Cybercrime And the Dark Web: Are Our Laws Already Outdated?

By /

Written by Sharvani Kashinath Naik,
Intern- Lex Lumen Research Journal,
December 2025

The internet greatly influences our lives in the modern world, but with this influence there is also a rise in cybercrimes at a shocking speed. Most of these crimes occur on the dark web, a hidden part of the internet that requires special software to access and allows users to stay anonymous, often making it a hub for illegal activities like hacking, selling stolen data, or trading of drugs. While the technology moves forward; our laws still lag. 

These issues raise an important question, are our laws already outdated to fight against these cybercrimes on the dark web?

In this blog, we shall look into why cybercrimes are evolving so quickly, how dark web complicates the tracking of cyber criminals by the police, and also check the strength of our existing laws to deal with these modern technological threats. Our goal is to understand and analyse the gaps and limitations in the legal system and what exactly needs to change to protect the people in this digital world.

What is the Dark Web? Myths vs. Realities

Most of the internet users today browse online content through the ‘surface web’, the publicly accessible part of the internet that is indexed by popular search engines (for e.g. Google, Bing, etc.) and can be easily viewed by using traditional web browsers. The surface web usually represents what most of the average users see, but there are a lot of hidden layers under the surface web. The surface web is made up of most of the popular sites (for e.g.: .com, .in, .net, .org, etc.) but it’s estimate represents only about 5% of the total data available on the internet while the rest is found on the ‘deep web’ or the ‘dark web’. 

The deep web is the part of the internet, which is not indexed by search engines, which means these pages cannot be accessed through a simple search. These pages are unindexed for privacy and security reasons. The deep web is not inherently illegal; it makes up 90-95% of the internet and is necessary for the daily digital life. Examples of deep web are emails, online banking dashboards, medical records, cloud storage, subscription-based content, etc.

The dark web makes up a small portion of the deep web. It is a hidden layer of the internet that can be accessed through a special software, commonly Tor (The Onion Router), which hides the user identity by routing traffic through multiple encrypted servers worldwide. The dark web enables anonymity through onion routing, hidden services and decentralization, which makes tracing identities or locations extremely difficult. 

The dark web is not only used for illegal activities but also for privacy, such as by journalists, activists or people living under strict governments. Another misconception is that it is easily accessible or visiting the dark web is illegal, neither of which is true. Accessing the dark web requires special software and browsing it is legal in most of the countries. It is a collection of several hidden websites, many of which are harmless or used for privacy rather than crime.

Cybercrimes thriving on the dark web

Cybercrime is basically the illegal usage of any communication device to commit or facilitate in committing any illegal act. These crimes are committed through an internet browser, targeting individuals, business groups, or even governments. By cyber criminals, who use their skill and technology to do such malicious acts or illegal activities. 

Cybercriminals look for weak spots in the computer systems and use them to break in. These weak spots can include poor authentication practices, easily guessed or reused passwords, or the absence of robust security frameworks and enforcement policies. Inadequate protection creates openings which are used by these attackers to enter into an organisation’s or a person’s digital infrastructure.

Cybercrime-as-a-service (CaaS) allows people buy tools to commit cyberattacks without having the need to use technical skills. Criminals buy and sell attack tools on encrypted apps and dark-web markets, usually paying with cryptocurrency. Almost every cyberthreat is available as a service”, including phishing, ransomware, malware, Distributed Denial-of-Service (DDoS), botnets, and more. Because of CaaS, cybercriminals do not require technical skills anymore, they can just purchase whatever they need. 

Why existing laws struggle to keep up

The greatest challenge in regulating cybercrime is that the internet has no borders. A criminal from one country can target someone in another country, making it difficult to decide which country’s laws are applicable and which authorities have the right to investigate. Even when the law enforcement knows where the attack has been originated, advanced tools like Tor networks, VPNs, and encrypted communication makes it extremely difficult to identify criminals. 

Another major issue that we face is that our technology changes much faster than our laws do. The cybercriminals quickly adopt to new methods and tools, whereas governments often take years to update the rules. Due to this lag, modern crimes like ransomware attacks, AI-powered scams, and deepfake frauds, do not have properly defined laws. As cyberthreats grow more advanced, it becomes necessary for the laws to be updated more often, and global interaction becomes more important to respond effectively.  

Gathering evidence is a task because digital data is fragile, easy to change and requires skilled experts to handle it properly. Many law enforcement agencies do not have enough trained members to manage complex tasks like data recovery and blockchain analysis. Another major problem is different countries have different cyber laws which makes global cooperation difficult. Low public awareness among the public also creates more opportunities for cybercriminals to strike. 

Case laws that shaped cybercrime enforcement in India

Cyber laws in India primarily revolve around the information technology act, 2000 (IT Act) and the Indian Penal Code (IPC), now the Bhartiya Nyaya Sanhita, 2023 (BNS) and the Bhartiya Nagarik Suraksha Sanhita (BNSS), with several landmark judgements. 

SHREYA SINGHAL vs. UNION OF INDIA (2015)

This a landmark judgement where the Supreme Court of India struck down section 66A of the Information Technology Act 2000, for being vague and unconstitutional. The provision had criminalised offensive messages online, but the ambiguity gave rise to misuse. This judgement upheld freedom of expression on social media and made it clear that people cannot be punished just for sharing criticisms, jokes or opinions that someone finds offensive.

GOOGLE INDIA PVT. LTD. Vs. VISAKA INDUSTRIES (2020)

This case decided by the supreme court of India, dealt with the liability of an intermediary, regarding defamatory content published by third parties. The Supreme Court ultimately refused to overturn the criminal proceedings against Google India, holding that an intermediary that has the power to remove unlawful content but refuses to do so despite receiving notice, may be deemed to have published defamatory material and must therefore face trial. This case reinforces the importance of due diligence by intermediaries and encouraged stronger grievance redressal mechanisms to avoid legal exposure.

K. S. PUTTASWAMY vs. UNION OF INDIA (2017)

Case is a landmark judgement, where a nine-judge Bench of the Supreme Court of India gave a, historic judgment declaring the right to privacy a fundamental right under Article 21 of the Indian Constitution. Though not exclusively a cybercrime case, it played a key role in pushing India to create stronger data protection laws like the Digital Personal Data Protection

Act, 2023. It laid the constitutional foundation for all future digital data rights from WhatsApp privacy policies to Aadhaar authentication norms.

Are our laws outdated?

Most of the cyberlaws today are struggling to keep up with the modern threats. Popular frameworks like the US CFAA, the Budapest Convention. India’s IT Act and even the GDPR were created before the cybercrimes became common. As a result, many rules and laws are considered outdated, or too broad, leaving gaps which are exploited by the criminals. With cybercrime becoming more advanced and global, there is a growing need for updated, flexible and globally coordinated laws to tackle these new digital threats effectively. 

What are the changes required in the future?

To tackle the modern cyberattacks, our laws need to evolve much faster. Technology changes rapidly, but our legal procedures still work on a much slower pace. Several countries also need to work together to deal with the cross-border cybercrimes. Another important step is to improve the regulation of cryptocurrencies and anonymity tools, which are often misused by cyber criminals to hide their identity and purchasing trails. The governments should also invest in cyber forensics, AI-based threat detection and well-trained cyber cell units.  Conclusion

Cybercrime is growing rapidly, and the dark web makes it even more difficult for the authorities to track cybercriminals. The gaps and limitations in our legal system, creates new risks for people, businesses and also the governments. To stay safe in this digital era, countries need to work together, improve cyber laws, strengthen cyber-forensics, and regulate tools that enable anonymity. Only with stronger and flexible laws, we can effectively fight today’s evolving cyberthreats. 

References and Case Citations

https://sopa.tulane.edu/blog/everything-you-should-know-about-dark-web#:~:text=When%20 users%20access%20a%20site%20through%20Tor%2C,illegal%20pornography%20and%20 other%20potentially%20harmful%20materials https://www.blackfog.com/dark-web-and-cybercrime/ https://cybertalents.com/blog/what-is-cyber-crime-types-examples-and-prevention https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/what-is-caas/

https://www.linkedin.com/pulse/top-5-landmark-judgments-shaped-indian-cyber-law-ankeshsingh-tryoc

Jatinder Singh, Jasmine Kaur Ahluwalia, April 2025, Dark Web and Cybercrime: Challenges in Legal Enforcement, Tijer ISSN 2349-9249, Volume 12, Issue 4, https://tijer.org/tijer/papers/TIJER2504057.pdf 

SHREYA SINGHAL vs. UNION OF INDIA, AIR 2015 SC 1523

GOOGLE INDIA PVT. LTD. vs. VISAKA INDUSTRIES, (2020) 4 SCC 162, AIR 2020 SC

350, (2019) 17 SCALE 282, AIROLINE 2019 SC 1708

  1. S. PUTTASWAMY vs. UNION OF INDIA, AIR 2017 SC04161, (2017) 10 SCC

Leave a Comment

Your email address will not be published. Required fields are marked *

Lex Lumen Research Journal (LLRJ) ISSN:3048-8702(O) is a latest open-access, double-blind, peer-reviewed, quarterly e-journal dedicated to advancing legal research and scholarship. The journal serves as a platform for legal scholars, practitioners, academicians, and students to engage in intellectual dialogue, explore emerging legal issues.We publish a wide range of scholarly works, including original research articles, case studies, legislative reviews, and analyses of current legal issues.LLRJ upholds the UGC’s suggestive parameters for academic journals and is recognized and indexed in multiple reputed academic databases, including Manupatra Articles, Google Scholar, SJIF, Advanced Science Index, ISIFI, Academic Resource Index, and IIFS.” Every published work is assigned a Free DOI (Digital Object Identifier) to ensure global accessibility, academic recognition, and citation credibility.We welcome contributions from authors who are passionate about exploring the depth and diversity of law, and who wish to contribute meaningfully to legal scholarship and reform. 

Instagram Whatsapp Linkedin Envelope

Lex Lumen Research Journal
ISSN:3048-8702(O)
© 2024-2026 licensed under CC BY-NC-SA 4.0.

Developed by SURYA S