Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll

from the kids-and-their-dang-vidya-games dept

Governments sure seem to hate online advertisers and the platforms that profit from targeted advertising and tailored content algorithms. But they don’t — at least in this case — have anything against engaging in exactly this sort of behavior if it helps them achieve their ends.

In 2015, UK’s National Crime Agency started a program called Cyber Choices, which was meant to steer young people away from being malicious hackers. Starting with the assumption that any form of hacking would ultimately result in malicious hacking, the NCA hoped to engage in interventions that would redirect this apparently unguided energy into something more productive and less harmful.

The NCA’s insistent belief that children are our (grimdark) future if left unattended, it started making stupid assertions, like claiming modding videogames was the gateway drug for black hat hackers. To steer curious youngsters away from malicious hacking, the NCA got into the targeted advertising business.

Through the Cyber Choices program, the NCA identifies “at-risk” young people, based on online activity which indicates a potential interest in cybercrime forums or the purchase of cybercrime tools. Using a set of risk characteristics, the NCA then targets these young people before they engage in serious illegal activity.

Once identified, NCA officers visit these young people to discuss their behavior with them and with their parents.

Data gleaned from this program is also utilized in a complementary “influencer operations” project, in which young people, some as young as 14, who have googled cybercrime services receive targeted Google advertisements informing them that these services are illegal and that they face NCA action if they purchase them.

This raises multiple concerns, not the least of which is “pre-criming” minors because they’ve researched things they’re curious about. On top of that is the advertising targeting minors, something normally considered to be out-of-bounds behavior if performed by a private company. Apparently, the UK government feels it’s ok if it does it.

And a recently released report [PDF] on “targeted advertising by the UK state” by the Scottish Centre for Crime and Justice Research (SCCJR) says this combination of targeted advertising and pre-crime snooping on minors is at least achieving its aims.

These adverts, targeted at UK adolescents between the age of 14 and 20 with an interest in gaming, are calibrated to appear when users search for particular cybercrime services on Google, informing them that these services are illegal and that they face NCA action if they purchase them. Beginning as simple text-based adverts, the NCA developed them across a six month campaign in consultation with behavioural psychologists and using the data they were collecting from their operational work.

[…]

There is evidence that the adverts themselves have been extremely effective in dissuading particular kinds of online crime, with a six-month NCA campaign appearing to be linked to a total cessation in growth in the purchase of Denial of Service attacks in the UK, at a time during which these attacks were rising sharply across in comparable nations (Collier et al., 2021).

It doesn’t go so far as to say the ends justify the means, but it does make the assumption the ends are being accomplished with the assistance of the means, no matter how questionable those means are. This is the sort of thing that tends to get tech companies hauled in front of government inquiries. Here’s SCCJR’s of the UK government’s ad campaign.

It is striking how closely this process of gathering information and tailoring intervention resonates with (refracted through the logics of law enforcement practices) the practices of data gathering and iterative messaging development of the private sector consultancies who provide marketing services commercially. The iterative cycle of identifying and surveilling ‘at-risk’ children, targeting for in-person intervention, collecting information directly, moving on to focus groups, and then feeding these data back into an overall framework which guides the targeting and design of operations is reflective of similar practices of identifying customer groups, quantifying likelihood of purchase, conducting primary consumer research, and then feeding this information back into an overall campaign.

As it drills down into the details of this program, it also notes how the program drills down on minors suspected of Googling the wrong stuff, using Orwellian phrases like “tightening the network of surveillance and messaging developing around young people.”

I assume SCCJR won’t be asked to write any press releases for the NCA, which uses far cheerier phrasing as it pitches offshoots of this program to educators of kindergarten and elementary school students.

It’s well known that many children under the age of 12 are becoming tech savvy and have access to various technologies. A great source of information to teach them legal ways to use tech, is the Barefoot Programme. It enables primary school teachers (KS1 & 2) [explanation of these terms here] to deliver the computer curriculum effectively and in an entertaining way. Barefoot offer free face-to-face workshops, helpful online guides and engaging lessons.

And while we’re talking about things supposedly-free governments shouldn’t be thinking out loud, the phrasing moves from Orwellian to slightly friendlier fascism when discussing how the ads “nudge” minors towards more productive uses of their tech skills.

[Cyber Choices, et al] present not only a diversion from a negative behaviour or rationale but also a positive assertion drawing on the aesthetics of the target culture but often repurposing them in the context of a productive capitalist subject, concerned with consumption, accumulation of wealth, community ties, mainstream success, and job opportunities in the legitimate economy.

Work sets you free, say the targeted ads. And carried with it is an unsubtle reminder that the only acceptable path through life involves making lots of money to buy lots of stuff. Which I guess adds “They Live” into the mix. Alarming stuff, especially since we’re still talking about the targeting of minors.

Like law enforcement everywhere in the world, UK agencies are increasingly reliant on data and analytics to make decisions about enforcement efforts. Some of those enforcement efforts start before any crime has been committed. And the efforts are skewing younger and younger. Here’s The Crime Report noting that UK police are getting kids started on state surveillance as soon as possible.

A PowerPoint presentation delivered by West Midlands Police at the 2017 Excellence in Policing Conference indicates that the National Data Analytics Solution uses data from young people “up to 11” and “11 to 16” age groups, noting that “The younger you are when you commit a co-offending offence the more likely for you to go ahead to commit other crimes.”

A briefing note prepared by West Midlands Police Ethics Committee argues for the “social benefit of being able to identify the circumstances and reasons (particularly for young people) that lead individuals to commit their first violent offence …

Fortunately, the SCCJR report doesn’t conclude without noting the considerable downsides of programs like NCA’s Cyber Choice.

A central critique of these measures, and one which is no stranger to ‘nudge’ and behavioural science (Ewert, 2020) is their contested relationship with democracy; that as practiced they are essentially top-down, providing public bodies with a unidirectional capacity to shape the online environment, behaviours, and cultures of their citizens (and those groups who fall under their control but are denied citizenship). The notionally holistic approach to policy which this constitutes does indeed draw on a very wide set of levers – culture, economics, individual psychology, structural considerations such as poverty or racism – but instantiates them in a single site, the risky individual and their decisions. This is far from a liberatory (or even liberal) conception of state power, resting on the contention that individual behaviours and community cultures are the root of policy problems. Although some feedback from citizens does form a part of these processes, it often grants them little in the way of agency to shape policy themselves, contributing instead data to market researchers about their thoughts, opinions, and cultural sensibilities which can be drawn on by policymakers in making decisions, often in ways to which target communities might reasonably object.

It also notes the kids are savvier than the cops think. And that’s going to make targeted ad programs counterproductive.

The phenomenon of ‘blowback’, the violently negative reactions which occur when groups realise that they are being subject to these measures, reflect the fact that people’s relationship with media is multifaceted – they know that the targeted influence infrastructure exists, they can often tell when it is being used and speculate as to how they are being targeted, and can react not only to messages to which they are exposed, but to the broader political dimensions of the messaging practices themselves. There is also the potential for these influence approaches to in fact serve to expose vulnerable groups to the very messages and narratives which policymakers are trying to counter, spreading them far wider.

If the UK government really wants to cultivate a generation of activists that forcibly subject governments to greater transparency and accountability by liberating their internal documents, this is a great way to do it. If it would prefer to control the narrative, it’s going to have to dial back on the targeted ads and targeted surveillance. The SCCJR suggests one better way to accomplish the government’s aims is to take more community-based approach, which eliminates individual targeting in favor of something more participatory and broad that encourages the government and the people it serves to seek solutions for these problems.

But those solutions require treating the public as an equitable partner, something most governments are unwilling or unable to do. And with tons of tech companies offering analytics, data harvesting, and other aftermarket add-ons for the surveillance state, governments are more likely to pretend what they’re doing is smart, rather than just evil.

Filed Under: , , , , , , , ,
Companies: google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll”

Subscribe: RSS Leave a comment
21 Comments
That Anonymous Coward (profile) says:

From the brilliant minds who said…
just get rid of the guns…
well shit knives…
just get rid of the knives…
FUUUUUUUU…
Ok restrict knives…
ARE YOU FSCKING KIDDING ME SPOONS?!
THEY ARE ATTACKING WITH SPOONS?!?

And now you know why the British have such terrible teeth, the final plan was to make sure all food would be run through a blender making sure no cutlery would be needed nationwide.

Lets piss off the only people in our homes who understand the parental locks on the tvs/cable boxes & will punish us for treating them like criminals because we’re worried they might become super hackers unless we stomp on their rights & liberty to force them to be a drone.

I might have read the poor man’s james bond before… somehow I still did not become a modern terrorist blowing things up (Ignore Pretendas claims)… maybe assuming the worst possible outcome causes that outcome when you treat people as bad before they’ve ever actually done soemthing bad.

Anonymous Coward says:

Starting with the assumption that any form of hacking would ultimately result in malicious hacking

A bad assumption, true, but doesn’t a lot of the mentioned stuff sound like script-kiddie shit? I mean, one doesn’t learn any useful skills by financing a DDoS attack.

Lots of knowledgable people, however, did start by cracking and modding software, mostly games—or by breaking into servers—before moving into legitimate research or consulting. Many people, myself included, learned assembly language just for cracking ("where’d you learn how to read that disassembler output?", coworkers have occasionally asked while we’re debugging). DEF CON started out as a big party for people doing mostly illegal stuff, before it became a popular place for cybersecurity recruiting (by "the feds" and others). Counter-Strike was a Half-Life mod so good that the Half-Life developers hired the people behind it.

I do have to wonder whether the "we’re watching you" ads will actually change people’s behavior in a useful way. It’s entirely possible they’re just learning to cover their tracks or route their traffic outside the UK. Or, obviously, use ad-blockers.

Anonymous Coward says:

Re: doesn't a lot of the mentioned stuff sound like script-kiddi

it doesn’t. it sounds like people googling things they want to learn about, which does not imply any intention

no, not even if they googled “how to DDoS” or “how do i DDoS” is that implied, because of the way search engines work. those searches may get different results than “how do people DDoS” or “how does DDoS work” and there can be any number of motivations behind an attempt to access those results. what you type into a search engine can not reasonably be taken as an expression of intent because you aren’t talking to a person. you’re inputting keywords in the hopes of getting an obscured machine to give you the correct output, and any permutation of your input is merely an attempt to refine that output. it’s not the users’ fault the machine is pushing for inputs to become more similar to natural language syntax

PaulT (profile) says:

Re: Re: doesn't a lot of the mentioned stuff sound like script-k

Basically, nobody in the modern era is trying to work things out from scratch. Even professional software developers will often google something and adapt (or even just copy/paste) what they find in Stackoverflow rather than take the time to understand what they’re doing from the ground up.

But, I think it’s also a mistake to believe that nobody is starting from that point and then going back to learn what happened and improve their skills through that method. Some people never progress, but some people who start from basic scripts can become good hackers, be that white or black hat.

ECA (profile) says:

knowledge

Who does not know how knowledge is earned?
You cant go out and KNOW anything without abit of practice. If you could then we would put Babies as the Current group of Doctors.
LET them hack, let them See how things are programmed and then Let them experiment. Quit abusing/restricting knowledge.
These are the ones that will lead you into a Better Future if you let them do and learn.
DDOS, is fairly under control, After someone figured out HOW to redirect the incoming data. Zombie machines are easy to Un hack, after the AV programs figured out How they were setup.
It took centuries for the trumpet to get Valves to make more then a few notes. And the old trumpets took allot of practice to make them sound good.
If you dont let them learn and practice and advance, you will Never get that VCR programmed again. Ever. Do you want the correct time on your watch? HIRE THE KIDS. TEACH them good from bad, DONT abuse knowledge because you are afraid of it.

Upstream (profile) says:

UK's National Crime Agency?

We have lots of criminal government agencies in the US but none are quite so bold as to self-identify as clearly as this.

Work sets you free, say the targeted ads.

Wow. They really said this?

And . . .

a co-offending offence

I wonder if that is anything like pre-crime?

There is just a whole lot to be disturbed about in this article.

Anonymous Coward says:

The problem now seems to be that governments dont serve the people anymore, certainly Conservative based governments at any rate. They serve the governments, the rest of the members and friends, big business and the bosses, the security services and anyone else who can be of help in getting money for those above and preventing the people from having anything, in particular, privacy, freedom and a government working for them!

Anonymous Coward says:

They Stamp Them When They're Small

“The younger you are when you commit a co-offending offence the more likely for you to go ahead to commit other crimes.”

Supporting the British Youth Council then, providing youth with the "gateway drug" to more advanced political crimes by introducing them to Banking, Lobbying, Real Estate, etc…

Anonymous Coward says:

I guess it’s only a cybercrime if it’s done by an ordinary citizen. Meanwhile tech firms such as Google and Facebook can spy on us, stalk our location and know every aspect of our lives legally.

Maybe they should start focusing on the tech firms which are far more capable of causing harm to society than any teenager. How much damage have conspiracy theories and fake news on Facebook or Youtube done? I guess it would be MUCH larger than all the hacking done by every teenager in the UK over the last few years.

Anonymous Coward says:

I guess it’s only a cybercrime if it’s done by an ordinary citizen. Meanwhile tech firms such as Google and Facebook can spy on us, stalk our location and know every aspect of our lives legally.

Maybe they should start focusing on the tech firms which are far more capable of causing harm to society than any teenager. How much damage have conspiracy theories and fake news on Facebook or Youtube done? I guess it would be MUCH larger than all the hacking done by every teenager in the UK over the last few years.

Anonymous Coward says:

doesn't a lot of the mentioned stuff sound like script-kiddi

it doesn’t. it sounds like people googling things they want to learn about, which does not imply any intention

no, not even if they googled “how to DDoS” or “how do i DDoS” is that implied, because of the way search engines work. those searches may get different results than “how do people DDoS” or “how does DDoS work” and there can be any number of motivations behind an attempt to access those results. what you type into a search engine can not reasonably be taken as an expression of intent because you aren’t talking to a person. you’re inputting keywords in the hopes of getting an obscured machine to give you the correct output, and any permutation of your input is merely an attempt to refine that output. it’s not the users’ fault the machine is pushing for inputs to become more similar to natural language syntax

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...