Skip to content
Thomson Reuters
Risk

Dark web for legal researchers—casting some light on the shadows

To many people, the dark web means the shadowy part of the Internet where drug dealers, gun runners, child pornographers, and white supremacists go to peddle their noxious wares. As the dangerous neighbourhood of the Internet, why would you ever want to venture there?

The criminal aspects of the dark web capture the lurid headlines, but such activity accounts for only a small fraction of all dark web interactions. And while it is true that criminals operate in the dark web, these same tools can also be useful to legal researchers for legitimate purposes. There are times when the ability to browse the web and track down information without giving away your own identity is important, even necessary.

What makes the dark web ‘dark’, are not the nefarious things that sometimes occur there; rather, it is the anonymity it offers. Most search engines keep a very close eye on who you are and what you are searching for. Plenty of ad trackers also want to eavesdrop on your web life. Websites and e-mail communications have auditable chains between sender and receiver. Indeed, almost all of your online life is conducted and tracked by someone, but it doesn’t have to be.

Thanks to some clever software and heavy-duty encryption, the dark web empowers users to search and communicate without detection by either the authorities or the ever-snooping search engines and trackers that report back to online ad agencies. Undetectable Web activity is obviously valuable to a criminal, but it is equally valuable for many ‘normal’ users. Think of how important keeping one’s identity and e-mails secret can be for:

  1. journalists working with whistle-blowers;
  2. citizens in nations that censor the Internet;
  3. businesses that want to keep their legal conduct secret; and
  4. businesses that want to keep tabs on their competitors.

All of this secrecy makes the dark web a handy tool for legal researchers. Anonymous browsing is terrific for such everyday research tasks as conducting competitive intelligence gathering, tracking down infringement of copyright or trademarks without tipping off the target, or locating sensitive subjects without revealing your identity. Anonymity also is very helpful for gathering information on individuals or looking around for clues to identity theft. Putting on a disguise before searching the web is just another way legal researchers can locate useful information effectively yet secretly. The question is: How do you travel these virtual back alleys safely and legally?

Finding Your Way in the Dark

Let’s demonstrate this through an example. Say your client, Swanky Watches, wants you to track down websites that sell counterfeit Swanky Watches. In the real world, Swanky Watches would report the sale of knock-offs to the police and ask them to chase away the sellers. On the web, however, bootleggers can set up shop to sell spurious goods or fakes of famous labels. As a legal researcher you want to locate these illegal sites and then monitor their activity to obtain a body of evidence against these pirates before you go to court to stop them.

But these online sellers are not stupid. They know they are a target for law enforcement and maybe even lawyers. They will be watching for any activity that hints that authorities are looking in. Your job is to find these sites and browse them without leaving a trail of electronic breadcrumbs that lead back to your door.

To use the dark web without getting burned, start by only ever using a computer that is not connected to your network. The dark web seethes with malware, bots, and other nefarious software. You don’t want to inadvertently compromise the security of your firm’s network by revealing the IP address of your network or e-mail servers. Chances are excellent that your IT security standards dictate taking great pains to secure the network, often in a way that inconveniences a researcher. This might include tactics like disabling USB ports for flash drives, disallowing access to certain sites and domains, or requiring any downloads from the Internet to be quarantined in a special archive. There is nothing a bad guy would love better than to find a backdoor to a firm’s network. Respect these security restrictions; use a non-networked computer that connects directly to an ISP.

Building the Tools & Tactics

Your next move is installing a Tor browser (or an Onion browser for iOS users, from the same developers). Tor is a critical component of the dark web, essentially the Google of the underground. It is an acronym of The Onion Router, which refers to the many layers of encryption and servers through which Tor-enabled traffic travels. Tor was originally invented to provide web access and secure communications to users in repressive countries with an elaborate technical architecture in order to circumvent censorship. (For a rather technical but detailed explanation of how Tor works, see the 2015 white paper “The Tor Dark Net” by Gareth Owen and Nick Savage, from the Global Commission on Internet Governance. The authors are professors of computing at the University of Portsmouth.)

In fact, Tor and the dark web still serve this purpose, especially as governments around the world slide away from liberal democracy, and as free speech rights are threatened. The same architecture admittedly serves as the building blocks of criminal enterprises even as it helps dissidents by allowing web hosts and users to fly under the radar of the legal authorities. For the researcher, a Tor browser is the safest way to look around the Internet with tipping off who you are to the sites you visit. (You can download the Tor browser online. And while Tor should be enough for most, there are other good Dark Web browsers, such as I2P from the Invisible Web Project and FreeNet.)

In addition to the Tor browser, you’ll need an e-mail address that is completely different from your personal account or from your business domain—as in, don’t use JaneDoe@BigLawFirm.com. There are any number of sites willing to host your secure generic e-mail, such as Tutanota and ProtonMail. Just be sure not to connect the account to any of your other e-mail clients or programs.

Now, with your Tor browser, secure e-mail address, and non-network computer, you have the basic technical set-up for access to the dark web, However, common sense advice still applies before venturing out to the dark web:

  • Cover your computer’s camera with a piece of opaque tape. It’s that easy for a site to hijack your camera and spy on
  • Don’t download anything
  • Scan for viruses regularly
  • Be very careful what you click on! Malware, ransomware and other software that could damage your computer and files are common there

What about locating particular web sites on the dark web? Is there an alternative Google for that? In a sense, yes. Of course, by its very nature, the dark web tries to stay out of website directories or catalogues. With the understanding that any links posted there can be quickly out of date, refer to DeepWebLinks; or, consider DarkNetLive, a Google-accessible web site that tracks news about the dark web. And of course, Tor can also help you locate sites of interest. A simple Google search can turn up dark web directories, but these are often obsolete by the time they appear on the public web.

With some thoughtful planning and by observing some common-sense precautions, the dark web can open doors to genuinely private online research and secure communications. Yes, it does have some unsavoury aspects—respect the dangers of accessing sites in this online Wild West.

But when you protect your identity and look out for the security of the computer and networks you use, you can walk through the shadows of the dark web safely and productively, opening up a new avenue for finding useful business and legal data in this most unlikely of virtual places.

 

By: Don MacLeod
Author

Don MacLeod is the author of “How to Find Out Anything” and served as the editor of Internet Law Researcher from 1995 to 2018. He retired as Manager of Knowledge Management at Debevoise & Plimpton in 2018 and is working on his first novel.

 

Use of the cloud is on the rise in law firms The 2008 financial crash spawned a new industry in the City—the ‘regtech’ boom Data privacy, drones and corporate espionage—keeping up with legislation Practical Law survey: risk and compliance training programmes Report: Cost of Compliance 2019—after 10 years of regulatory change, expect more change Compliance, financial crime teams merged at Deutsche Bank during restructure Cybersecurity at the centre—competing globally with different rules Automated legal advice: rules, responsibility and risk allocation Effective discharge of risk professionals’ responsibilities using AI Corporate legal departments should draw on the direction and insights found in a new report