It's been more than a year since Ross Ulbricht was first arrested and named as the Dread Pirate Roberts, designer and proprietor of the Bitcoin-powered drug market known as The Silk Road. Today marks the first day of his trial, which many are already hailing as the most important trial of its kind. Prosecutors have grappled with Tor and Bitcoin before, but never on such a public stage or with so much media attention. It's a rare look at the way law enforcement approaches the dark web and the often secret tools it uses to do so.
A rare look at the way law enforcement approaches the dark web
So far, the biggest question isn't whether Ulbricht ran the Silk Road, but how you might prove it. Law enforcement caught Ulbricht as close to red-handed as possible, given the complex digital infrastructure involved. The strongest piece of evidence is Ulbricht's laptop, carefully captured in an unencrypted state, which contained Silk Road ledgers, operational files, and messages where Ulbricht appears to order hits on business rivals. That data will be paired with more files from the Silk Road servers, seized in Iceland. The defense will raise a number of crucial points about the investigation, but it will be hard to prove that law enforcement got the wrong man entirely.
How do you prove the true identity of a screen name?
But while there's plenty of evidence, the prosecution still faces the difficult challenge of connecting online evidence to the physical world, a process that gives the defense plenty of opportunities to poke holes in the case. Writing in Forbes, Sarah Jeong points out the first instance of this, a filing that refers to Ulbricht and the Dread Pirate Roberts interchangeably. The defense understandably objected, pointing out that the government hasn't proved it yet. (That, one presumes, is why we're having the trial.) But how do you prove the true identity of a screen name, especially a transferable one like Dread Pirate Roberts? When you move into deliberately anonymous identities, like Bitcoin wallets or Tor addresses, the problem becomes even harder. Prosecutors have been able to gloss over difficulties like this in the past, but with Ulbricht's well-funded defense, it makes it likely they'll be called out on any technical inconsistencies in the case. And if Bitcoin's anonymity measures ultimately keep Ulbricht out of jail, it would have massive implications for both law enforcement efforts and the currency itself.
There's also the question of how law enforcement tracked down Silk Road's servers in the first place. The Silk Road was only accessible through a Tor address, which should have concealed its physical location, but law enforcement's first break came when it was able to trace the site back to a server in Iceland, where it could be seized with a local warrant. Throughout the indictment, law enforcement has claimed a poorly configured CAPTCHA test ended up leaking the location, but many observers have been skeptical of that claim, particularly since the first data leak seems to have happened a full six weeks before the investigation officially began. Many have taken the discrepancy as evidence that law enforcement has a secret way of attacking Tor and is using the CAPTCHA as cover. (The Tor Project has vigorously denied these claims.) Like any inconsistency in evidence, you can expect Ulbricht's lawyer to push hard on this point.
Does law enforcement have a secret method for attacking Tor?
But really, the questions about servers and digital identity are just elements of a larger fight over law enforcement's power over the trickier corners of the web. For years, people like Ulbricht have used tools like Tor and Bitcoin to stay ahead of law enforcement, but law enforcement is catching up. Silk Road was the most flagrant example, but the same ethos of liberation-through-technology is in play in the crusades of Anonymous or the chaos of 4chan. In both cases, the web created a place that was out of the reach of governments — or at least felt like it. In many ways, the Ulbricht trial is about testing the truth of those claims and setting precedents for the next time law enforcement decides to invade them.
Those precedents have big consequences, and we won't have to wait long to see them play out. The government is already pressing its case against Blake Benthall, Ulbricht's alleged successor as proprietor of the Silk Road 2.0. If Ulbricht finds a legal loophole in the way prosecutors treat Bitcoin, it may stay open for Benthall and for the others after him. Likewise, if Ulbricht's anonymity doesn't hold up in court, it will send a clear message that the tools he used to protect himself aren't as powerful as he thought. Whichever way it goes, it will leave a mark on the web for decades to come.