Though the internet is a fairly constant staple of our daily lives, there is very little public understanding and even less legal understanding of the mysterious “dark web.” At ALM CyberSecure, panelists S. Keith Moulson, partner at Whiteford Taylor Preston, Kevin Lancaster, CEO of dark web threat monitoring platform ID Agent, and Ariel Wolf, associate at Venable, discussed some of the growing concerns about the dark web by answering three questions many may have:

|

What is the “dark web”?

Lancaster explained that the “dark web” is a part of the deep internet that uses a different protocol and is not indexed by traditional search engines, which has the effect of allowing users to communicate anonymously. Because of this level of anonymous communication, Moulson pointed out that users can illegally buy and sell black market items that range from prescription pills and weapons to user account credentials, all the way to unlawful legal advice.

Unlike the majority of personal web browsing, dark web negotiation isn’t something you can easily seek out. The majority of these kinds of illicit transactions happen in gated, invitation-based forums, where users are vetted and authenticated to prevent tracking or law enforcement entrants.

“You have to know where you’re going to communicate,” Lancaster explained. “There is an element of knowing where you’re going to go.”

|

How should companies and CIOs be monitoring threads from the dark web?

In the wake of the Yahoo account breach, many companies are concerned about how to monitor potential threats to user and data. Moulson said that a more proactive approach of scanning the dark web for potential cyberthreats can save companies a lot of time and hassle, not to mention protect them from user notification requirements.

“There’s real value in monitoring the dark web and finding out information to protect your business,” Moulson said.

For now, a lot of the most valuable threat information to monitor still need to be researched with human intelligence rather than automation tools or bots. Lancaster said that much of the dark web’s more nefarious transactions happen in gated forums. “These areas are difficult to script,” he said.

|

How does the law treat “dark web” threats?

Even where law enforcement can find problematic transactions and information trading in the dark web, they may not have the legal authority to have content removed. Moulson noted that law enforcement has to establish whether they have jurisdiction over particular posts, and acknowledged that First Amendment protections do guard some of the existence of dark web posts.

As for a company’s duty to monitor dark web threats or to report threats to clients, Moulson noted that the law is a lot less clear. “The laws lag many years, if not decades, behind where the technology is,” Moulson said.

Wolf said the courts have yet to determine where the dark web falls on standards of reasonableness with respect to data regulation. Wolf said that courts have yet to definitively note whether or not “we arrived at a point where dark web monitoring is reasonably available,” and what that would demand of companies who as part of regular information security practice.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Gabrielle Orum Hernández

Gabrielle Orum Hernández is a reporter with Legaltech News and the Daily Report covering legal technology startups and vendors. She can be reached by email at [email protected], or on Twitter at @GMOrumHernandez.