Through popular mass-media coverage, the Dark Web has become publicly perceived as a mysterious, window-less room enshadowed in a cloud of wires where the most heinous of illegal activities are conducted by criminals. It is seen as a place where ordinary people of average and good prudence would never want to meet. It is thought of as an evolved, underground, crime syndicate that law enforcement officers are ill-equipped to stop. The perception that the Dark Web fosters criminal activity and leads to tragic consequences is not without merit. In 2018, WRAL reported how a local twenty-five-year-old man bought drugs from the Dark Web and how those drugs led to his death.
Despite its name, reputation, and association as the criminal underworld alluding to Greek mythology, the Dark Web has multiple layers of purposes utilized by civilians in different roles. The Dark Web contains different spheres depending on the user’s purposes, akin to the Underworld, a vast realm for all. A user may be sentenced to the deep abyss of tormented Tartarus with his fellow criminals. Or, he could find sanctuary and utopia in euphonious Elysium, the meadow for heroes. Like the Greek’s Underworld, even though the Dark Web remains a space for the dark and dangerous, it can also facilitate good for civilians and provide a space for light.
In certain circumstances, people wield the Dark Web legally for good in helping others or protecting themselves: an undercover reporter uses the Dark Web for anonymity when exposing a dangerous story, a person in the Witness Protection Program uses the Dark Web for anonymity when hiding his location and identity, and law enforcement officers use the Dark Web to find criminal evidence and originations. Additionally, civilians in countries whose speech and religion are suppressed utilize the Dark Web in promoting their practices. Conspiracy theorists, under the impression the government tracks them, even use the Dark Web to evade surveillance. Many individuals using the Tor Search Browser Network are not criminals but simply civilians disfavoring the amount of government surveillance in their lives. Usually, they avoid it by using Tor, buying phones from other countries, using only cash instead of credit cards, blocking GPS signals, and “living off the grid.”
This list of categorized individuals using the browser for good has expanded to include lawyers, who use the Dark Web for anonymity when researching the origins and means of those attacking their clients, as well as for cybersecurity. As the role of technology increases in the practice of law, so, too, does the Dark Web as a tool for lawyers—if used correctly.
How Far Deep into the Darkness Does the Dark Web Lie?
The internet consists of the Surface Web, the Deep Web, and the Dark Web as three separate layers reflective of the ocean. The Surface Web is what average internet users see resting above the ocean. The information stored and found on the Surface Web, such as search engines and cloud computing interfaces, consists of only four percent of the total information stored and found on the internet. Underneath the surface, in the first few feet down into the ocean, lies the Deep Web, which constitutes the majority of internet space. This layer includes government resources, academic information, online banking content, password-protected content, and private networks. There, in the deepest parts of the ocean, the Dark Web hides.
While anyone can access the Surface Web and anyone with the right credentials can access the Deep Web, the Dark Web can be reached—or rather “hacked”—through the anonymous Tor Search Browser Network, established by Tor Project Inc., after download. The download processes for such a controversial tool are as simple and similar to that of downloading the Firefox or Chrome web browsers. The Tor Search Browser or similar “onion” browsers can even be downloaded from the Google Play Store and the Apple App Store straight onto an individual’s mobile device.
The Tor Search Browser Network then gives users complete anonymity; they can search for what they want while keeping their search history, identity, and location private. Tor enables its users to remain anonymous by first capturing the users’ web traffic and then encrypting it, scrambling it, and bouncing it through layers of multiple servers numerous times. This process sculpts Tor into an onion, as it has multiple layers that cover the original data in the center, which becomes available only if one can peel away all the surface layers.
The purpose for Tor acting as a security shield originates back to the 1990s when the United States Naval Research Laboratory developed it to protect and secure the military’s and other governmental agencies’ online critical communications, while also facilitating an open yet secret source to gather intelligence. Notwithstanding this original aim for security and protection, the Tor Search Browser Network cannot be used as a bullet-proof jacket for protecting identity and other personal information. While it keeps ordinary users with average or better than average intelligence from tracking someone, it may not completely stop those who excel in hacking.
Because of its connection to the Dark Web and a desire from certain governments to suppress free expression and anonymity, some countries are either trying to or have criminalized the Tor Search Browser Network, as well as other Virtual Private Networks (VPNs). These countries include, but are not limited to, China, Russia, Iran, Saudi Arabia, and Venezuela. In the United States, however, individuals can legally access and use the Tor Search Browser Network. One district court ruled in May 2019 that the browser’s company cannot be sued based on standing stemmed from activities that occurred because of the Dark Web. In Seaver v. Estate of Cazes, the United States District Court for the District of Utah ruled that the Communications Decency Act, 47 U.S.C. § 230 shielded Tor Project, Inc. from civil conspiracy, negligence, strict product liability, and abnormally dangerous activity. This decision has solidified the notion that anyone desiring anonymity can access the Tor browser and from there the Dark Web, such as journalists, law enforcement officers, whistleblowers, and even lawyers.
Lawyers Use the Dark Web to Benefit Their Clients and Firms
When someone has downloaded the Tor Search Browser Network and accessed the Dark Web, an alliance with criminal activity has not been automatically made. Instead, the downloader may use these tools in the promotion of helping others and himself. He may even use the Dark Web to combat illegal activity occurring in this underworld. Lawyers, too, through their practice of the law, may use the Dark Web to uphold, promote, and protect the law.
Some lawyers need anonymity when discreetly conducting research for their clients, such as consulting other lawyers for advice and answers using social media posts. This research might also include searches into and discovery of counterfeit products infringing on patents and trade dress, disgruntled former employees leaking trade secrets, imitative companies using another’s trademark, and black market dealers altering stolen copyrighted art. This need for anonymity and invisibility additionally arises in precaution of interfering opposing parties digitally erasing, deleting, or transferring vital information.
Use of the Tor Search Browser Network and the Dark Web can furthermore protect client and attorney information. Tor, through its encryption ability, acts as the password or as a plethora of passwords to information that is otherwise extremely vulnerable and accessible to third-parties, such as data found and stored online.
In this modern age, locks are praised and seen as a necessity. Individuals have locks and privacy settings on phones, computers, houses, cars, safes, e-mails, social media accounts, and bank accounts. However, several technological areas still remain unprotected. As free, unlocked public Wi-Fi increases in usage and popularity and search browser history remains undeleted and visible, so, too, do the risks of using unlocked public Wi-Fi. When civilians connect their devices containing valuable information to unprotected, unencrypted public Wi-Fi networks, they open themselves up to eavesdropper Man-in-the-Middle attacks and malware.
Since individuals already use passwords to secure and lock their phones and accounts, they can extend such passwords and other protocols to cover and protect Wi-Fi networks, data transfers, and internet searches. Rather than auto-connecting to unprotected public Wi-Fi, leaving on Bluetooth, and logging into accounts holding sensitive information when connected to unprotected networks, individuals can disable file sharing, use a VPN to make public networks more secure, connect to password-protected networks, and use HTTPS sites.
Along with lawyers using Tor and the Dark Web for anonymity, case evidence, and personal data encryption, they also use it for conducting cybersecurity. In utilizing Tor and the Dark Web, lawyers and their information technology departments test for weaknesses and vulnerabilities in their systems. They have “comprehensive dark web monitoring platforms [to] employ advanced tools to gather, review, and analyze dark web data in a methodical and organized way.” By monitoring and exploiting their own security defenses, they can configure the vulnerabilities of their sensitive information and the extent to which it might have been leaked and created consequent harm to themselves and clients. They can then respond aptly to those leaks, while also strengthening their own security systems.
Lawyers’ Use of Tor and the Dark Web Might Compromise their Code of Ethics
ABA Model Rules of Professional Conduct Rule 7.1 states lawyers “may not falsely or misleadingly communicate or advertise about the law or their services then arises.” Over the years, the legal scope and medium for attorney advertisement have increased. In absence of the ABA or courts ruling that lawyers may not advertise or communicate on the Dark Web specifically, the general consensus has become that they may do so, as long as they follow current guidelines and statutes. Some lawyers on the Dark Web platform properly advertise and offer legitimate legal advice related to criminal law, family law, real estate law, and business law. Under a legal purposeful interaction with the Dark Web, these lawyers may be motivated to make extra income, expand their clientele, or offer goodwill help to those who otherwise would not have had access to legal assistance.
These “lawyers,” however, are sometimes disbarred lawyers, law students, or impersonators advertising on the Dark Web. These “lawyers” and lawyers both offer illegal and unethical services. Such illegal services offered include money laundering, online courses on money laundering, fake passports and birth certificates, real estate transactions with fake identities, and stolen credit cards. Perhaps these types of individuals started their journeys in the digital underworld to help others or test their skills, but at some point, they crossed the spheres of the Dark Web as Elysium into the Dark Web as Tartarus. Their motives range from overzealousness and greed to inferiority complexes and insider trading.
Even When Used to Promote Legal Activities, Help Those in Need, and Protect Identities or Vital Information, the Dark Web Can Complicate Lawyers’ Practice of the Law
Whether the individual using Tor and the Dark Web is a lawyer, law student, law enforcement officer, the average person of ordinary prudence, or criminal, he faces complications and consequences of that use. Those complications and consequences may not even relate to the vast amount of illegal activities facilitated through the Dark Web.
One significant complication lawyers face, especially in regard to obtaining evidence, is the Dark Web’s unpredictability. The Tor Search Browser Network allows for the constant change of websites, URL addresses, locations, encryptions, and anonymity profiles found on the Dark Web. The Dark Web is dynamic and temporary, which is in stark contrast to the static permanence and consistency of the Surface Web. With unreliable sources for evidence, traditional law practices risk inefficiency and unfruitfulness. To secure evidence, lawyers must diligently take screenshots and maintain thorough documentation with timestamps to permanently record these findings accurately for judges to admit.
Other complications arise when the Dark Web and Tor are either used carelessly or wrongly. An employee could bypass a firm’s security policies and control, because of Tor’s very system in ensuring the near improbability of network monitoring. Additionally, an employee downloading information or programs off these tools might download malware instead. The firm might also expose itself to Distributed Denial of Service when it has multiple servers relying on Tor and the Dark Web, as well as potentially exposing itself to other security problems. The firm might then receive a bad reputation in connection to using the services. All of these situations complicate work ethic and efficiency in the practice of the law.
Hackers Can Attack Lawyers and Leak Their Information Through the Dark Web if Certain Protective Security Measures Fail
CEOs are hacked, politicians are hacked, average people of ordinary prudence are hacked, and even lawyers are hacked. In 2015, the United States government experienced cyberattacks that corrupted and stole information on files of 22.1 million individuals. Hackers also infiltrated White House data networks, thought to be heavily secured, which resulted in accessing the then-United States President’s schedule and the Defense Department’s data networks. If even the United States Government can be hacked, then lawyers face a very real problem of being hacked.
Hackers leak information out into the world, and often the consequences of which bring harm, even if that information was seemingly innocent, innocuous, and inoffensive. Some hackers perform this way by using the Dark Web, even though Tor’s primary purpose strives to keep users anonymous and their information private.
Sometimes, when people use Tor and the Dark Web, they practice the minimal amount of security measures, relying on basic, standard programs. They may even become careless, such as explicitly exposing their name and/or location. A relatively new issue has emerged regarding how hackers use the Dark Web to track and trace connections back to lawyers, their firms, and their devices to sell secrets, even if those individuals never searched for the Dark Web on Google.
Once these hackers have traced someone back to his network and stored data, entered it, decrypted it, and saved it, they sell the information found to other parties, perhaps even in a different country. This data for sale includes personal identification information, passwords, usernames, locations, accounts, client information, financial information, and the entirety of a law firm’s network. Additionally, they may install destructive viruses and other malware on the networks or wipe them clean. Along with personal information being stolen, sold, and used to harm, being hacked additionally leads to a loss of reputation, clients, cases, and account access.
In reference to law firms, the 2019 ABA security-breach survey revealed that 14% of breaches resulted in file destruction/loss, 3% allowed for unauthorized access to sensitive non-client data, 40% resulted in costs incurred for repairs, 15% resulted in replacing hardware/software, 32% resulted in unbillable hours, and 23% resulted in the loss of network access.
Every year the ABA polls law firms to collect correlating statistics regarding law firms and cyber breaches. The ABA believes the question is no longer how many have been hacked but how many have been hacked and do not know they have been. The ABA analogizes this crisis to a saying of how businesses are divided into two categories: those that have been hacked and know they have been, and those who have been hacked but do not know they have been hacked. Final data for 2018 revealed that solo practices experienced the least breaches, while “about 24% for firms with 2-9 and 10-49 [attorneys], 42% with 50-99, and about 31% with 100+” experienced breaches. This particular data finding only involved firms that knew they had been hacked at one point in time. The ABA believed that the largest firms experienced fewer breaches than middle-sized firms because they have more financial, information technology, and security program resources.
This issue has created a need for law firms to implement protection, prevention, and response digital-security programs to cyberattacks and cyber-breaches to guard the firms’ and their clients’ personal data. Compared to the percentage rates of firm breaches, only a small percentage of firms have cyber incident response plans. Data revealed that 11% of solo firms, 23% of firms having 2-9 attorneys, and 35% percent of firms having 10-49 attorneys had response plans.
Firms can no longer operate under the assumption that hackers and cybercriminals are not interested in their data. Law firms have become valuable targets because of their exponentially large wealth of confidential and financial information, attorney work products, privileged communications, intellectual property, and personal identification information. As well as being a target due to possessing sensitive information, the risk of being a target increases when using outdated and unsecured software and technology. Further risks include using personal devices for work while not following rigorous protocols and standards designed and implemented by the company/firm.
The Dark Web Might Also Be the Light if Used Properly with the Right Intentions
With the advance of technology and its prominence in the practice of law, the Tor Search Bowser Network and the Dark Web also become highly volatile tools that lawyers utilize, either ethically or unethically.
Lawyers delve deep into the Dark Web to help protect their clients, gather evidence against those opposing their clients, learn of and then strengthen their security vulnerabilities, and offer legitimate services and advice. However, lawyers may also use the Dark Web to offer illegal advice and services, as well as weaponizing information found to benefit themselves. Additionally, if lawyers do not use the necessary security protocols, they themselves might be leaving their networks defenseless to attacks by hackers who will expose and sell their secrets and other personal information.
Furthermore, in certain circumstances, lawyers and others “hack” into the Dark Web for their own notorious purposes, which has created a smokey, gray area of ethics that has not yet made national headlines in the courts. As this problem grows without courts affirmatively ruling on it, lawyers and non-lawyers alike will be hacked by the Dark Web or tempted to hack the Dark Web for questionable reasons.
However, as negative consequences of the Dark Web may occur, so may positive outcomes from the use of the Tor Search Browser Network and the Dark Web used by lawyers and other individuals. The mysterious, rumor-enshrouded Dark Web can be helpful and useful for lawyers, when they do not use it incorrectly or for illegal purposes. Dependent on why and how they use the Dark Web, lawyers can then find themselves both in a digital Elysium and Tartarus of the Underworld.