DARK WEB AND ENCRYPTED NETWORKS: ENFORCEMENT DIFFICULTIES IN INDIA

Leave a Comment / Legal Articles / By

Published On: December 9th 2025

Authored By: Pooja Ajay Talim
Thakur Ramnarayan College of Law

Abstract

The rapid development and growth of cyber technology has revolutionized law enforcement around the world. Although digital networks present huge economic and social opportunities, they also facilitate high-tech new categories of criminality. The “dark web” and encrypted networks embody the two-sided sword here: they facilitate anonymity and privacy but at the same time become channels for cybercrime, terrorism, and illicit commerce. In India, law enforcement against such platforms is hindered by distinguishing challenges stemming from legislative vacancies, technological sophistication, and constitutional limitations. This article examines India’s legal regime, judicial reactions, and enforcement challenges related to the dark web and encrypted communications. It compares India’s response with international practices and provides policy guidelines for an equitable, rights-aware regime of enforcement.

Introduction

The evolution of the dark web has revolutionized the world of cybercrime. Just like the surface web is accessed by ordinary browsers and its pages are indexable by search engines, the dark web hosts its content on encrypted overlay networks like The Onion Router (Tor) and Invisible Internet Project (I2P). These networks do not reveal user identities nor their activities, giving rise to an environment that allows legitimate as well as illicit traffic. Cybercriminals exploit such networks’ obscurity for committing drug trafficking, weapons trafficking, human trafficking, cyber frauds, and child sexual abuse material (CSAM) trafficking.1,2

End-to-end encrypted communications like WhatsApp, Signal, and Telegram severely inhibit enforcement operations. Such services by their very nature do not grant the provider access to users’ data such that even with court permission, investigators cannot access helpful evidence. This point of technology creates a basic dilemma: how do law enforcement officers battle serious cybercrime while safeguarding citizens’ very basic rights of privacy and freedom of expression as Article 21 of the Indian Constitution offers?10

This article considers India’s statutory and policy landscape concerning the dark web and encrypted networks. It first outlines statutory and institutional architectures, then considers leading issues of enforcement, and its related case law and comparative approaches. The study concludes with policy directions towards strengthening India’s cyber-legal ecosystem.

Legal Framework in India

Information Technology Act, 2000

The Information Technology Act of 2000 (“IT Act”) remains the foundational statute governing cybercrime in India. Passed two decades ago, even then most of its sections outright apply to encrypted as well as dark web activities.

  • Section 66F criminalises cyber terrorism, including unauthorized access to information with intent to threaten India’s sovereignty, integrity, or security.1
  • Section 67 criminalises the publication or transmission of obscene or sexually explicit material, a Section that expressly applies to CSAM transmitted over the dark web.2
  • Section 69 grants the prerogative upon the government of providing directions for intercepting, recording, and decrypting information by any computer resource for ational security, public order, or while preventing a crime.³
  • Section 79 grants conditional safe-harbour immunity from liability to such intermediaries as ISPs and message apps if they exercise reasonable diligence and comply with government demands for data.4

Notwithstanding such provisions, the IT Act does not specifically delineate nor control the “dark web.” It is dependent upon the traditional definitions of “computer resources,” creating law enforcement blind spots when faced with overlay networks that anonymize.7

Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023

The Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023,5 has superseded the Indian Penal Code (IPC), 1860, as also the Code of Criminal Procedure (CrPC), 1973, bringing about substantial reforms in India’s criminal law system. This modernization addresses the complexities of cybercrimes, secure communications, and electronic evidence.

Cybercrime and Terrorism Offenses

In the BNSS, the previously defined cases of the IPC such as cheating (Section 420), criminal conspiracy (Section 120B), and obscenity (Sections 292 – 293) have been redefined and subsumed by the new legislation. Terrorism-related cases are otherwise handled by the Unlawful Activities (Prevention) Act, 1967, while intensified provisions hold for cyber cases.

Search, Seizure, and Digital Evidence

The BNSS provides extensive guidelines on the search and seizure of computing equipment:

Protocols for Search and Seizure: Section 105 provides that each search and seizure mission shall be recorded by way of audio-visual electronic means to ensure transparency and accountability.

PRS Legislative Research

Retention of Seized Materials: Seized documents and electronic devices may be held for a duration of one month after the end of the quarter in which the assessment order is issued, thereby offering clearer guidelines.

CAG

In relation to digital evidence, Bharatiya Sakshya Adhiniyam (BSA), 20236

Admissibility of Digital Evidence: Section 63 of BSA makes provisions regarding circumstances of admissibility of electronic records before court proceedings but emphasizes certification and authenticity.

Institutional Background and Coordination

There are multiple entities that are responsible for enforcing cyber laws. These are –

Indian Cyber Crime Coordination Centre (I4C) : This is headed by the Ministry of Home Affairs and focuses on cybercrime coordination and prevention.

It is headed by the Ministry of Electronics and Information Technology (MeiY), India’s national nodal agency for cybersecurity response.

State Police Cyber Cells are responsible for state-level cybercrime cases. Despite these efforts, coordination challenges between these entities can undermine timely responses to cyber threats.

Enforcement Challenges

Anonymity and Encryption

The BNSS and BSA recognize the challenges that technologies such as Tor and Virtual Private Networks (VPNs), because they obscure user identities, present, as well as end-to-end encryption that encrypts contents of communications. Although such technologies make attribution and access to communications content hard, there exists a legal framework that offers mechanisms of alleviating such challenges:

  • Section 94 of the BNSS also allows law enforcement officers to force production of electronically transmitted communications like encrypted information while investigating.
  • Section 63 of the BSA holds that electronic communications such as encrypted communications, will be prima facie admissible if they also have defined requirements such as the proper functioning of the device and utilization at reasonable intervals.

Practical challenges continue with decrypting data and attributing actions to entities, especially when anonyming technologies are involved.

Cryptocurrency Transactions

These black markets frequently use cryptocurrencies such as Bitcoin and Monero that provide pseudonymity.9 While blockchain analysis software will identify some of the transactions, they need advanced expertise and sometimes do not identify wallet addresses with actual identities. The law tackles these issues by:

  • Section 94 of the BNSS giving powers of seizure of digital assets such as cryptocurrencies while investigating.
  • Section 63 of the BSA envisaging that blockchain records shall be admissible as original evidence when they meet the parameters provided.

Despite such measures, the anonymous nature of cryptocurrencies continues to present tremendous challenges when tracing transactions against individuals.

Constitutional Rights Concerns

The K.S. Puttaswamy v. Union of India10 case secured privacy as an Article 21 fundamental right by the judgment of the Supreme Court. This judgment prohibits the government from requiring decryption or imposing traceability. IT (Intermediary Guidelines) Rules of 2021 11 impose an obligation on messaging apps to provide for identification of the “first originator” of a message. Critics contend that such legislation defeats end-to-end encryption and constitutional entitlements.

Judicial Precedents and Case Studies

Although Indian jurisprudence on the dark web is limited, several cases illustrate broader cyber-law challenges.

  • Shreya Singhal v. Union of India (2015)12: The SC struck down Section 66A of the IT Act as unconstitutional for chilling public speech. This case demonstrates court skepticism of overbroad cyber laws.
  • Suhas Katti v. State of Tamil Nadu (2004)13 : was one of the earliest convictions for cybercrime in India, relating to lascivious communications transmitted over a Yahoo chat room, and was tried by Section 67 of the Information Technology Act.
  • Narcotics Control Bureau Dark Web Crackdowns (2021): The NCB detained several individuals for buying psychotropic substances from dark web marketplaces, following shipments from postal services and Bitcoin transactions.These operations demonstrate investigating brilliance but also slow-moving conventional enforcement

Policy Analysis and Recommendations

Legislative Reform

  • Simultaneously, amend the IT Act only to incorporate dark web crimes and encrypted networks.

  • Define new offenses, including operating illegal online marketplaces, distributing CSAM on dark web platforms, and cryptocurrency-enabled money laundering.

  • Amend Section 69 to provide secure protections to pass constitutional proportionality tests.

Strengthening Institutional Capacity

  • Expand dedicated cybercrime police units at the state and district levels.
  • Invest in sophisticated forensic equipment that does blockchain analysis, conducts artificial intelligence-based investigation, and de-anonymizes individuals.
  • Educate investigators, prosecutors, and judges frequently on cyber law and forensic methods.

International Cooperation

  • Negotiate bilateral agreements with major service providers and recipient jurisdictions.
  • Develop South Asian regional collaborations towards cooperative cyber enforcement strengthening.

Engagement with Private Sector

  • Support legal access options that do not violate end-to-end encryption, like client-side scanning with protections.

  • Facilitate synchronized public-private information sharing to recognize potential threats earlier.

  • Enjoin firms to co-operate under safe-harbor provisions of standards of due diligence.

Public Awareness

  • Initiate nationwide awareness programs to inform citizens about the risks associated with dark web marketplaces.
  • Partner with schools and universities to encourage cyber hygiene and foster responsible online conduct.

Conclusion

The evolution of the dark web, end-to-end encryption of communications, and cryptocurrencies for transactions revolutionized the character of cybercrime against India with prospects of privacy but challenges for law enforcement. While such technologies secure user privacy and anonymity, they are simultaneously used for illicit purposes that test conventional policing paradigms. The Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023, and the Bharatiya Sakshya Adhiniyam (BSA), 2023, offer a new legislative paradigm for criminalizing cybercrime, disposal of digital evidence, and controls over forfeitures of electronic assets. Enforcement is frequently outsmarted by the technical nature of problems, institutional failures of capacity, transborder legal barriers, and constitutional safeguards of privacy.

To offset such developments, an integrated strategy is imperative: revamping laws specifically pertaining to encryption and dark web activities, creating technical strength and human potential, creating cross-border collaboration, involving the private sector on the basis of robust balanced guidelines, and constructing public awareness of internet threats. Further, sustained investment in specialized cyber-forensic laboratories, closer cooperation with global organizations like INTERPOL, and harmonization of Indian rules with international treaties such as the Budapest Convention can help bridge enforcement gaps. India will only be able to develop an effective cyber-legal environment that is strong as well as rights-friendly and able to counter newer cyber threats while maintaining freedom on the internet.To offset such developments, an integrated strategy is imperative: revamping laws specifically pertaining to encryption and dark web activities, creating technical strength and human potential, creating cross-border collaboration, involving the private sector on the basis of robust balanced guidelines, and constructing public awareness of internet threats. Further, sustained investment in specialized cyber-forensic laboratories, closer cooperation with global organizations like INTERPOL, and harmonization of Indian rules with international treaties such as the Budapest Convention can help bridge enforcement gaps. India will only be able to develop an effective cyber-legal environment that is strong as well as rights-friendly and able to counter newer cyber threats while maintaining freedom on the internet.

REFERENCES

  1. Information Technology Act, No. 21 of 2000, § 66F, INDIA CODE (2000).
  2. Id. § 67.
  3. Id. § 69.
  4. Id. § 79.
  5. Bharatiya Nagarik Suraksha Sanhita, 2023, Act No. 46 of 2023.
  6. Bharatiya Sakshya Adhiniyam, 2023 (India)
  7. Digital Personal Data Protection Act, No. 22 of 2023, INDIA CODE (2023).
  8. Debopama Bhattacharya, The Dark Web and Regulatory Challenges (Manohar Parrikar Inst. for Def. Stud. & Analyses, Issue Brief, July 23, 2021), https://idsa.in/system/files/issuebrief/ib-the-dark-web-dbhattacharya.pdf
  9. Convention on Cybercrime, Nov. 23, 2001, E.T.S. No. 185.
  10. K.S. Puttaswamy v. Union of India, (2017) 10 S.C.C. 1 (India).
  11. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, G.S.R. 139(E), Gazette of India, Mar. 25, 2021 (India).
  12. Shreya Singhal v. Union of India, A.I.R. 2015 S.C. 1523 (India).
  13. Suhas Katti v. State of Tamil Nadu, C.C. No. 4680 of 2004 (Metropolitan Magistrate, Egmore, Nov. 5, 2004) (India).
  14. Press Release, Narcotics Control Bureau, NCB Busts Dark Web Drug Syndicate (2021), https://narcoticsindia.nic.in/pressrelease/01_07_25_hq_cochin_darknet.pdf

BIBLIOGRAPHY

  1. Bhattacharya, Debopama. The Dark Web and Regulatory Challenges. Manohar Parrikar Institute for Defence Studies & Analyses, Issue Brief, July 23, 2021. https://idsa.in/system/files/issuebrief/ib-the-dark-web-dbhattacharya.pdf
  2. Convention on Cybercrime, Nov. 23, 2001, E.T.S. No. 185
  3. Digital Personal Data Protection Act, No. 22 of 2023, INDIA CODE (2023)
  4. Indian Evidence Act, No. 1 of 1872, § 65B, INDIA CODE (1872)
  5. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, G.S.R. 139(E), Gazette of India, Mar. 25, 2021 (India)
  6. Information Technology Act, No. 21 of 2000, §§ 66F, 67, 69, 79, INDIA CODE (2000)
  7. K.S. Puttaswamy v. Union of India, (2017) 10 S.C.C. 1 (India)
  8. Narcotics Control Bureau. Press Release: NCB Busts Dark Web Drug Syndicate. 2021. https://narcoticsindia.nic.in/pressrelease/01_07_25_hq_cochin_darknet.pdf
  9. Shreya Singhal v. Union of India, A.I.R. 2015 S.C. 1523 (India)
  10. Suhas Katti v. State of Tamil Nadu, C.C. No. 4680 of 2004 (Metropolitan Magistrate, Egmore, Nov. 5, 2004) (India)

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe
Subscribe
Scroll to Top