Shining a Light on Policing of the Dark Web: An Analysis of UK Investigatory Powers

AuthorGemma Davies
Published date01 October 2020
Date01 October 2020
Subject MatterArticles
CLJ952557 407..426 Article
The Journal of Criminal Law
2020, Vol. 84(5) 407–426
Shining a Light on Policing
ª The Author(s) 2020
of the Dark Web: An Analysis
Article reuse guidelines:
of UK Investigatory Powers
DOI: 10.1177/0022018320952557
Gemma Davies
Northumbria University, UK
The dark web and the proliferation of criminals who have exploited its cryptographic protocols
to commit crimes anonymously has created major challenges for law enforcement around the
world. Traditional policing techniques have required amendment and new techniques have
been developed to break the dark web’s use of encryption. As with all new technology, the law
has been slow to catch up and police have historically needed to use legislation which was not
designed with the available technology in mind. This paper discusses the tools and techniques
police use to investigate and prosecute criminals operating on the dark web in the UK and the
legal framework in which they are deployed. There are two specific areas which are examined
in depth: the use of covert policing and hacking tools, known in the UK as equipment inter-
ference. The operation of these investigatory methods within the context of dark web
investigations has not previously been considered in UK literature, although this has received
greater analysis in the United States and Australia. The effectiveness of UK investigatory
powers in the investigation of crimes committed on the dark web are analysed and recom-
mendations are made in relation to both the law and the relevant Codes of Practice. The article
concludes that while the UK has recently introduced legislation which adequately sets out the
powers police can use during online covert operations and when hacking, the Codes of
Practice need to specifically address the role these investigative tools play in dark web
investigations. Highlighted as areas of particular concern are the risks of jurisdiction forum
shopping and hacking overseas. Recommendations are made for reform of the Investigatory
Powers Act 2016 to ensure clarity as to when equipment interference can be used to search
equipment when the location of that equipment is unknown.
Dark web, darknet, anonymous communication networks, investigatory powers, hacking,
equipment interference, network investigative techniques, jurisdication forum shopping,
online covert policing
Corresponding author:
Gemma Davies, Associate Professor, Northumbria University, Newcastle upon Tyne NE1 8ST, UK.

The Journal of Criminal Law 84(5)
Originally created by the U.S. Naval Research Laboratory to provide a means for military units and field
agents to communicate online without being identified and tracked, the dark web1 is a global network of
computers that use a cryptographic protocol to communicate, enabling users to conduct transactions
anonymously without revealing their location. You need easily obtained specialised anonymity software
to access the dark web. The most commonly used software is The Onion Router Project (or Tor).2 Strong
encryption and anonymity protocols ensure that the IP addresses of the servers that run these sites remain
hidden so that the authorities cannot easily identify who is using them, even if they manage to identify an
illegal website and place it under surveillance. While it is difficult to ascertain the extent of offending on
the dark web, a 2014 study found the most common type of content requested by those using hidden
services via Tor was child pornography followed by black marketplaces.3 Researcher at King’s College
London found that 57% of the hidden-services websites within the Tor network facilitate criminal
activity, including drugs, illicit finance and pornography involving violence, children and animals.4 A
dark web marketplace or crypto-market is a website operating as a black market selling primarily illegal
goods such as drugs, weapons, counterfeit currency, stolen credit card details, forged documents and
unlicensed or counterfeit pharmaceuticals. Such marketplaces are characterised by their use of dark web
anonymised access, bitcoin payment, and vendor feedback systems modelled on those found on eBay.
Once an order has been placed, the buyer transfers the correct amount of Bitcoins to an escrow account,
an electronic wallet controlled by the administrator of the web market. When the buyer receives the
product, usually through the post, the buyer then notifies the administrator who can release the money to
the vendor.
In contrast to surface web browsers, the Tor browser allows users to connect to web pages
anonymously by bouncing connections randomly between Tor nodes to obfuscate the IP address of
the end user. The anonymity Tor provides makes it an attractive tool for users who wish to engage
in illegal activities. Tor software’s use of a worldwide volunteer network of relays aims to prevent
websites (and Law enforcement) from tracking users and therefore allows users to share informa-
tion over public networks without compromising privacy. Using the Tor browser ‘[t]he sender of a
piece of traffic will find an entry point and choose a random routing path through a selection of
relays to obfuscate their point of origin. Traffic routed along this path will be encrypted until it
leaves the last relay, to be sent to a specific IP address on the public Internet’.5 In the early part of
the last decade the Tor system was described as ‘so effective that it makes the mass surveillance of
ordinary individuals impossible, even if the NSA or local police wanted to try’.6 Even in 2016 it
was argued that there were clear ‘legal and technological gaps that exist in law enforcement’s
ability to cope with and respond to electronic and cyber-crime’.7 The general consensus in the early
part of the millennium was that policing of the dark web was almost impossible due to ‘random-
ness, anonymity and encryption’.8
1. Also known as darknet as popularised by U.S. literature such as; Peter Biddle, Paul England, Marcus Peinado and Bryan
Willman, ‘The Darknet and the Future of Content Distribution’ ACM Workshop on Digital Rights Management, 18 November
2002, 54, accessed 24 May 2020.
2. To access the anonymous sites of the Deep Web, visitors must use a TOR (The Onion Router) browser
org/projects/torbrowser.html.en> to access websites with the ‘.onion’ domain (accessed 18 March 2020).
3. Gareth Owen and Nick Savage, ‘The Tor Dark Net’ (2015) Global Commission for Internet Governance, Paper Series No. 20.
4. Daniel Moore and Thomas Rid, ‘Cryptopolitik and the Darknet’ (2016) 58(1) Survival 7–38.
5. Danny Bradbury, ‘Unveiling the Dark Web’ (2014) 4 Netw Secur 14.
6. Iain Gillespie, Cyber Cops Probe the Deep Web, Sydney Morning Herald (24 October 2013),
life/digital-life-news/cyber-copsprobe-the-deep-web-20131023-2vzqp.html> accessed 18 March 2020.
7. Senya Merchant, COPS office, How the Web Presents New Challenges for Law Enforcement Agencies, January 2014.
8. Taylor Armerding, ‘To Shine a Light on Cybercrime, Go Dark’ CSO (10 August 2015)
2960728/to-shine-a-light-on-cybercrime-go-dark.html> accessed 18 March 2020.

However in the UK, as in most other western jurisdictions the police service were ‘acutely aware of
the large and growing problem of cybercrime and [were] actively working . . . nationally and interna-
tionally along with the private sector to combat criminality on the web’.9 As the use of the dark web to
commit crime grew exponentially, so did the abilities of Law Enforcement Agencies (LEAs) and
cybercrime ascended LEAs’ agendas across the world.10 Neither cybercrime nor the dark web is a threat
the UK has been taking lightly. In 2016, the UK launched a five-year National Cyber Security Strategy
that included £1.9 billion of investment and established the National Cyber Security Centre.11 The UK
government also launched the £13.5 million Cyber Innovation Centre in London to help enhance the
UK’s global reputation in cybersecurity. The UK aims to have a dedicated cybercrime unit in every
police force in England and Wales in addition to a national training programme for police, sponsored by
the National Police Chiefs Council. This is not just a UK response but a worldwide police response with
Europol creating the European Cybercrime Centre (EC3) in 2013. Specific dark web responses are
slower but can now be seen. In 2015 the UK announced a dedicated unit for tackling dark web crime
called ‘Joint Operations Cell’ or JOC. This is a joint, co-located initiative between the National Crime
Agency (NCA) and Government Communications Headquarters (GCHQ) which initially is to focus on
child sexual exploitation and is aimed at ensuring ‘no part of the internet, including the dark web, can be
used with impunity by criminals to conduct their illegal acts’.12 In 2018 Europol created its own
dedicated dark web team13 and the US Justice Department created the Joint Criminal Opioid Darknet
Enforcement Team known as J-Code.14
This paper discusses the tools and techniques police use to investigate and prosecute criminals
operating on the dark web. The first part of the article briefly considers investigative techniques which
are traditional in nature but have proved effective in dark web investigations. The second part of the
article considers two techniques in much more depth: the use of covert policing and hacking tools. The
use of these techniques within the context of dark web investigations has not previously been

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT