The Commercial Future of the Dark Web: Interview with Douglas M. DePeppe, Cyberlaw Attorney/Cybersecurity Expert

March 5, 2015

Tor$$$$$In researching the future of the Dark Web and its importance to corporate commerce, I sought the expertise of Douglas M. DePeppe, Cyberlaw Attorney/Cybersecurity Expert and cyberlaw practice lead at Aspire IP, with decades of experience studying and advising government and private interests on a wide range of Dark Web legal and security issues. This blog post covers our introductory conversation last week.

The first question I posed to Mr. DePeppe is whether legitimate companies should be preparing to do business in the Dark Web. Would companies not involved in any of the criminal activities for which the Dark Web has become famous (drugs, pedophelia, sale of counterfeit goods) realize any benefits to opening up redundant websites at .onion addresses (the primary address in the Dark Web), with which users could anonymously interact and conduct business? The premise is that if there are millions of users in the Dark Web space, why not reach out to them in their own, at least part-time, habitat. Whether or not that also would necessitate the acceptance of Bitcoin for payment is a separate issue, although a great number of major brick-and-mortar and surface web companies, including Subway, Amazon, Sears, and Victoria’s Secret,  and recently Dell, have  already have taken that step. However, perhaps more than direct buy/sell/hire transactions on the Dark Web, a likelier scenario might be Dark Web use for intelligence purposes.

Mr. DePeppe says that pursuing business in the Dark Web remains a viable (legitimate enterprise) commercial endeavor, for such activities as mining for consumer intelligence and trend analysis. This concurs with a recent Computer Weekly article, which asserted that “darknet technologies have legitimate security uses”.  According to Mr. DePeppe, there remain, however, considerable trust issues in the Dark Web that will dissuade companies (including service companies like lawyers and accountants) from widespread use of Dark Web sites and services. In his words, there is a “lack of perceived legitimacy” that dissuades such use. In particular, there is a concern in many industries of verifying the actual “client” with whom you are dealing. This, he says, has been an issue in numerous investigations he has handled, in which confidence in and verification of the source of information were key factors.  Yet, he also emphasized that commercial corporate intelligence must come to appreciate the treasure trove of intelligence residing on the Dark Web, and to work with cyber intelligence vendors, within a framework that assures vetting, trust, and legitimacy.

In addition, there are issues of maintained anonymity and disincentives for users—particularly corporate users — to “mix” Dark Web activities with surface web and offline activities. Further with respect to competitive intelligence-gathering, DePeppe indicates that future law developments in governing legitimate business conduct with entities that (also) have connections to criminal activity are unknown, implicating risks for legitimate enterprises’ pursuit of business on the Dark Web. In addition, there are questions as to whether future laws will criminalize the use of certain Dark Web technologies that have both legitimate uses and criminal uses. Mr. DePeppe envisions that in addition to intelligence uses, services in the Dark Web will remain popular vehicles for secure business communications.

In sum, the commercial future of the Dark Web for legitimate businesses remains fraught with trust issues as well as potential legal risks from its association with criminal actors and tools developed for criminal activities. The likeliest short-term scenario for legitimate business will be for security and intelligence analysis and for secure communications. Longer-range, legitimate retail deployment of the Dark Web remains more unpredictable, DePeppe indicated.

My next blog will address the issue of trade secret violations on the Dark Web, and recent developments that could result in expansion of that problem for corporate interests.