This article is authored by Nandini Babbar and Parul Anand, both third-year students at National Law University, Jodhpur.
Introduction
Imagining a world without the World Wide Web is impossible in the current “information civilization”. Its ubiquity and necessity have brought with it a plethora of new challenges. The Web can be divided into three parts: surface, deep and dark. Surface web is the part you are using to access this blogpost, it is the part that is traceable by web crawlers, search engines, and indexes and forms 4-10% of the web, the rest however, is the Deep and Dark Web. Deep web includes “pages that cannot (yet) be indexed by search engines”, whereas the Dark Web forms 0.01% of the Deep Web where the “content is deliberately hidden, mostly (but not entirely) to facilitate the carrying out of illicit activities”. Dark Web runs on completely anonymized protocols where normal IP tracking becomes ineffective and identities become entirely untraceable. Dark web is a breeding ground for nefarious activities such as terrorism, narcotics, weapon smuggling, child pornography and human trafficking.
The rise of cryptocurrencies and AI has aggravated the law-and-order concern further. Cryptocurrency, highly encrypted and decentralized like the dark web, is used for these illegal transactions owing to its inherent anonymity, and security benefits. The lack of traceability and easy integration with the web architecture renders these tokens highly attractive to users. Similarly, dangerous dark-web fed AI models made to propagate criminal activities are propagated on the dark web, and bought with cryptocurrency. These AI models aid both cyber and non-cyber-criminal activities on the web by writing malicious code, exploiting vulnerabilities, and launching attacks, amongst other things and otherwise facilitating harmful actors on the web. Notedly, the Dark Web’s unique build also poses significant international law concerns. The highly transnational nature of the dark web and the problems it poses can cause any national action in isolation to “unravel" the harmony between government practice and international law”. The non-coordinability of the dark web owing to its anonymity and its international nature renders any straightforward international law solution inefficient.
Existing Framework
Given the problem’s severity and persistence, existing international law provides some guidance for resolution.
Budapest Convention on Cybercrime for instance is a multilateral treaty that promotes international cooperation in combating cybercrimes, encompassing aspects of investigation, prosecution, and extradition. Similarly, the UN Convention against Transnational Organized Crime, commonly known as the Palermo Convention, and its protocol on human trafficking, have played an indispensable role in tackling transnational cybercrime committed through organized criminal groups. Furthermore, the Tallinn Manual on the International Law Applicable to Cyber Warfare including its revised version, The Tallinn Manual 2.0 are non-binding documents prepared by international legal experts, offers guidance on the application of existing international law to cyber conflicts, thereby aiding in the interpretation of legal principles in this context. Similarly, the Paris Call for Trust and Security in Cyberspace [“Paris Call”] is a high-level declaration of nine non-binding principles aimed to ensure “a free, secure and open” cyberspace. Additionally, an Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes has also been set up by the UN to discuss and negotiate a treaty to address challenges faced due to cybercrime, in response to repeated proposals for the same by Russia. However, it has been the subject of deep criticism and also seems unlikely to be concluded.
Limitations To the Existing Framework
It is worthwhile to note that while the existing piecemeal approach offers valuable tools for addressing cybercrimes, they were not explicitly designed to tackle the intricate and hidden nature of the dark web. Therefore, it results in a lack of comprehensive oversight, leaving significant gaps in addressing the specific issues that arise within the dark web’s clandestine networks. The absence of a dedicated regulatory framework tailored to the dark web means that regulations and enforcement efforts often lag behind the rapidly evolving tactics employed by criminals in this space. Without a unified and up-to-date international legal framework, it becomes increasingly difficult to combat the multifaceted challenges posed by the dark web. The problem is worsened by the fact that Dark Web’s highly anonymous and transnational nature already poses major jurisdictional and collaboration concerns vis-a-vis any possible international law application. A piecemeal approach muddies the already murky waters further.
Suggestions and Way Forward
Perhaps the most obvious solution to this would seem to be the formulation of a treaty. However, it may not be the ideal path forward in the case of the dark web. One significant impediment to the treaty approach lies in the inherent challenges of achieving consensus among the diverse states involved. Given the divergent interests, legal traditions, and priorities, reaching an agreement on vital issues related to the dark web could be a protracted and contentious process. Moreover, the dark web is characterized by its ever-evolving nature. Its clandestine activities and technological landscape change rapidly, rendering it difficult to predict and incorporate these changes within the framework of a treaty. Even in the unlikely event that a treaty is successfully crafted, the process of adapting it to accommodate new developments in the dark web could be an onerous and time-consuming endeavour. This raises concerns about the treaty’s effectiveness in addressing the dynamic challenges posed by the dark web and highlights the need for more flexible and responsive regulatory mechanism.
Therefore, it becomes imperative to consider alternate mechanisms for regulation. One such alternative gaining support among several countries, including the United States, China and Australia, is the formulation of international norms. Unlike treaties, which are legally binding agreements that necessitate complex negotiations and ratification, norms offer a more flexible approach to shaping international behaviour. Norms can provide a framework for responsible state behaviour, addressing issues such as cybersecurity, data protection, and the prevention of cybercrimes. By fostering cooperation and setting common expectations, international norms can contribute to a more agile and adaptable response to the unique challenges posed by the dark web. Since norms are often based on general principles, consensus building is generally less challenging than with treaties. Further, this approach also allows for quicker adaptation to emerging challenges and technological advancements within the dark web.
In the realm of cyberspace, the importance of norms is already being recognized by both states and corporations, offering a promising model for addressing the challenges of the dark web. Initiatives like the Paris Call underscore the commitment of states to establish a set of norms that promote a safe and secure digital environment. Similarly, companies such as Microsoft and Siemens have launched various initiatives and campaigns such as “Digital Peace” and “Charter of Trust” respectively aimed at fostering adherence to security principles and processes, with the ultimate goal of establishing a global standard for cybersecurity. In a similar vein, the development of norms specifically tailored to the challenges posed by the dark web is essential.
The idea is to have guidelines, standards, and policy documents of a non-binding nature to influence and further shape the norms which have been argued before in this article. These soft-law instruments should encourage principles and values that already find their presence in the current and proposed norms regarding conduct on the Dark Web. For instance, though any expectations of privacy on the dark web are remarked to be suffering from a want of reasonableness, the international law instruments should aim at inculcating the promotion of safety, harmony, peace and balance between governmental surveillance and investigative interests and freedom of speech and right to privacy on the other hand. Here, extant norms do cater to both interests in some way and future norms can aim at this balance. At the end, it is all a complex calculation and constant reconfiguration in an increasingly complex and dynamic environment of the Dark Web.
Additionally, following the footsteps of other Dark-Web technologies becomes a favourable option. For instance, an international Dark Web regulatory agency to create a unified framework for the regulation of Dark Web and allied technologies and inform the development of such policies around the world could be established. The same has been already suggested effectively in an AI context. Formulating global standards for regulating activities on the Dark Web could be another solution. One of such sub-standards could be standard guidelines to ensure legality of such online transactions.
Conclusion
In conclusion, the journey towards effective regulation of the dark web is fraught with challenges, but it is a journey that must be undertaken with urgency and determination. Tackling the challenges posed by the dark web requires a multifaceted approach that combines legal, technological, and regulatory efforts. Further, adaptability and cooperation are key. A dynamic and flexible approach is essential to protect the digital realm while embracing the ever-changing nature of this hidden web. Overall, it is important to note that more progress will be made should the stakeholders choose to work with the technology rather than against it.. Ultimately, in situations of high uncertainty and lack of clarity like this, prudence lies in promoting values rather than binding frameworks.