problems” (p.84) In this account, the most important attributes of

the state in creating interpersonal trust “would seem to be the capacity to monitor

laws, bring sanctions against lawbreakers, and provide information and guarantees

about those seeking to be trusted” (p.85). Even more importantly, governmental

actors can inspire trust through appearing to place principle over short term self

interest, through fair and impartial procedures, and through contingent consent.

Levi here makes the major claims that states can foster trust between their citizens

and inspire trust in themselves.

Russell Hardin (1998) takes a very different view. He argues that we do not –

and cannot – know enough about the government to trust it.1 Our understanding of

government officials’ incentives is far too limited for us to be able to say that we

trust them. Since few people understand how government operates, general social

1 See Byrne et al. (1977) for a strongly dissenting perspective.

2

acceptance of government’s social legitimacy cannot be categorized as a form of

trust, since it is not based in reasoning over knowledge. The capstone volume of the

Russell Sage project, co-‐authored by Hardin and Levi, as well as Karen Cook (2005),

goes on to argue that the state makes trust semi-‐irrelevant among citizens. On their

view, “trust is no longer the central pillar of our social order, and it may not even be

very important in most of our cooperative exchanges” (p.1). As societies become

more complex, we rely less on interpersonal relationships and trust, and more on

impersonal institutions. Trust becomes a complement, and perhaps a kind of social

lubricant, but it plays, at best, a secondary role.

The tensions over trust, the state and large impersonal institutions play out

in interesting ways on the Internet, perhaps the largest scale infrastructure for

complex exchange and interdependence that advanced industrialized societies have

ever created. The Internet plays a fundamental role in supporting social, political

and economic activities. Yet it does so in complicated ways.

On the one hand, many forms of social interaction on the Internet are

supported by the usual array of vast indifferent forces that constitute modern

society. For example, when we transact with Amazon, or even with traders on eBay,

we do so in the knowledge that our partners in exchange are governed by incentives

of both law and corporate reputation.

However, the Internet also supports a wide variety of more intimate forms of

exchange, in which, arguably, personal trust is implicated. We may never meet

someone with whom we are engaged, or even know their real name. Even so, we

may come to trust them in a real if limited sense. We can make judgments from our

3

repeated interactions about the degree to which their interests encapsulate our

own, and their likely propensity to deal with us honestly in the future.

Complicated forms of trust exchange, which combine long run pseudonymity

(an invented name or identity maintained consistently across a series of

transactions), and both costly and costless efforts to signal trustworthiness, play an

important role among criminals on the Internet. Criminals cannot usually rely on the

large scale impersonal forces summoned and maintained by the state in order to

underpin their transactions. Yet, as Diego Gambetta (1996, 2009) and others have

pointed out, they are typically equally incapable of appealing to personal character

as a source of trustworthiness. Most criminals make a significant part of their

livelihoods through behaving in untrustworthy ways – they are a self-‐selecting

group that is much less likely to be trustworthy than even randomly chosen

individuals. Finally, online criminals cannot leverage more intimate connections

such as locality and family as a source of trustworthiness, in the ways that their

offline brethren can, without forgoing the most valuable benefit of the Internet –

that it can vastly increase the supply of potential interlocutors and partners for

exchange.

Thus, online criminal behavior can be seen as a very useful laboratory for

whether and when a ‘state of trust’ can develop without a fully fledged state. It tests

whether trust can emerge under exigent conditions, where neither proper state

institutions, nor expectations about personal character, nor intimate social

networks can provide any backstop. By examining how and whether trust emerges,

4

we can begin to think more clearly about the role of trust in supporting a social

order.

On the one hand, if trust can emerge at all from so unpromising a set of initial

conditions, it suggests that trust is still relevant, and sometimes primary, even in

networks that would seem better fitted to impersonal exchange. On the other, it

allows us to think more clearly about the minimal set of characteristics that an

order-‐providing entity (such as a state) has to provide in order to sustain trust

among a significant number of actors.

As I discuss below, criminals have tended to adopt a Hobbesian solution to

the problems of online trust by outsourcing the policing of trust relations to a third

party. However, these third parties themselves can potentially be untrustworthy.

Trust among criminals – when it happens – happens without the state, since

criminals cannot rely on state enforcement. Yet the mechanisms that they do rely on

resemble radically stripped down and highly limited versions of the Hobbesian

state. They thus provide a kind of miniature world in which we can study the

relationship between the state and authority more closely.

In this essay, I first describe in greater specifics the role of online criminality,

detailing a fundamental problem of trust that plagues many criminals on the

Internet. I then go on to examine the ways in which criminals have tried to

overcome these problems, building communities and even institutions that

approximate to some of the state functions identified in Levi’s work. I conclude by

suggesting that these communities provide evidence for Levi’s contentions, and

against Hardin’s, in a rather unexpected environment. The most promising source of

5

honor among thieves (or, at least, drug dealers and their clients), appears to be a set

of institutional arrangements which, if you squint a little, resemble a stripped down

state.

Trust and Online Criminality

Criminal activity is likely very common on the Internet, but is for obvious reasons

difficult to measure. The debate about online criminals has been characterized more

by lurid speculation than by serious research. Not only do journalists have the usual

incentives to portray the risks in the most frightening manner possible, but neither

the criminals themselves, nor those who work against them, have much incentive to

provide better information. Clearly, criminals themselves have good incentive to

keep a low profile. Yet online security firms, who have more data than most about

the true extent of the threat of online criminals, have an obvious incentive to

exaggerate the risk so as to get more customers.

This is unfortunate. What evidence we do have suggests that there is a lot

there to study. Tyler Moore, Richard Clayton and Ross Anderson, in a widely cited

overview article, suggest that online criminal networks have succeeded in

recreating many of the advantages of the division of labor on a very wide scale. For

example, in online credit card fraud, hackers work to secure large databases of

stolen credit card numbers illicitly, selling them in bulk packages to brokers, who in

turn break up these packages and sell them to cashiers, who recruit (sometimes

unwitting) mules to send on goods bought with the cards.

6

So many, so various, and so complex a set of organized activities raises many

research questions. This paper focuses on one such question: what is the

relationship between pseudonymity and trust among lawbreakers on the Internet?

Some forms of criminality (e.g. spam) do not necessarily directly implicate

trust. Many spammers prey on our trust, but others may sincerely want to sell us

products that we do not want; the distinction between legitimate commercial email

and obnoxious spam is notoriously difficult to fix.

Others parasitize or predate upon the forms of impersonal exchange that the

Internet has facilitated, seeking to crack servers or fool individuals so as to gain

access to personal information that can be used e.g. to gain access to their bank

accounts. Here, there are problems of trust but they are one-‐sided; I, as a scammer,

try to fool you into believing that I have access to the hidden funds of a deposed

Nigerian dictator, in order to persuade you to provide me your financial details, and,

perhaps, money to lubricate the process of getting access to his bank account.

Successful conmen are artists of the manipulation of trust.

Others yet involve forms of exchange that are outlawed (e.g. exchange of

hacked credit card numbers; the buying and selling of illegal drugs) but potentially

of value to both transacting parties. Here, the problem of trust is two sided, and

more potentially interesting, since both parties to a potential transaction will want

the transaction to take place, but will fear deception by the other party. This means

that they have some common incentive to build arrangements that will facilitate the

transaction. Con artists and their victims have incentives that are ultimately

incompatible – the one wants to cheat, the other not to be cheated. Yet many

7

transactors, although they may reasonably fear being cheated, want to arrive at a

mutually acceptable arrangement that might foster trustworthy behavior. The

problem for these transactors is precisely how to eliminate the risk of cheating on

both sides.

These difficulties are specific examples of a broader set of problems. As Diego

Gambetta (e.g. 1996, 2009) has argued across a variety of books and articles,

criminals have difficulty both in identifying each other and in communicating

credibly with each other. The Sicilian Mafia and its American offshoot have evolved

an elaborate series of mechanisms for identifying whether someone is a member,

although these mechanisms can be gamed (ibid). More broadly:

Criminals are constantly afraid of being duped, while at the same time they

are busy duping others. They worry not only about the real identity,

trustworthiness, or loyalty of their partners but also about whether their

partners are truthful when claiming to have interests and constraints aligned

with theirs (p.xvii, Gambetta 2009).

Such concerns are described in less elegant terms by a frustrated commenter on the

“Hidden Wiki,” a site that lists addresses for both licit and illicit TOR Hidden

Services (see below for discussion of what TOR Hidden Services are).

I have been scammed more than twice now by assholes who say they’re legit when I say I want to purchase stolen credit cards. I want to do tons of

8

business but I DO NOT want to be scammed. I wish there were people who were honest crooks. If anyone could help me out that would be awesome! I just want to buy one at first so I know the seller is legit and honest.2

The anonymous commenter’s desire to meet ‘honest crooks’ nicely illustrates

problems of trust among criminals on the Internet. It is hard for a buyer to ensure

that she will not be ripped off. If she hands over the money before receiving the

goods, the seller may disappear, or provide her with expired credit card numbers

(stolen credit card numbers quickly lose their value). The vendor faces the same

problem in reverse – if she provides the goods before receiving the money, she will

likely never see the money. Each faces the strategic problem and dismal equilibrium

identified in Partha Dasgupta’s (2000) trust game; each, consequently has good

reason not to play in the first place.

This problem is exacerbated by a feature of the Internet that is otherwise of

enormous advantage to criminals in other ways. If criminals are technically adept,

they can often preserve a higher degree of anonymity than they could in physical

interactions (although even very technically adept users can make compromising

mistakes if they are not careful).

This, obviously, can benefit them greatly. Criminals do not want to be

entrapped or otherwise identified by law enforcement. Yet it also creates a far

greater burden for trust among criminals. If you do not know whom you are dealing

with in a transaction, it makes it far harder to trust your interlocutor. On the one

hand, the Internet makes it easier to conceal your identity e.g. if you are buying or

2 See http://www.thehiddenwiki.net/tor-‐links-‐directory/name/tor-‐carding-‐forums/ (checked September 18, 2014).

9

selling illicit goods or services, so that you are less likely to be caught and convicted.

New technologies (described in the next section) can greatly facilitate anonymity.

On the other, anonymity makes it harder to carry out successful economic

exchanges. It lowers the cost – perhaps dramatically – of cheating buyers if you are a

seller, and cheating sellers if you are a buyer.

The partial solution that many criminals have adopted is pseudonymity.3 If

you maintain a pseudonymous identity for a period of time, you may demonstrate a

pattern of behavior that suggests that you are trustworthy. As your pseudonymous

identity becomes identified with trustworthy behavior, it becomes more valuable. A

trustworthy pseudonym, in this context, plays much the same role as a corporate

identity can in David Kreps’ (1990) work on corporate reputation. It becomes a

marker that may be associated with expectations that those bearing the marker will

behave in a trustworthy way in situations that are impossible to anticipate perfectly

ex ante.

It is even possible, as with corporate identity, that a valuable pseudonym can

be passed on to a new individual. The individual running the illegal online Silk Road

marketplace called himself the Dread Pirate Roberts, referring to a character with a 3 Of course there are many excellent reasons why one might want to maintain a pseudonym apart from the desire to engage in illegal conduct. For example, many women find themselves systematically harassed if they say unpopular things on the Internet; they might reasonably wish to maintain a gendered or non-‐gendered pseudonymous identity so that they can maintain a consistent role in conversation while making it difficult for harassers to figure out who they were. As per Richard Sennett’s arguments about eighteenth century coffee houses, pseudonymous or anonymous identities may also allow forms of play with identity that would not be possible were individuals named. More succinctly; my intention is not to tar pseudonymity by association with criminal activity so much as to suggest that criminals, like many other classes of individuals with very different motivations, may wish to maintain pseudonymous identities.

10

serial identity from the cult movie, The Princess Bride, and also claiming that he was

not himself the original Dread Pirate Roberts, and would in time he would sell or

pass on the title to someone else.4 These claims may have been untrue – federal

prosecutors claim that they have identified one individual who both created and

held onto the identity. However, after his arrest the Silk Road was recreated under a

new individual, who claimed the same title, clearly seeing it as a valuable one. The

trustworthiness adheres to the pseudonym rather than to the individual, and to the

extent that a reputation for trustworthiness provides a valuable income stream

stretching into the future, it may itself serve to anchor trust relationships, by giving

the possessor of the pseudonym incentive to be trustworthy.

Of course, Internet based pseudonyms have their own problems. On their

own, they are costless signals. Without some external structure of validation,

anyone can claim to be the Dread Pirate Roberts, and it will be impossible to

distinguish the real Pirate from his imitators.

4 The title was likely chosen specifically so as to suggest that the role could be transmitted to others. In the script for The Princess Bride, Westley discusses the role of the Dread Pirate Roberts as follows: “Roberts and I eventually became friends. And then it happened. Well, Roberts had grown so rich, he wanted to retire. So he took me to his cabin, and told me his secret. “I am not the Dread Pirate Roberts”, he said. “My name is Ryan. I inherited the ship from the previous Dread Pirate Roberts, just as you will inherit it from me. The man I inherited it from was not the real Dread Pirate Roberts either. His name was Cummerbund. The real Roberts has been retired fifteen years and living like a king in Patagonia.” … Then he explained that the name was the important thing for inspiring the necessary fear. You see, no one would surrender to the Dread Pirate Westley. So we sailed ashore, took on an entirely new crew, and he stayed aboard for a while as first mate, all the time calling me Roberts. Once the crew believed, he left the ship, and I have been Roberts ever since. Except now that we’re together, I shall retire and hand the name over to someone else. Is everything clear to you?”

11

Other problems abound. The anonymous commenter cited above suggests

that she wants to test the quality of the goods first, by buying a single credit card,

before committing further. While this may weed out casual con artists (who will not

have any valid credit cards), it will do little to deter more sophisticated scammers,

who may deal fair at first in order better to gull the buyer into making a larger

commitment downstream. Finally, when the commenter also suggests that she

would like an introduction to someone who will not rip her off, she is not displaying

any very great understanding of the incentive structures. Since the people providing

her with recommendations are themselves anonymous or pseudonymous, there is

nothing to stop a scammer recommending herself as a trustworthy business

partner.

In short, exactly the features that recommend online interactions to criminals

make it even more difficult for them to trust each other. The Internet makes it easy

to be anonymous, or pseudonymous, concealing one’s identity from law

enforcement. But just these same features make it easy to scam other criminals,

manufacturing and discarding identities as needed in order to rip them off, without

any very great likelihood of retaliation.

New tools for exchange on the Internet

Many early prominent boosters of the Internet were libertarians, convinced that it

provided an alternative means of social organization that would, over time,

12

undermine the state. Early believers emphasized the way in which the Internet had

no central node that e.g. a government could seize to control communication, but

instead was a ‘distributed network,’ which provided a proliferation of multiply

redundant routes through which information could move from one point to another.

In the words of one frequently repeated aphorism, the Internet “interpreted

censorship as damage, and routed around it.”

However, these grand pronunciations turned out to be wildly over-‐

optimistic. In fact, governments have been able to successfully identify a variety of

weak points in the Internet, and employ censorship technologies exploiting them to

e.g. crack down on political and religious dissidents (Deibert ed. 2008).

Furthermore, claims that the Internet was a true distributed network turned out to

be incorrect, making the Internet significantly more vulnerable to censorship.

Finally, mainstream online payment technologies involve banks and credit card

issuers, and are far more vulnerable to state oversight and investigation, thwarting

many criminal networks. For example, when authorities have been able to take over

pedophile websites, they have often been able to use credit card payment histories

to identify and prosecute the sites’ members across multiple jurisdictions.

Some so-‐called ‘cypherpunks’ advocated more far reaching ways of building

exchange networks that could evade the surveillance of the state, and over time

corrode it. The mathematician and activist David Chaum proposed so-‐called ‘mix

networks,’ which would combine strong public key encryption and carefully

designed protocols, allowing people to exchange information in ways that made it

extremely hard to work out who was talking to who. Chaum and others also sought

13

to use encryption to develop cybercurrencies, which would again use encryption to

make it hard to work out who was paying who.

Cypherpunks hoped that these and other technologies would weaken and

perhaps destroy the state, as its fiscal base dissolved into a plethora of untraceable

transactions. They recognized that these technologies could be used for malign

purposes – one notorious paper proposed the creation of an anonymized market in

assassinations, but saw this either as the necessary price of freedom, or as

potentially beneficial (if e.g. the people assassinated were high government

officials).

These sweeping prognostications have not come to pass, nor are likely to.

However, they did lead to two broadly deployed technologies, which have been used

by actors interested in avoiding government attention.5 Chaum’s “Mix Network” is a

direct ancestor of TOR (‘The Onion Router’) a widely used system piggybacking on

the Internet that provides a far greater degree of anonymity than conventional

Internet protocols. In particular, Tor allows users to access ‘Hidden Services’ – sites

that are completely invisible to users who have not installed specific browser

software, are unreachable unless you already have the address, and are effectively

nearly impossible to trace unless the site owner makes a technical error.6

5 The claims made in this paper are sufficiently broad that they do not require a detailed description of the specifics of these technologies. For an introduction to TOR’s Hidden Networks service, see https://www.torproject.org/docs/hidden-‐services.html.en. For a useful and user friendly discussion of Bitcoin, see Michael Nielsen’s primer at http://www.michaelnielsen.org/ddi/how-‐the-‐bitcoin-‐protocol-‐actually-‐works/. 6 Documents leaked by Edward Snowden suggest that even national intelligence agencies have enormous difficulties in cracking TOR. The FBI claims that the “Silk Road” website, which will be discussed in the main part of the paper, was made

14

Chaum’s and others’ proposals for digital currencies based on encryption

foreshadowed the creation of Bitcoin – a distributed currency that has enjoyed

enormous publicity and significant growth in acceptance over the last eighteen

months. While it is not completely impossible to trace Bitcoin transactions (the

protocol relies on a publicly shared ‘blockchain’ recording all transactions), it is

difficult and inconvenient. Furthermore, there are ways in which transactors can

‘mix’ Bitcoin transactions together, making it harder to distinguish them from each

other.

These two technologies have a very wide variety of legitimate uses. For

example, the TOR network was used by dissidents to access websites during the

Arab Spring. Bitcoin is not a generally recognized currency, but is accepted by many

legitimate businesses for a variety of transactions. Even so, these technologies are

obviously attractive to some criminals. Few lawbreakers want to be caught. Just as

TOR helps dissidents communicate in a clandestine fashion, it helps criminals to

communicate with each other so as to find vendors, customers and partners. Bitcoin

allows criminals to exchange money using a system that is far more opaque than the

conventional financial system (which may flag unusual movements, report

suspicious transactions under ‘know your customer’ laws, or provide aggregate data

to law enforcement authorities for analysis).

Even if these technologies help criminals avoid law enforcement, they do

little to make it easier for criminals to trust each other, and may indeed make it

vulnerable by a configuration error. However, technically minded critics have suggested that there are inconsistencies in the FBI’s account, and that it may be engaged in “parallel construction” to conceal the actual methodologies involved.

15

harder. They promote anonymity or pseudonymity at the expense of accountability.

Tor Hidden Services allow individuals to set up exchanges that are more difficult for

law enforcement to track, but also make it hard for individuals who feel they have

been cheated to find recourse. Unless they have specific personal information, they

will find it hard to track down cheaters offline. Similarly, Bitcoin provides a

distributed and difficult-‐to-‐track currency that supports payments, but one that is

vulnerable to fraud – once Bitcoins have been transferred, like cash, they are very

nearly untraceable.

The problems described in this and the previous section create a major

challenge for criminals seeking to make use of the Internet. Specifically, they create

a need to build mechanisms of accountability and identification. If a criminal wishes

to gain trust from others, she will be well advised to somehow make herself

accountable to them. As Thomas Schelling notes (1960), the right to be sued is a

very valuable one. Criminals, who cannot be sued in ordinary legal processes, have a

strong incentive to come up with some proxy. If she furthermore wants to take

advantage of pseudonymity to build a long term reputation for reliability, she will

need to somehow to prevent others from using her pseudonym to cheat the gullible

and trashing her reputation.

Sometimes, it will be possible to develop these mechanisms offline. There is

far less good research than one would like on the relationship between offline and

online criminal networks. However, one reason why they might merge is that online

16

criminals can benefit from the accountability provided by the offline network to

facilitate engaging in certain kinds of sophisticated transactions.7

Sometimes, it may make better sense to create online mechanisms for

underpinning trust and accountability. I turn to this in the next section.

Creating Order Without a Full State

The most obvious solution to the problem of trust on the Internet is to join or

create some kind of community. As scholars such as Michael Taylor (1987) have

observed, communities provide a space for multi-‐faceted transactions in which

people can get to know each other over time, and hence potentially solve the

problems of anarchy. Well working communities enforce honest behavior through

decentralized mechanisms. Everyone is aware of the norms governing the

community, and upholds them. People who do not conform to these norms are

punished, or actively shunned or driven away.

However, Taylor’s anarchic communities only offer a highly imperfect

solution to online criminals trying to solve the problem of trust. First, they scale

badly. As game theoretic models demonstrate, organizations with centralized

enforcement are able to enforce honesty over much larger populations than

7 Of course this is not the only possible reason. It may also be that offline criminal organizations can use their notoriously effective powers of persuasion to encourage online criminals with lucrative businesses to come under their protection. It may also be that offline criminal networks have better opportunities to provide political protection, especially in countries like Ukraine and Russia, where the distinction between gangsters and legitimate businessmen with strong state connections is often less distinct than one might like.

17

communities that rely on purely decentralized enforcement (Calvert 1995). Second,

they assume a relatively static population of actors. If people are free to pretend to

be other people within the community, or to leave the community under one

identity and rejoin under another or to maintain multiple independent and

apparently unconnected identities within the community, then community

enforcement becomes far easier to game, and far more difficult to enforce.

Criminals have created communities online, but typically have tried to

combine elements of community enforcement with elements of hierarchy. The most

obvious – and most crucial – way in which hierarchy structures community is

through assigning (and to some limited extent policing) identities. For example,

Afroz et alia use data dumps (presumably generated by hostile actors) to examine

five shady online communities. These communities were involved in very different

activities, ranging from generic online crime and malfeasance, through ‘black hat’

search engine optimization (which is not illegal, but liable to get perpetrators

punished severely by search engines if detected), credit card fraud and exchanging

pirated movies. Despite this, all five shared similar forms of organization.

Afroz et al. identify each community as having a very small group of

administrators, who were often founders of the community or their very close allies.

These administrators appointed moderators who carried out many day to day

administrative tasks, helped by a variety of tools aimed e.g. at detecting multiple

accounts. Ordinary members also played a role in reporting bad behavior – they

could tag inappropriate content, and affect other users’ reputations by providing

positive or negative feedback that moved the latter’s reputation score up or down.

18

Some forums maintained specific lists of identified bad actors with evidence of their

bad behavior; one also had an elite zone, where only those with a high reputation

were allowed to trade. Moderators also have the power to ban identified bad actors.

In addition, specialized actors evaluated the qualities of the goods on offer in

commercial forums in exchange for a percentage of the profits.

In large part, these similarities between different criminal communities are

the result of software code: the founders of these communities run recognizable

cousins of common online community building software packages. They hence

resemble not only each other, but legitimate online communities such as Wikileaks,

Slashdot and MetaFilter.

However, these communities have turned these generic tools towards the

specific problems of trust among criminals. Rather than simply trying to ensure that

contributors are e.g. reasonably polite and substantive, these tools are used to

provide information about criminals’ reputations, as buyers, sellers, or members of

a diffuse community. This, in turn gives criminals some incentive to behave

honestly, so as not to endanger their reputation, and hence their ability to trade with

others in the future. Reputation becomes valuable, because it is attached to a

community, and certified through mechanisms such as password protection that

make it difficult for one actor to simulate the identity of another. And because it is

valuable, it can act as a partial anchor for honest behavior.

To some extent, these communities run themselves – users comment on each

other and rate each other for honesty. Yet they only work because of software which

has hierarchical elements designed in, granting an extraordinary degree of authority

19

to the community’s administrators, and those to whom the administrators have

delegated authority. Without this authority (and indeed the ability of the

administrators to tweak elements of the system in response to perceived failures), it

is highly unlikely that these communities would work at all. As Yip et al. (2013)

hypothesize in their study of online marketplaces for stolen credit card numbers:

the inherent hierarchical management structure and network boundary offered by forums greatly assists cybercriminals in implementing a well coordinated management system for monitoring and regulating behavior in the underground market.8

Criminals who participate in these communities have thus made a semi-‐

Hobbesian choice. They have effectively agreed to hand over ultimate control over

their interactions within the community to figures who have absolute authority over

how the community is run, and indeed whether it exists at all. Furthermore, they

have made this choice in the likely belief that unchallengeable authority is superior

to the alternative of taking their chances through engaging in one-‐to-‐one exchanges

without any outside power of policing.

This is not to say that they have no bargaining weight whatsoever. Unlike the

citizens of Hobbes’ commonwealth, they always have the possibility of exit, which

both allows them to terminate anything that looks too much like systematic long

term exploitation, and to threaten escape if they feel that the administrators are

abusing their authority. Yet, as the next section will discuss, they can still be highly

vulnerable.

8 P. 3, Yip et al. (2013).

20

Perhaps the best public example of such a forum is the previously mentioned

Silk Road, a notorious market for drugs and other illegal commodities, which was

closed down in September 2013 after its chief administrator, the eponymous Dread

Pirate Roberts, was identified by federal law enforcement officials as Ross Ulbricht,

a San Francisco based libertarian and hacker. In its heyday, Silk Road was highly

sophisticated, using Tor Hidden Services, Bitcoin and Bitcoin ‘mixing’ facilities to

make it hard for law enforcement officials to track down the site’s owner and users.

It appears to have facilitated drugs transactions on a very large scale; when Ulbricht

was arrested, he allegedly held tens of millions of dollars worth of Bitcoin on his

computer, earned through facilitating transactions. 9

Security weaknesses allowed Nicolas Christin, a Carnegie Mellon based

computer scientist to monitor activities on the Silk Road for several months, and to

gather together a detailed database of transactions. The forum, like those previously

described, provided community and hierarchical mechanisms intended to underpin

honest transactions between people looking to buy and sell a variety of illegal and

legal commodities, most commonly drugs. However, Silk Road went significantly

further – it provided an escrow service for buyers and sellers. People looking to buy

commodities via Silk Road would transfer money to Silk Road’s escrow account. Silk

Road would then communicate the fact that the money had been received to the

seller. Once both buyer and seller were happy that the deal had gone through as it

should, the money in escrow would be sent, minus commission, to the seller.

9 Fluctuations in the value of Bitcoin, which is highly unstable as a store of value, make it difficult to provide an exact figure.

21

A trustworthy escrow mechanism clearly greatly eases problems of trust and

trustworthiness between buyers and sellers. So long as both trust the escrow, there

is far less incentive to cheat, since the cheated party can either refuse to pay (if she

is the buyer and has not gotten the good as promised) or refuse to send the good (if

she is the seller and the money has not been placed in escrow). Feedback on

transactions suggests that this mechanism was highly successful – Christin finds

that 97.8% of feedback on consummated transactions was positive. While this likely

exaggerates people’s happiness with the service, it suggests that incidents of fraud

were relatively rare.

However, well established vendors with high reputations were able to

demand that buyers settled early with them. This created the possibility of long con

attacks, in which fraudulent vendors establish a good reputation, and then cash out

by cheating all their customers simultaneously and disappearing. Christin records

one apparent incident of a “whitewashing” strategy, in which a well established

vendor declared a substantial discount for people ordering marijuana on “Pot Day,”

attracted an unusually large amount of customers, and then absconded with their

money. Of course, there is a second and more systematic risk associated with

escrow accounts. They do not so much solve the problem of trust as transfer it from

the parties to the transaction to the actor (typically the site administrator) who runs

the escrow system.

In conclusion, there is evidence that criminals can trust each other online –

so long as their transactions take place in the context of a community where they

can build up long term pseudonymous identities and use these identities to anchor

22

trust relationships. However, joining such a community requires a semi-‐Hobbesian

tradeoff. If a criminal uses the community’s automated and social systems to

validate and protect her pseudonymous identity, she is also, necessarily, placing her

assets at risk. Her ability to maintain this identity depends on the continued good

will of the community’s administrators. If she makes use e.g. of an escrow system

run by the administrators, then this puts her money as well as her reputation at risk

of being expropriated.

This points to a second crucial set of trust relationships – trust not only of

one’s fellow transactors, but of the authorities which oversee and perhaps

intermediate directly in these transactions. They too may have incentives to behave

in an untrustworthy fashion. They too may want to use reputation as an anchor. I

turn to these problems in the next section.

Trusting the Leviathans of Cybercrime

Online moderated communities do not solve the problem of trust among

criminals, so much as they displace it. If criminals do not trust the community

administrators and moderators, then they will not trust other criminals within the

system that these administrators and moderators oversee. Administrators must act

as a kind of micro-‐Leviathan, deploying a near absolutist authority in pursuit of the

general good if they are to underpin free exchange among the many community

members.

23

This presents an obvious chicken and egg problem. Someone who sets

herself up as the administrator of a community aimed at online lawbreakers is

asking others to trust that she will run the community fairly. But since she herself

has no good means of validating her identity, potential members of the community

will have no good reason to trust her. These problems of trust were presumably

even harder for the first wave of people creating these sites, who had to contend not

only with distrust in their intentions, but also skepticism that the scheme could

work even if everyone were honest.

It isn’t clear exactly how these problems were solved by the initial creators of

Silk Road and other such communities. It is possible that shared ideology proved a

significant early inducement for people to trust others who they should perhaps not

have trusted. Casual empirics would suggest that many of the users and

administrators of these sites are fervid libertarians, whose attachment to online

illegal markets goes beyond making money into a commitment to fundamentally

remake politics. This may have provided sufficiently strong perceptions of common

ground that people were willing to trust others who sent the right signals, even if

they had no grounded reason, beyond political signals of a common ideology, to

trust them.

However, shared ideology is probably not sufficient in itself. The

administrators of new sites may possibly have tried to send costly signals that they

were honest and committed to trading honestly in the long run rather than cheating

people and running for the hills. Anecdotal evidence suggests that the founder of

24

Silk Road offered free merchandise to early members.10 This plausibly served as a

costly, though imperfect signal that the Dread Pirate Roberts was committed to long

term relationships, and to the long haul – if one invests significantly in building up

relational capital, one probably is not going to cheat immediately.

More generally, the only way that would-‐be administrators can attract

potential members to their community is by signaling they are reliable. However,

such signals need to be credible, and generating credibility is hard. Malign

administrators are more than a theoretical danger. The community of online illicit

marketplaces has been roiled by fraud and allegations of fraud for the last year.

Shortly before the collapse of the first version of Silk Road, another major

marketplace, Atlantis, disappeared, taking a lot of its customers’ Bitcoin with it.

After Silk Market fell, one of its major competitors, Black Market Reloaded closed

business, saying that it wasn’t able to handle the surge of new customers, while

another, the aptly named Sheep Marketplace, sheared its customers of tens of

millions of dollars worth of Bitcoin, closing after it claimed that its security had been

compromised by one of its vendors. Dissatisfied customers suspected an inside job,

and speculated that the entire site had been a scam from the beginning. The

administrator of a third, less significant market admitted after closing that he had

stolen his customers’ Bitcoin.11

10 See e.g. http://silkroad5v7dywlc.onion/index.php?topic=58102.0 checked October 4 2014 (only available via Tor Browser). 11 Andy Greenberg, “Silk Road Competitor Shuts Down and Another Plans to Go Offline After Reported $6 Million Theft,” Forbes.com, December 01 2013. Available at http://www.forbes.com/sites/andygreenberg/2013/12/01/silk-‐road-‐competitor-‐shuts-‐down-‐and-‐another-‐plans-‐to-‐go-‐offline-‐after-‐6-‐million-‐theft/ (checked October 4, 2014).

25

Given credible fears of fraud, some actors have adopted a signaling strategy

of linking themselves to reputations established on a previously trustworthy site.

This approach was taken by the administrators of “Silk Road 2.0,” which was

announced by a former Silk Road moderator, “Libertas,” on the original site’s

forums, displaying his PGP key (a key facilitating encoded communications which

can also serve as a reasonably reliable indicator of identity. This replacement site

started business a little over a month after the initial site’s demise.12 Libertas and

his or her colleagues were able to build both on the brand name of the previous site,

and leverage their own reputations acquired in the course of transacting on that

site. A new “Dread Pirate Roberts” emerged as senior administrator.

Initially, the site appeared likely to succeed, because it was able to build on

the success of its prior incarnation. In Christin’s description:

Silk Road has history since a number of old vendors have re-‐appeared on the new marketplace— and with history you can build reputation, which is paramount in the commerce of illicit goods, be it online or offline.13

However, the new version of Silk Road soon found itself plagued by serious

problems. The first was generated by law enforcement – US legal authorities have

drawn up indictments against three individuals, claiming that they were key site

administrators of Silk Road 2.0, including ‘Libertas.’ Shortly after the arrests, the

new Dread Pirate Roberts disappeared, saying that his account had been

compromised, although claiming that the site as a whole was still secure. He has not

12 Digital Citizens’ Alliance (2014). 13 Quoted in ibid., p. 8.

26

appeared, nor, apparently has his appointed successor, leaving the site to be run by

a former administrator. Worse was to come. The Silk Road 2.0 was compromised,

perhaps thanks to a subtle bug in the implementation of the Bitcoin protocol,

allowing unknown individuals to make off with a very large amount of Bitcoin from

Silk Road 2.0 customers.

This led Silk Road 2.0, which was on the verge of complete collapse to adopt a

new and different signaling strategy – of ceasing to operate an escrow service until

it was able to implement a variant that did not rely on any single actor, and

promising that it would fully refund all customers who had lost money through

fraud. While Silk Road has still not implemented a safer form of escrow, and has lost

some customers to other services, it has refunded the majority of customers

continues to operate with reasonable success. This is likely because it has sent out a

highly costly signal – that it is prepared to make good customer losses even if it has

to bear substantial losses itself to do so. It is unlikely (though not impossible) that a

genuine scam operation would employ such a costly signal. Rather extraordinarily,

this avowedly criminal enterprise is behaving a little like a state, putting

commitment to principle above its short term interests, and hence creating an

environment in which it can (over the longer run) begin again to extract revenues,

and promote trusting relations within its community.

Conclusion

Trust among online drug dealers is obviously not a particularly socially

valuable form of trust. Many of these drug dealers, for all their appeals to libertarian

27

philosophy appear to be highly unpleasant people (Ulbricht appears to have

conspired to have enemies of his murdered).

Even so, it provides a very interesting laboratory in which one can see how

trust can grow even in highly unpromising conditions. People who only interact

with each other online do not – and cannot – know each other in the thick sense of

knowing that some theorists of trust talk about. When they are criminals, they

cannot appeal to character either. Nor do they usually have social networks that

they can fall back on, other than those they can construct themselves online. Even

so, they appear to be able to build quite substantial forms of trust that support

mostly honest interactions where the risk of cheating would appear, on the face of it,

to be very high.

This is in large part because they have been able to come together in

communities of actors with (relatively long lasting pseudonyms). These

communities work in some of the ways that offline communities do – they facilitate

the exchange of gossip and information, which both provides incentives for

individuals to be trustworthy and provides means to sanction those who are not. Yet

they require a substantial degree of hierarchy to work. Someone has to manage the

system, police pseudonyms, identify and ban cheaters and underpin transactions.

That someone has a remarkable degree of hierarchical power. Yet without such

power, the system would be unworkable. Perhaps, in future, we will see truly

distributed systems of identity maintenance to parallel distributed currencies such

as Bitcoin. Yet at the moment, no properly developed system of this kind is available.

28

The need for hierarchy displaces the problem of trust back one level. Trust

among community members can only be maintained if they trust the administrators

who are running their community. However, administrators do not have meta-‐

communities of their own to guarantee their good behavior, and hence need to fall

back on costly signaling and other hacks to signal their trustworthiness (and also,

sometimes, deliberately to abuse it).

These online communities resemble stripped down societies and states in

crucial respects. Specifically, they bear a distinct resemblance to the “states of trust”

depicted in Margaret Levi’s work. They are cousins of these states – from the distaff

side of the family to be sure, but with enough physiognomic similarities that one can

see them as family members. Just like Levi’s states, they support trust and

trustworthy activity among their ‘citizens,’ so long as the ‘states’ are seen

themselves as committed to long term principle rather than short term gain.

Because these communities operate in reduced form, one can easily see that

they support Levi’s, rather than Hardin’s account of the relationship between states

and citizen trust. Community members surely trust the administrators of their little

islands of criminal stability to some degree, since they have to. This is not to say that

this trust is always well placed or well advised. But no theory should limit trust only

to cases where it is ex post merited, since abuses of trust are as important to its

constitution as its justification by events.

Very obviously, criminal communities are not a perfect model for the larger

societies that they are embedded in. There, very plausibly, vast institutional forces

play a more important role than the more intimate forms of knowledge we associate

29

with trust. Yet as these communities show, trust of the traditional kind can turn up

in the most unlikely of places. It is plausible that there are other (and more readily

attractive) forms of trust to be found elsewhere in the interstices of our

technologies.

Bibliography

Afroz, Sadia, Vaibhav, Garg, McCoy, Damon and Rachel Greenstadt (2013), Honor among Thieves: A Commons Analysis of Cybercrime Economics (eCrime Research Summit). Byrne, David (1977), “Don’t Worry About the Government,” 1977. New York: Sire. Calvert, Randall (1995), “Rational Actors, Equilibrium and Social Institutions,” in Explaining Social Institutions (eds. Jack Knight and Itai Sened). Ann Arbor, MI: University of Michigan Press. Christin, Nicolas, “Traveling the Silk Road: A Measurement Analysis of a Large Anonymous Online Marketplace,” Proceedings of the 22nd International Conference on the World Wide Web, 213-‐224. Cook, Karen, Hardin, Russell and Margaret Levi (2005), Cooperation without Trust. New York: Russell Sage. Dasgupta, Partha (2000), “Trust as a Commodity,” in Trust: Making and Breaking Cooperative Relations (Diego Gambetta ed.). Oxford UK, Basil Blackwell. Deibert, Ronald (2008) ed. Access Denied: The Practice and Policy of Government Internet Filtering. Cambridge, MA: The MIT Press. Gambetta, Diego (1996). The Sicilian Mafia: The Business of Private Protection. Cambridge, MA: Harvard University Press. Gambetta, Diego (2009), Codes of the Underworld: How Criminals Communicate. Princeton, NJ: Princeton University Press. Hardin, Russell (1998), “Trust and Government,” Trust and Governance (Valerie Braithwaite and Margaret Levi, eds.). New York: Russell Sage Foundation.

30

Kreps, David (1990), “Corporate Reputation and Economic Theory,” in Perspectives on Positive Political Economy (James Alt and Kenneth Shepsle eds.). Cambridge UK: Cambridge University Press. Levi, Margaret (1998), “A State of Trust,” Trust and Governance (Valerie Braithwaite and Margaret Levi, eds.). New York: Russell Sage Foundation. Moore, Tyler, Richard Clayton and Ross Anderson (2009), “The Economics of Online Crime,” Journal of Economic Perspectives, 23,3:3-‐20. Schelling, Thomas (1960). The Strategy of Conflict. Cambridge MA: The Belknap Press. Taylor, Michael (1987), The Possibility of Cooperation. Cambridge UK: Cambridge University Press. Yip, Michael, Shadbolt, Michael and Craig Webber, “Why Forums?: An Empirical Analysis into the Facilitating Factors of Carding Forums,” Proceedings of the 5th Annual ACM Web Science Conference, 453-‐462.

AStateofTrustwithouttheState:! The!Political!Economy!of...

Documents

Transcript of AStateofTrustwithouttheState:! The!Political!Economy!of...