Illuminating change: Key Messages from MEDI@4SEC Workshop 3 Policing the Dark Web

“I went from a feeling of ‘the sky is falling’, to an optimistic view. Today we discussed several innovations and a common goal for overarching international cooperation. The gaps can be filled”.
Francesca Bosco, UNICRI

While the Dark Web is used for several legitimate purposes, it also facilitates “high tech” and organized crime. Anonymity is in fact the key element attracting illegal activities on the Dark Web, which include child sex abuse, trade of drugs, stolen documents, illegal firearms, offer of services fostering violent extremism and cybercrime as-a-service.

The policing of crime on the Dark Web raises a number of challenges that are unique to this digital space. To name a few: the wide variety of crimes facilitated calls for a diversified range of approaches; the speed of development and capability to adapt to change of the cybercrime environment call for equally fast, flexible and innovative measures; the complexity of the technology at the base of the Dark Web requires complex as well as creative countermeasures. Finally, the double nature of the Dark Web, where legitimate activities take place in parallel to criminal ones, requires a balance between individual freedoms, such as freedom of speech, and the need to fight crime.

In our recent workshop in The Hague, 65 international professionals actively policing crime on the Dark Web came together in an open setting to share challenges, best practices and lessons learned. The aim was to develop a common vision and actionable perspectives for the future policing of the Dark Web.

The question at the core of the workshop was: how to reduce, and potentially eliminate, criminal behaviour on the Dark Web?

Through a number of short practice presentations, small focus group dialogues and a closing panel discussion, the following actions were proposed:

  • A common platform should be in place and accessible by all (at least European) LEAs, and it should store not only criminal data and information, but also investigation practices, tools and methods, current focus of operations, criminal profiles, contacts of investigation and prosecution experts. This is necessary to leverage coordination, reduce double effort and stimulate a sharing and innovative culture.

Creative technical solutions (e.g., a blockchain approach) could be exploited to overcome sovereignty obstacles when sharing sensitive information across national jurisdictions.

Europol and Interpol should play a role in setting up this repository and centrally stimulate a collaborative culture; at the same time, decentralized initiatives (e.g., existing centre of excellence and task forces) should be empowered to become reference points beyond borders.

Jaap van Oss, High Tech Crime Unit of the Dutch Police, “operation Bayonet shows how we evolved in the last years; the capability to internationally cooperate and succeed is now concrete.“

  • Creative tactics to disrupt trust in dark markets should be developed and tested; examples include undercover operations of LEAs creating fake market places, distribution of ‘legal effect disclaimers’ on products, cyber actions to create peaks in orders from a dealer, use of counter-speech to disrupt a market reputation. A digital-legal sandbox should be in place to test the effectivity of offensive scenario’s.
  • Methods should be researched to link open source with dark market information, and to link the digital and physical patterns of users. At the same time, investigation approaches should break these cyber-physical silo’s within the policing organization as well.
  • At least, Europol and Cepol should become the mandated bodies to internationally train / build capacity for all LEAs on a range of relevant expertise, from technology and data literacy to jurisdictional aspects.
  • A common international (European) regulation and legal framework should be established, in particular tackling the responsibilities and role of the private sector. Big internet service providers do not only have data, techniques, capacity and global outreach to offer, but also have a direct interest for a clean internet. Therefore, the business interest of the private sector should be addressed and exploited as well. Standard cyber risk assessments should become mandatory for all businesses and proactive collaboration should be stimulated, especially from Internet service providers and businesses relying on cryptocurrencies.
  • Finally, disrupting the dark markets requires continuous innovation at the research level.Knowledge institutions and private companies should play an increasing role and be stimulated to conduct R&D on the still existing gaps. We need to keep researching automatic data investigation tools, digital forensics methods, cyber-forensics approaches, and tactics for countering the voices on the Dark Web. At the same time, digital literacy, data analytics literacy and cyber literacy should become inhouse capability of LEAs as well, to favour the co-existence of different capabilities in the agencies. The future Dark Web crime investigator will understand both data matters and intelligence matters.

The workshop report with full outcome of the discussions can be found here. A separate report on the ethical and legal issues that were raised in connection with policing the dark web can be found here.

Marijn Rijken & Serena Oggero



Leave a Reply

Your email address will not be published. Required fields are marked *