News broke out across the world yesterday that Bosnian Serb war-time leader Radovan Karadzic had been captured after 12 years on the run. Karadzic had adorned the top of the Interpol most wanted list for over a decade, commanding a reward as large as that offered for Al Quaeda terrorists such as Osama Bin Laden. What was most surprising about the arrest was that Karadzic had been living in Belgrade amongst the public, even working as a new energy practitioner.
Under his new name of Dr Dragan Dabic he had a website where he outlined his services, complete with an email contact address. What is even more surprising is that the email contact leads back to a Gmail account and username which has been registered for at least two years. For years authorities searched wooded areas of Bosnia, caves, underground complexes and monasteries and the whole time the answer to the thorn in their side was within a US-hosted email account.
Accounts of the arrest from Serbian authorities and the media claim that the local police were tipped off to an approximate location by a foreign intelligence agency. This lead to a day-long house to house search in the suburbs of New Belgrade, an old communist-era planned suburb full of filing-cabinet like concrete structures that served as homes for the party elite during the Tito era. While it is not entirely clear and details are likely to never be revealed, the pattern of having an approximate location and then relying on a detailed search suggests that a technology trail was traced either through a cell phone or an IP address.
Google has responded to our request to comment on suggestions that the company may have provided information leading to the capture of the suspect via his Gmail account by saying:
“Users can sign up for Gmail accounts without providing any information about their identity, and Google does not seek to determine the identity of Gmail users. We do not publicly share information about which users or email addresses are or are not the subject of law enforcement requests.”
While users do not have to provide their details on an account, it was apparent in this case that the real identity wasn’t associated with the account (that would have been too easy). Google are refusing to confirm or deny that Karadzic was using a Gmail account, and thus are not going to confirm or deny if the account hosted with Google played a role in his capture.
Google has previously (along with Yahoo and other web companies) played a role in assisting both the US and foreign governments with tracking down users in criminal cases. In one specific case Yahoo CEO Jerry Yang was criticized over the role Yahoo played in relaying information to the Chinese government that resulted in the arrest and detention of a ‘dissident’ blogger.
It is well known that other fugitives make innovative use of technology to communicate while remaining hidden. For instance the Taliban and Al Quada are known to use satellite telephones in Afghanistan and Iraq to co-ordinate their activities, along with public email services with simple steganography tools (the ability to hide messages within images, video or sound files). These technologies and the web are a double-edged sword for authorities as on one hand it is known that in the USA and throughout Europe there is a level of communication monitoring, while on the other terrorists and fugitives use the same tools to keep themselves concealed and to continue operations.
The big questions arise when it comes to the privacy of users, especially with the growing trends of both web applications and cloud services. In each of the known cases to date, the information was provided volunteeringly by the respective corporation as opposed to being processed through courts and international laws. The companies hosting these services are taking a role of arbiters of justice by involving themselves in both international politics and the internal politics of foreign nations.
Note: we removed the Gmail username that was linked to the Karadzic identity he used on his website